Spring JWT
This demo application shows how very simple it is with Spring Security to secure an endpoint using JSON Web Token (JWT).
There is a BASIC AUTH secured endpoint for obtaining a JWT. With the JWT the client can call the other secured endpoints.
- JDK8
- MongoDB
- Maven3(+)
The secured endpoint for obtaining a token:
TOKEN=$(curl -X POST -H "Content-Type: application/json" --user "John Doe:secret" http://localhost:8080/token)You can validate the token on https://jwt.io/ using the base64 encoded secret from application.properties.
To access the admin endpoint using the token:
curl -H "X-AUTH-TOKEN: $TOKEN" -H "Content-Type: application/json" http://localhost:8080/admin/userIf you would get a token for an ordinary user:
TOKEN=$(curl -X POST -H "Content-Type: application/json" --user "Mary Doe:secret" http://localhost:8080/token)You will get a 403 for the admin endpoint;:
curl -ik -H "X-AUTH-TOKEN: $TOKEN" -H "Content-Type: application/json" http://localhost:8080/admin/userBut you can access the user page:
curl -H "X-AUTH-TOKEN: $TOKEN" -H "Content-Type: application/json" http://localhost:8080/user