https://github.com/tfkfan/mtls_jwt_demo

spring-boot mtls+stateless JWT authentication demo
https://github.com/tfkfan/mtls_jwt_demo

jwt mtls spring-boot

Last synced: 8 months ago
JSON representation

spring-boot mtls+stateless JWT authentication demo

• Host: GitHub
• URL: https://github.com/tfkfan/mtls_jwt_demo
• Owner: tfkfan
• Created: 2023-11-28T16:55:48.000Z (almost 2 years ago)
• Default Branch: master
• Last Pushed: 2024-04-01T13:23:05.000Z (over 1 year ago)
• Last Synced: 2025-01-14T23:32:47.001Z (9 months ago)
• Topics: jwt, mtls, spring-boot
• Language: Java
• Homepage:
• Size: 34.2 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.MD

Awesome Lists containing this project

README

          
# Mutual TLS + JWT authentication spring boot example

Not for development/production use

This project is designed to better understand how tls protocol 

and JWT tokens processing work. JWT/auth components, filters etc are already implemented in 

spring-boot-starter-oauth2-resource-server and spring-boot-starter-oauth2-client

## Keys generation

Because MTLS is bi-directional secured communication 

we need to generate keypairs for client and server both as well to encrypt each other's data

### Ca keypair generation

    sh generate-ca.sh

### Server keypair, keystore, truststore generation

    sh generate-ssl.sh ./ca server ssl-server.cnf

### Client keypair, keystore, truststore generation 

    sh generate-ssl.sh ./ca client ssl-client.cnf

## Spring boot application settings

Use /config/application.yml with already defined settings for your app

Put already generated keystore.jks and truststore.jks into src/main/resources

Run from project root

    mvn clean package

    java -jar ./target/MTLS_JWT_DEMO-1.0-SNAPSHOT.jar

## Requests

First of all, we need to authenticate via JWT controller over HTTPs/MTLS and get bearer token:

    curl -v --cert client.crt --key client.key --cacert ca.crt --header "Content-Type: application/json" --request POST https://localhost:8081/authenticate --data '{ "username":"user1", "password":"password"}'  

Then you receive JWT token like

    

    eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMSIsImlhdCI6MTcwMTE5MDExMCwiZXhwIjoxNzAxMjA4MTEwfQ.3VOYkN5JbaxX7sxY5WV0L0wiaWhdIaXvY8BIV6dIdxnOMmh9R0UDFUIXXu10rIPyTfZmbCIdNYd3b5aWNyGL-g

You should put this token as bearer header to other further requests

Now you can run test method

     curl -v --cert client.crt --key client.key --cacert ca.crt --header "Content-Type: application/json" --header "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMSIsImlhdCI6MTcwMTE5MDI0OSwiZXhwIjoxNzAxMjA4MjQ5fQ.Nx-ZUTRaVMbonc_PrJro11Qi3Ab4PGmttbmfYA9baoQC67te07-j-iH7PjYbTV9JpaW2lw0C7_dI2PXBhoNvrA" --request  GET https://localhost:8081/api/test 

## Security disable

To disable JWT security authentication set parameter

    security.enabled: false

in your config/application.yml

Try to make following request

    curl -v --cert client.crt --key client.key --cacert ca.crt --header "Content-Type: application/json" --header --request  GET https://localhost:8081/api/test 

As you can see server and client have exchanged with public keys/certificates and the connection becames secured and encrypted on both sides