Differences between revisions 9 and 10

jwt (JSON Web Token)

JSON Web Token

Overview

In authentication, when the user successfully logs in using their credentials, a JSON Web Token will be returned and must be saved locally (typically in local or session storage, but cookies can also be used), instead of the traditional approach of creating a session in the server and returning a cookie.

The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.

This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the Authorization header, and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times.

Adapted tutorials point Spring boot + JWT example

https://www.tutorialspoint.com/spring_boot/spring_boot_oauth2_with_jwt.htm

Structure

.
├── build_image.sh
├── connect_container.sh
├── Dockerfile
├── get_token.sh
├── jwt.pem
├── pom.xml
├── run_container.sh
├── src
│   └── main
│       ├── java
│       │   └── com
│       │       └── tutorialspoint
│       │           └── websecurityapp
│       │               ├── CustomDetailsService.java
│       │               ├── CustomUser.java
│       │               ├── OAuth2Config.java
│       │               ├── OAuthDao.java
│       │               ├── SecurityConfiguration.java
│       │               ├── UserEntity.java
│       │               └── WebsecurityappApplication.java
│       └── resources
│           ├── application.properties
│           ├── data.sql
│           └── schema.sql
└── stop_container.sh

mkdir -p src/main/java/com/tutorialspoint/websecurityapp/
mkdir src/main/resources/
openssl genrsa -out jwt.pem 2048 # generate private key

run_container.sh

Dockerfile

src/main/java/com/tutorialspoint/websecurityapp/SecurityConfiguration.java

-  ⇤ ← Revision 9 as of 2020-06-17 17:01:58 → 
  Size: 2652
  Editor: localhost
  Comment:
+   ← Revision 10 as of 2020-06-17 17:04:36 → ⇥
  Size: 3774
  Editor: localhost
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 17:
-== Adapted tutorials point example ==
+== Adapted tutorials point Spring boot + JWT example ==
 Line 52:
+ * openssl genrsa -out jwt.pem 2048 # generate private key

=== run_container.sh ===
{{{
}}}

=== Dockerfile ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/SecurityConfiguration.java ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/OAuth2Config.java ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/CustomUser.java ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/UserEntity.java ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/WebsecurityappApplication.java ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/CustomDetailsService.java ===
{{{
}}}

=== src/main/java/com/tutorialspoint/websecurityapp/OAuthDao.java ===
{{{
}}}

=== src/main/resources/schema.sql ===
{{{
}}}

=== src/main/resources/application.properties ===
{{{
}}}

=== src/main/resources/data.sql ===
{{{
}}}

=== build_image.sh ===
{{{
}}}

=== pom.xml ===
{{{
}}}

=== get_token.sh ===
{{{
}}}

=== connect_container.sh ===
{{{
}}}

=== stop_container.sh ===
{{{
}}}