Differences between revisions 1 and 9 (spanning 8 versions)

jwt (JSON Web Token)

JSON Web Token

Overview

In authentication, when the user successfully logs in using their credentials, a JSON Web Token will be returned and must be saved locally (typically in local or session storage, but cookies can also be used), instead of the traditional approach of creating a session in the server and returning a cookie.

The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.

This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the Authorization header, and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times.

Adapted tutorials point example

https://www.tutorialspoint.com/spring_boot/spring_boot_oauth2_with_jwt.htm

Structure

.
├── build_image.sh
├── connect_container.sh
├── Dockerfile
├── get_token.sh
├── jwt.pem
├── pom.xml
├── run_container.sh
├── src
│   └── main
│       ├── java
│       │   └── com
│       │       └── tutorialspoint
│       │           └── websecurityapp
│       │               ├── CustomDetailsService.java
│       │               ├── CustomUser.java
│       │               ├── OAuth2Config.java
│       │               ├── OAuthDao.java
│       │               ├── SecurityConfiguration.java
│       │               ├── UserEntity.java
│       │               └── WebsecurityappApplication.java
│       └── resources
│           ├── application.properties
│           ├── data.sql
│           └── schema.sql
└── stop_container.sh

mkdir -p src/main/java/com/tutorialspoint/websecurityapp/
mkdir src/main/resources/

-  ⇤ ← Revision 1 as of 2019-07-31 13:33:38 → 
  Size: 1098
  Editor: localhost
  Comment:
+   ← Revision 9 as of 2020-06-17 17:01:58 → ⇥
  Size: 2652
  Editor: localhost
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-= jwt =
+= jwt (JSON Web Token) =
 Line 3:
+ * https://tools.ietf.org/html/rfc7519
 * https://en.wikipedia.org/wiki/JSON_Web_Token
 * https://jwt.io/
 * https://www.devglan.com/spring-security/spring-boot-jwt-auth
 * https://www.baeldung.com/spring-security-oauth-jwt
 * https://www.tutorialspoint.com/spring_boot/spring_boot_oauth2_with_jwt.htm
-Line 4:
+Line 10:
- * https://en.wikipedia.org/wiki/JSON_Web_Token
{{{
+== Overview ==
-Line 8:
+Line 13:
-The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.
+The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a '''web-browser single-sign-on (SSO) context'''. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.
-Line 10:
+Line 15:
-This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the Authorization header, and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times.
+This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the '''Authorization header''', and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times. 

== Adapted tutorials point example ==
 *  https://www.tutorialspoint.com/spring_boot/spring_boot_oauth2_with_jwt.htm

=== Structure ===
{{{
.
├── build_image.sh
├── connect_container.sh
├── Dockerfile
├── get_token.sh
├── jwt.pem
├── pom.xml
├── run_container.sh
├── src
│   └── main
│       ├── java
│       │   └── com
│       │       └── tutorialspoint
│       │           └── websecurityapp
│       │               ├── CustomDetailsService.java
│       │               ├── CustomUser.java
│       │               ├── OAuth2Config.java
│       │               ├── OAuthDao.java
│       │               ├── SecurityConfiguration.java
│       │               ├── UserEntity.java
│       │               └── WebsecurityappApplication.java
│       └── resources
│           ├── application.properties
│           ├── data.sql
│           └── schema.sql
└── stop_container.sh
-Line 12:
+Line 49:
+ * mkdir -p src/main/java/com/tutorialspoint/websecurityapp/
 * mkdir src/main/resources/