Bạn có chắc chắn muốn xóa bài viết này không ?
SpringBoot Token Based Authentication Example – MySQL + JWT+ Spring JPA + RestAPIs
“How to build SpringBoot Token Based Authentication Example?” is one of the most common questions for Java development world. So in the tutorial, I will introduce how to build it with clearly architecture and coding examples
Spring Security JWT Architecture – Springboot Token Based Authentication Example
This is diagram for Spring Security/JWT (Springboot Token Based Authentication Example) classes that are separated into 3 layers:
– Spring Security
– REST API
Look at the diagram above, we can easily associate these components with Spring Security Authentication process: receive HTTP request, filter, authenticate, store Authentication data, generate token, get User details, authorize, handle exception…
At a glance:
– SecurityContextHolder provides access to the SecurityContext.
– SecurityContext holds the Authentication and possibly request-specific security information.
– Authentication represents the principal which includes GrantedAuthority that reflects the application-wide permissions granted to a principal.
– UserDetails contains necessary information to build an Authentication object from DAOs or other source of security data.
– UserDetailsService helps to create a UserDetails from a String-based username and is usually used by AuthenticationProvider.
– JwtAuthTokenFilter (extends OncePerRequestFilter) pre-processes HTTP request, from Token, create Authentication and populate it to SecurityContext.
– JwtProvider validates, parses token String or generates token String from UserDetails.
– UsernamePasswordAuthenticationToken gets username/password from login Request and combines into an instance of Authentication interface.
– AuthenticationManager uses DaoAuthenticationProvider (with help of UserDetailsService & PasswordEncoder) to validate instance of UsernamePasswordAuthenticationToken, then returns a fully populated Authentication instance on successful authentication.
– SecurityContext is established by calling SecurityContextHolder.getContext().setAuthentication(…) with returned authentication object above.
– AuthenticationEntryPoint handles AuthenticationException.
– Access to Restful API is protected by HTTPSecurity and authorized with Method Security Expressions.
PROJECT STRUCTURE FOR SPRINGBOOT TOKEN BASED AUTHENTICATION EXAMPLE
– model package defines 2 entities User & Role that have many-to-many relationship:
– repository package contains interfaces that use Hibernate JPA to store/retrieve data from MySQL database.
– controller package defines RestAPIs for user signup/signin and testing protected resources that is secured with JWT.
– message package defines payload data transferred from user agents (Browser/RestClient…) to RestAPIs and message back.
– security package is the main part of the project that implements JWT security.
In the tutorial “Springboot Token Based Authentication Example”, we expose 2 RestAPIs to signup and signin:
- Sign up: /api/auth/signup
– Sign In /api/auth/signin:
- Angular CRUD Application with SpringBoot and MySQL/PostgreSQL RestAPIs – Fullstack Angular 10-9-8 HttpClient Post/Get/Put/Delete
- SpringBoot Upload Download Multiple Files Examples with Thymeleaf
- Build SpringBoot CRUD Application – FullStack: Frontend (Bootstrap and Ajax) to Backend (SpringBoot and MySQL/PostgreSQL database)