https://github.com/nasruddin/spring-boot-3-jwt-auth
:key: Sample Spring boot application secured using JWT auth in custom header(X-Auth-Token).
https://github.com/nasruddin/spring-boot-3-jwt-auth
authentication authorization custom-jwt custom-jwt-auth jwt jwt-tokens openapi3 spring-boot spring-boot-3 spring-security spring-security-jwt swagger-documentation swagger-ui
Last synced: about 2 months ago
JSON representation
:key: Sample Spring boot application secured using JWT auth in custom header(X-Auth-Token).
- Host: GitHub
- URL: https://github.com/nasruddin/spring-boot-3-jwt-auth
- Owner: Nasruddin
- License: mit
- Created: 2016-02-07T11:17:36.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-09-28T19:47:39.000Z (over 1 year ago)
- Last Synced: 2025-03-31T02:34:33.480Z (3 months ago)
- Topics: authentication, authorization, custom-jwt, custom-jwt-auth, jwt, jwt-tokens, openapi3, spring-boot, spring-boot-3, spring-security, spring-security-jwt, swagger-documentation, swagger-ui
- Language: Java
- Homepage:
- Size: 1.21 MB
- Stars: 110
- Watchers: 6
- Forks: 32
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# spring-boot-3-jwt-auth
:key: Sample Spring boot 3 application for Authentication and Authorization
## Features
* Customizable header(X-Auth-Token) to pass Auth token.
* JWT for token creation and validation.
* Role based authorization.
* Device based auth.
* Custom Validators
* Spring doc.
## Running the sample app
```
mvn spring-boot:run
```
## Registering a User
```
curl -X POST "http://localhost:9000/api/auth/register" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\":\"nasruddin\",\"password\":\"p@ssw00d\",\"device\":\"web\",\"email\":\"[email protected]\"}"
```
```
{
"id":2,
"username":"nasruddin",
"password":"$2a$10$U3CR4T1Gowd50Q.0yK/UuOh.XWVx0BYIe7BiAmymXZ.MYPUtU5F.e",
"email":"[email protected]",
"lastPasswordReset":"2023-09-14T08:41:10.080+00:00",
"authorities":"ADMIN"
}
```
H2-console can be accessed at
## Login a User / Fetch Token
```
curl -X POST "http://localhost:9000/api/auth" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\":\"nasruddin\",\"password\":\"p@ssw00d\",\"device\":\"web\"}"
```
```
{"token":"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJuYXNydWRkaW4iLCJhdWRpZW5jZSI6IndlYiIsImNyZWF0ZWQiOjE2OTQ2ODE2ODE3MDUsImV4cCI6MTY5NTI4NjQ4MX0.MydwIWzN3SgCvB8cYozKcR2tHMCM5nrIPXUBtx4o82ot1taL_NQM5TRHZ4yOc9uUcZFrz1XQAL_fDNXAIwmZxw"}
```
## Accessing User/Protected API
Without setting X-AUTH-TOKEN
```
curl -X GET "http://localhost:9000/api/user/nasruddin" -H "accept: */*"
```
```
{
"timestamp":"2023-09-14T08:57:08.403+00:00",
"status":401,
"error":"Unauthorized",
"path":"/api/user/nasruddin"
}
```
With setting X-AUTH-TOKEN
```
curl -X GET "http://localhost:9000/api/users/nasruddin" -H "accept: */*" -H "X-Auth-Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJuYXNydWRkaW4iLCJhdWRpZW5jZSI6IndlYiIsImNyZWF0ZWQiOjE2OTQ2ODE2ODE3MDUsImV4cCI6MTY5NTI4NjQ4MX0.MydwIWzN3SgCvB8cYozKcR2tHMCM5nrIPXUBtx4o82ot1taL_NQM5TRHZ4yOc9uUcZFrz1XQAL_fDNXAIwmZxw"
```
```
{
"id":1,
"username":"nasruddin",
"password":"$2a$10$dq6uFlehtetsfI6glLkA.OaeoIEu5PPqIVNZHDMCCiEej8b/0vhWa","email":"[email protected]",
"lastPasswordReset":"2023-09-14T08:42:37.758+00:00",
"authorities":"ADMIN"
}
```
## Admin API
```
curl -X GET "http://localhost:9000/api/admin" -H "accept: */*" -H "X-Auth-Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJuYXNydWRkaW4iLCJhdWRpZW5jZSI6IndlYiIsImNyZWF0ZWQiOjE2OTQ2ODE2ODE3MDUsImV4cCI6MTY5NTI4NjQ4MX0.MydwIWzN3SgCvB8cYozKcR2tHMCM5nrIPXUBtx4o82ot1taL_NQM5TRHZ4yOc9uUcZFrz1XQAL_fDNXAIwmZxw"
```
```
:O
```
## OpenAPI Swagger
1. Swagger can be accessed at
2. API Docs can be accessed at
