https://github.com/chamikathereal/j2ee-security-jwt-with-db
A practical Java EE project demonstrating secure JWT-based authentication and role-based authorization with a database-backed identity store, Hibernate, and Jakarta EE Security APIβideal for learning modern, stateless security in enterprise applications.
https://github.com/chamikathereal/j2ee-security-jwt-with-db
api-rest authentication jakartaee java java-automation javaee jwt jwt-authentication jwt-token
Last synced: 11 months ago
JSON representation
A practical Java EE project demonstrating secure JWT-based authentication and role-based authorization with a database-backed identity store, Hibernate, and Jakarta EE Security APIβideal for learning modern, stateless security in enterprise applications.
- Host: GitHub
- URL: https://github.com/chamikathereal/j2ee-security-jwt-with-db
- Owner: chamikathereal
- Created: 2025-06-27T12:37:17.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-06-27T14:05:47.000Z (12 months ago)
- Last Synced: 2025-06-27T15:26:34.364Z (12 months ago)
- Topics: api-rest, authentication, jakartaee, java, java-automation, javaee, jwt, jwt-authentication, jwt-token
- Language: Java
- Homepage:
- Size: 4.06 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# π J2EE-Security-JWT-With-db
## π Project Overview
**J2EE-Security-JWT-With-db** is a practical Java EE project that demonstrates secure authentication and role-based authorization using JSON Web Tokens (JWT) and a database-backed identity store. The project leverages Jakarta EE Security API, JAX-RS for RESTful endpoints, Hibernate ORM for persistence, and MySQL for data storage. It is ideal for learning how to build modern, stateless, and scalable authentication systems in enterprise Java applications.
---
## π½οΈ Demo Video
[](https://youtu.be/sSrRBxIvBqo)
---
## ποΈ Project Structure
```
J2EE-Security-JWT-With-db/
βββ src/
β βββ main/
β β βββ java/
β β β βββ lk.jlat.app.security/
β β β βββ config/
β β β β βββ AppConfig
β β β βββ controller/
β β β β βββ AuthController
β β β βββ model/
β β β β βββ User
β β β βββ security/
β β β β βββ AppIdentityStore
β β β β βββ AuthMechanism
β β β β βββ Credentials
β β β βββ service/
β β β β βββ LoginService
β β β βββ servlet/
β β β β βββ Login
β β β β βββ Profile
β β β βββ util/
β β βββ resources/
β β β βββ META-INF/
β β β βββ persistence.xml
β β βββ webapp/
β β βββ user/
β β β βββ index.jsp
β β βββ WEB-INF/
β β β βββ web.xml
β β βββ index.jsp
β β βββ login.jsp
βββ pom.xml
```
[See full structure and code in the attached file][1]
## π¦ Module Details
#### π¦ **config**
- **AppConfig**
Configures the JAX-RS application path (`/api`) for all REST endpoints.
##
#### π¦ **controller**
- **AuthController**
REST controller for authentication endpoints (`/auth/login`, `/auth/register`). Handles login requests, validates credentials, and issues JWT tokens.
##
#### π¦ **model**
- **User**
JPA entity representing a user with username, password, and a set of roles. Used for authentication and authorization.
##
#### π¦ **security**
- **AppIdentityStore**
Custom identity store that validates user credentials and retrieves roles from the database using the `LoginService`.
- **AuthMechanism**
Custom HTTP authentication mechanism that supports both JWT-based and form-based authentication, using the Jakarta EE Security API.
- **Credentials**
POJO representing username and password for authentication requests.
##
#### π¦ **service**
- **LoginService**
Handles user validation and role retrieval from the database using JPA and Hibernate.
##
#### π¦ **servlet**
- **Login**
Servlet for processing login requests and authenticating users.
- **Profile**
Servlet for displaying the user profile page, secured with role-based access control annotations.
##
#### π¦ **util**
- **JWTUtil**
Utility class for generating and validating JWT tokens, embedding username and roles as claims.
##
#### π¦ **resources/META-INF**
- **persistence.xml**
JPA configuration file for Hibernate and MySQL integration.
##
#### π¦ **webapp**
- **user/index.jsp**
User dashboard, accessible only to authenticated users with the appropriate role.
- **WEB-INF/web.xml**
Declarative security configuration for protected resources and role mappings.
- **login.jsp**
Custom login form for user authentication.
- **index.jsp**
Public landing page.
## βοΈ Key Features
- β
Secure JWT-based authentication for REST APIs
- β
Database-backed user and role management with Hibernate (JPA)
- β
Custom identity store and authentication mechanism (Jakarta EE Security API)
- β
Stateless session management using JWTs
- β
Role-based access control for servlets and endpoints
- β
Clean, modular Maven project structure
## π‘ How It Works
- **User Authentication:**
Users authenticate via REST (`/api/auth/login`) or form. Credentials are validated against the database. On success, a JWT is issued containing the username and roles.
- **JWT Validation:**
Protected endpoints require a valid JWT in the `Authorization` header (`Bearer `). The custom authentication mechanism parses and validates the token, extracting user identity and roles for access control.
- **Role-Based Authorization:**
Access to servlets and JSPs is protected using declarative (`web.xml`) and annotation-based security. Only users with appropriate roles can access secured resources.
- **Session Management:**
Stateless authentication is achieved using JWTs, eliminating the need for server-side session storage.
- **Database Integration:**
User credentials and roles are stored in MySQL and managed via Hibernate/JPA.
## π οΈ Technologies Used
- Java 11
- Jakarta EE 10 (JAX-RS, Security API, Servlet, JPA)
- Hibernate ORM
- MySQL
- JJWT (io.jsonwebtoken)
- Maven
## π Learning Outcomes
- β
Implement JWT-based authentication and authorization in Java EE
- β
Integrate database-backed identity management with Hibernate
- β
Secure RESTful APIs and web resources with modern best practices
- β
Build scalable, stateless, and secure enterprise Java applications
## π§βπ» Author
Chamika Gayashan
Undergraduate Software Engineer | Sri Lanka
Linkedin: @chamikathereal
Current date: Friday, June 27, 2025, 6:30 PM +0530