Spring Boot REST API protected with JWT
Protecting a REST APIs with JWT is a tedious task and, normally, it is quite similar in common projects. To avoid this tedious task I have developed a Yeoman generator generator-spring-rest-jwt that automatically generates the skeleton of an Spring Boot API REST that is protected with JWT.
The first step is to install Yeoman and install the generator:
1 2 |
npm install -g yo npm install -g generator-spring-rest-jwt |
After that, you have to generate your project with this command:
1 |
yo spring-rest-jwt |
Once you have created your project you can get an access token for the following accounts:
1 2 3 |
Admin - admin:admin User - user:password Disabled - disabled:password (this user is disabled) |
There are three endpoints that creates this generator:
1 2 3 |
/auth - authentication endpoint with unrestricted access /user - shows logged in user information /admin - an example endpoint that is restricted to authorized users with the role 'ROLE_ADMIN' (a valid JWT token must be present in the request header) |
If you want to get a token for admin, you have to send a POST request to the endpoint /auth with the following JSON in the body request:
1 2 3 4 |
{ "username": "admin", "password": "admin" } |
Then you will get a token and you can use it passing it in your requests header:
1 |
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkaWVuY2UiOiJ3ZWIiLCJjcmVhdGVkIjoxNDg0OTE4NjA2ODMwLCJleHAiOjE0ODU1MjM0MDZ9.ghLIqZM0wgWmL_a6_OGYjuwtaDUDbQaBFGndkfy2DNwDgu05vuoW_d6aS9iCNsi6Ajxjr8rOEYlV7QFALA9seQ |
Creating new endpoints
If you want to create new endpoints then you can run the following command inside the project folder:
1 |
yo spring-rest-jwt:resource |
This will generate a basic Entity, a JPA Repository and a REST Controller with CRUD operations.
Recent Comments