{"id":29410239,"url":"https://github.com/zainabed/zainabed-spring-security-jwt","last_synced_at":"2025-07-11T06:02:08.532Z","repository":{"id":57729981,"uuid":"157352990","full_name":"zainabed/zainabed-spring-security-jwt","owner":"zainabed","description":"Authentication \u0026 Authorization module for standalone Spring Boot app or Spring Cloud applications","archived":false,"fork":false,"pushed_at":"2018-11-28T04:18:50.000Z","size":78,"stargazers_count":25,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"develop","last_synced_at":"2025-07-09T14:49:02.902Z","etag":null,"topics":["jwt-authentication","spring-boot","spring-cloud","spring-security"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zainabed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-13T09:19:56.000Z","updated_at":"2025-07-05T10:19:30.000Z","dependencies_parsed_at":"2022-09-07T20:23:46.676Z","dependency_job_id":null,"html_url":"https://github.com/zainabed/zainabed-spring-security-jwt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zainabed/zainabed-spring-security-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fzainabed-spring-security-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fzainabed-spring-security-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fzainabed-spring-security-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fzainabed-spring-security-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zainabed","download_url":"https://codeload.github.com/zainabed/zainabed-spring-security-jwt/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fzainabed-spring-security-jwt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264744251,"owners_count":23657449,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwt-authentication","spring-boot","spring-cloud","spring-security"],"created_at":"2025-07-11T06:01:26.850Z","updated_at":"2025-07-11T06:02:08.517Z","avatar_url":"https://github.com/zainabed.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Zainabed Spring Security JWT\n\n[![Build Status](https://dev.azure.com/zainabed/spring-security-jwt/_apis/build/status/zainabed.spring-security-jwt)](https://dev.azure.com/zainabed/spring-security-jwt/_build/latest?definitionId=1)\n\nSecurity JWT makes it easy to configure authentication and authorization security system into Spring Boot applications. It secures application with few configurations.  \n\nOur objectives are\n  - Application specific authentication\n  - Decouple authentication \u0026 authorization\n  - Configurable JWT token based security\n\n### Concept\n\n##### Authentication\n\nSpring Security Jwt uses `Basic Authentication` schema to validate user.\n\nBasic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains user credentials.\nAuthorization header is constructed using string `username:password` encoded in `Base64` and prefixed with String `Basic`\n\n```\nAuthorization: Basic dGVzdDp0ZXN0\n```\n\n##### Authorization\n\nOnce the user is logged in, Spring Security JWT creates JWT token as HTTP response to client. \n\nResponse example\n```\n{\n    token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\n    type: Bearer\n    refereshToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\n}\n```\nThen each subsequent request will have to include the JWT token, allowing the user to access resources that are permitted with that token. \n\nWhenever the user wants to access a protected resource, the client should send the JWT token in the `Authorization` header using the `Bearer` schema. The content of the header should look like the following:\n```\nAuthorization: Bearer \u003ctoken\u003e\n```\n\n\n\n### Installation\n\nUse your favorite Maven-compatible build tool to pull the dependencies from Maven Central\n\n#### Maven\n\n```xml\n\u003cdependency\u003e\n  \u003cgroupId\u003ecom.zainabed.spring\u003c/groupId\u003e\n  \u003cartifactId\u003ezainabed-spring-security-jwt\u003c/artifactId\u003e\n  \u003cversion\u003e1.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n#### Configuration\nFirst step is to enable JWT security by extending `JwtWebSecuriy` class and annotation it with `@EnableJwtSecurity`.\n\n\n```java\n    import com.zainabed.spring.security.jwt.annotation.EnableJwtSecurity;\n    import com.zainabed.spring.security.jwt.security.JwtWebSecuriy;\n\n    @EnableJwtSecurity\n    public class ApplicationWebSecurity extends JwtWebSecuriy{\n    }\n```\n\nSecond step is to set JWT properties in `application.properties` file.\n\n```javascript\njwt.token.secret= \u003csecret value\u003e\njwt.token.expiration= \u003cexpiration time in seconds\u003e\n```\n\nThis is common configuration to enable both authentication and authorization.\n\n\n\n##### Authentication\nTo activate authentication define JWT authentication property and set value as true.\n\n```javascript\njwt.authentication=true\n```\n\nAuthentication is mapped at `\"/auth\"` route. To generate JWT token HTTP POST request should call \"/auth\" request with Basic Authentication header which should include user credentials which should be encoded with Base64\n\n\n```\nURL: http://localhost:8080/auth\n\nHeader:\nAuthorization: Basic \u003cusername-value:password-value\u003e\n```\n```\nAuthorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l\n```\n\nSecurity authentication controller let you to define your own authentication module to verify user credential. to do so you have to implement `JwtAuthenticationService` and annotate it with `@Service`.\n\n```java\n@Service\npublic class JwtAuthenticationServiceImpl implements JwtAuthenticationService {\n\n\t@Override\n\tpublic UserDetail authenticate(UserCredential userCredential) throws AuthenticationException {\n\t\t// Define your own authentication mechanism and return result as UserDetail object\n\t}\n\n}\n```\n\n##### Authorization\nAuthorization process get activated when you define token secret and expiration time in properties file and extend `JwtWebSecuriy` , you can secure you REST controller as\n\n```java\n@RestController\n@RequestMapping(value = \"/test\")\npublic class TestControlller {\n\n\t@Secured(\"ROLE_USER\")\n\t@RequestMapping(value = \"/user\", method = RequestMethod.GET)\n\tpublic String testUserWithRole() {\n\t\treturn \"Test user with User role.\";\n\t}\n\n\t@Secured(value = \"ROLE_ADMIN\")\n\t@RequestMapping(value = \"/admin\", method = RequestMethod.GET)\n\tpublic String testAdmin() {\n\t\treturn \"Test user with Admin role.\";\n\t}\n}\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzainabed%2Fzainabed-spring-security-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzainabed%2Fzainabed-spring-security-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzainabed%2Fzainabed-spring-security-jwt/lists"}