/springboot-role-based-jwt-security-rest-api

Sample project on how to implement JWT security role based using Spring boot 3 and Spring security 6

Primary LanguageJava

Spring Boot JWT REST API Security

Java Spring Boot Gradle

This project is a simple example of JWT-based REST API security developed using Spring Boot and built with Gradle.

Features

  • JWT Authentication: Secure user authentication using JSON Web Tokens.
  • Roles: Access control based on user roles.
  • Refresh Token: Extend user sessions with refresh tokens.
  • RESTful API: Clean and efficient RESTful services.

Requirements

  • Java 17
  • Gradle 7.2

Installation

  1. Clone the project to your local machine:

    git clone https://github.com/caglayantolga/springboot-role-based-jwt-security-rest-api.git

  2. Edit the application.yaml file and add your JWT secret key and password:

    token:
  signing:
    key: SECRET_KEY
  refresh:
    signing:
      key: SECRET_KEY

  3. Compile and run the project:

    cd springboot-role-based-jwt-security-rest-api
./gradlew bootRun

Usage

  1. Generate Token:

    POST /api/v1/auth/login

  2. Request Body:

     {
 "username": "yourUsername",
 "password": "yourPassword"
 }

  3. Response:

     {
 "token": "TOKEN",
 "refreshToken": "REFRESH_TOKEN",
 "expiresAt": "EXPIRES_AT"
 }

  4. Access Secure Endpoint:

    GET /api/v1/admin/hello

    HEADER

    Authorization: Bearer TOKEN

    RESPONSE

    Hello Admin

Refresh Token

  1. Refresh Token:

     POST /api/v1/auth/refresh/access

  2. Request Body:

     {
    "refreshToken": "REFRESH_TOKEN"
 }

  3. Response:

     {
 "token": "NEW_TOKEN",
 "refreshToken": "NEW_REFRESH_TOKEN",
 "expiresAt": "NEW_EXPIRES_AT"
 }