1.14 JWT Spring security - amresh087/Question GitHub Wiki

JSON Web Tokens (JWT) are a popular method for securely transmitting information between parties as a compact URL-safe string. In the context of Spring Boot applications, JWTs are commonly used for authentication and authorization purposes. Here's a breakdown of how JWT token implementation works in a Spring Boot application

Token Generation:

• When a user successfully logs in or authenticates, a JWT token is generated for that user.

• The token typically contains information about the user's identity and any other relevant information (such as roles or permissions).

• The token is signed using a secret key known only to the server. This ensures that the token has not been tampered with by unauthorized parties.

Token Verification:

• When subsequent requests are made to the server, the JWT token is included in the request headers.

• The server intercepts these requests and extracts the JWT token.

• The server then verifies the authenticity of the token by checking its signature using the secret key.

• If the token is valid and has not expired, the server allows the request to proceed.

Authorization:

• Once the token is validated, the server can extract information from the token to determine whether the user is authorized to access the requested resource.

• This information may include the user's roles, permissions, or any other claims embedded within the token.

• Based on this information, the server can make authorization decisions and either grant or deny access to the requested resource.

Token Expiry:

• JWT tokens typically have an expiration time, after which they are no longer considered valid.

• This helps mitigate the risk of token theft or misuse, as tokens automatically become invalid after a certain period.

• When a token expires, the user must re-authenticate to obtain a new token.

Token Refresh (Optional):

• In some cases, applications may implement token refresh mechanisms to extend the validity of a token without requiring the user to re-authenticate.

• This involves issuing a new token with a later expiration time, typically in exchange for a valid refresh token.

JWT with jdbc implementation

• Application.properties

• WebSecurityConfig.java

• TokenUtil.java

• TokenUserDetailsService.java

• TokenRequestFilter

• TokenRequest.java

• TokenResponse.java