https://github.com/bmarwell/shiro-jwt-showcase

A Showcase project for using Apache Shiro with JWT as Token
https://github.com/bmarwell/shiro-jwt-showcase

Last synced: 3 months ago
JSON representation

A Showcase project for using Apache Shiro with JWT as Token

• Host: GitHub
• URL: https://github.com/bmarwell/shiro-jwt-showcase
• Owner: bmarwell
• License: apache-2.0
• Created: 2022-04-08T21:28:56.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2025-03-14T17:51:59.000Z (3 months ago)
• Last Synced: 2025-03-14T18:44:36.874Z (3 months ago)
• Language: Java
• Size: 298 KB
• Stars: 10
• Watchers: 1
• Forks: 2
• Open Issues: 11
• Metadata Files:
  • Readme: README.adoc
  • License: LICENSE

Awesome Lists containing this project

README

        
= Apache Shiro with JWT as Token Showcase

:toc: macro

:toclevels: 4

:idprefix:

:icons: font

https://github.com/bmarwell/shiro-jwt-showcase/actions/workflows/maven.yaml[image:https://github.com/bmarwell/shiro-jwt-showcase/actions/workflows/maven.yaml/badge.svg[Maven

CI]]

https://opensource.org/licenses/Apache-2.0[image:https://img.shields.io/badge/License-Apache_2.0-blue.svg[License]]

https://renovatebot.com[image:https://img.shields.io/badge/renovate-enabled-brightgreen.svg[Renovate]]

link:https://openliberty.io/[image:https://img.shields.io/badge/AppServer-Open%20Liberty-blue[AppServer]]

*Blog article:* https://blog.bmarwell.de/2022/04/26/apache-shiro-jwt-authentication-jjwt.html[Apache Shiro: JWT Realm Authentication with JJWT] 🇬🇧.

This project is a showcase how you can use https://shiro.apache.org[Apache Shiro] with JWTs (pronounced: jots).

The idea here is to use as few shipped dependencies as possible.

All dependencies possible should be provided by an JavaEE application server.

toc::[]

== Tech stack

* https://shiro.apache.com[Apache Shiro] (Security Framework)

* https://maven.apache.org[Apache Maven] (Build Tool)

* JAX-RS 2.1 (Web Framework)

* https://github.com/jwtk/jjwt[JJWT] with custom JSON-B serializer (Showcase Tech implementation)

Additional used tech which is optional / swappable:

* https://openliberty.io[IBM OpenLiberty] (any JavaEE + MP application server should do)

* Jakarta CDI 2.0

* Jakarta JSON-B

* MicroProfile Config 2.0

== Sub-Projects

Execute them using `./mvnw am -pl  liberty:dev`.

keystore::

Common keystore/truststore for the issuer and finish server for validating JWS tokens.

issuer::

The issuing server to get a JWT from.

Not part of the tutorial, usually transparent for your application.

+

Starts at port 9081 as a side server.

Curl using `curl -H 'accept: application/json' -H 'content-type: application/json' -v -d '{ "username": "me", "password": "me" }' --url "http://localhost:9081/login?roles=admin,user"`.

Credentials are irrelevant, as long as they are the same.

start::

Tutorial start setup.

finish::

Tutorial finish setup.