In this tutorial we’ll see how to create a Spring Boot application that uses Spring Security and JWT token based authentication to bring authentication and authorization to the exposed REST APIs. DB used is MySQL.
What does JWT do
JWT (JSON Web Token) is used for securing REST APIs.
In the JWT authentication process a client application first need to authenticate using credentials. The server side verifies the sent credentials, if valid then it generates and returns a JWT.
Once the client has been authenticated it has to sent the token in the request’s Authorization header in the Bearer Token form with each request. The server will check the validity of the token to verify the validity of the client and authorize or reject requests. You can also store roles and method usage will be authorized based on the role.
You can also configure the URLs that should be authenticated and those that will be permitted without authentication.
Spring Boot + Spring Security with JWT authentication example
In the application we’ll have the user signup and user login logic. Once the signup is done user should be authenticated when logging in, that configuration would be done using Spring security and JWT.