1.14 JWT Spring security - amresh087/Question GitHub Wiki

๐Ÿ›’ E-Kirana Store: Authentication System Wiki

Last Updated: April 15, 2026

Version: 1.0

Status: โœ… Production Ready

๐Ÿ“Œ 1. Overview

The E-Kirana Store uses a microservices architecture with JWT (JSON Web Token)โ€“based authentication. Authentication is centralized at the API Gateway, ensuring:

  • Stateless microservices
  • Secure request validation
  • Scalable architecture

๐Ÿ—๏ธ Architecture Flow

Screenshot 2026-04-16 at 8 27 36โ€ฏAM

๐Ÿ‘ฅ 2. User Roles & Access

Role Description Access
ADMIN Full system control All APIs
SHOPKEEPER Store manager Inventory, Orders
CUSTOMER End user Browse, Purchase

๐Ÿ” 3. Authentication Technology

JWT (JSON Web Token)

A self-contained token that includes:

  • Identity (username)
  • Roles
  • Expiration

โš™๏ธ Tech Stack

Component Technology
Backend Spring Boot 3.x
Security JWT (jjwt 0.11.5)
Gateway Spring Cloud Gateway
Communication OpenFeign
Frontend React + Axios

๐Ÿงพ 4. JWT Structure

Header.Payload.Signature

Header

 {
   "alg": "HS256",
   "typ": "JWT"
 }

Payload

 {
   "sub": "username",
   "roles": ["CUSTOMER"],
   "iat": 1713180000,
   "exp": 1713183600
 }

Signature

   HMAC-SHA256(
      base64(header) + "." + base64(payload),
      secret
    )

๐Ÿ”„ 5. Token Generation Flow

Step 1: Login Request (Frontend)

POST /auth/login

  {
    "username": "john",
    "password": "password"
   }

Step 2: Gateway Handling

/auth/** โ†’ No validation

Request forwarded to Auth-Service

Step 3: Auth-Service Processing

  • Fetch user
  • Validate password
  • Check active status
  • Generate JWT

Step 4: Token Creation

     Jwts.builder()
       .setSubject(username)
       .claim("roles", role)
       .setIssuedAt(new Date())
       .setExpiration(new Date(System.currentTimeMillis() + 3600000))
       .signWith(SignatureAlgorithm.HS256, secret)
       .compact();

Step 5: Response

     {
       "token": "jwt-token",
       "username": "john",
       "role": "CUSTOMER"
     }

Step 6: Token Storage

  • Stored in localStorage
  • Auto-attached via Axios interceptor

๐Ÿ” 6. Token Validation Flow

Step 1: API Request

  • GET /inventory/items
  • Authorization: Bearer

Step 3: Auth-Service Validation

Checks:

  • Signature โœ…
  • Expiration โœ…
  • Format โœ…

Step 4: Gateway Enrichment

Adds headers:

  • X-Username: john
  • X-Roles: CUSTOMER

Step 5: Microservice Execution

  • Trusts Gateway
  • Processes request

๐Ÿ” 7. End-to-End Flow

๐Ÿ”น Login Flow

     User โ†’ Gateway โ†’ Auth-Service โ†’ JWT โ†’ Frontend

๐Ÿ”น API Flow

   Frontend โ†’ Gateway โ†’ Auth-Service (validate) โ†’ Microservice

๐Ÿ”น Expiry Flow

  Expired Token โ†’ 401 โ†’ Logout โ†’ Re-login

๐Ÿงฉ 8. Key Components

Frontend

  • AuthContext
  • Manages login/logout

Stores token

  • Axios Interceptor
  • Adds Authorization header
  • Handles 401 errors

Backend

  • Cloud Gateway (9090)
  • JWT validation

Routing

  • Auth-Service (2040)
  • Token generation
  • Token validation

Microservices

  • Business logic only
  • No authentication logic

โš™๏ธ 9. Configuration

Auth-Service

     auth:
       jwt:
         secret: your-secret-key
         expiration: 3600000

Gateway Routing

     routes:
       - id: auth-service
         uri: http://localhost:2040
         predicates:
           - Path=/auth/**

Frontend

    const API_BASE_URL = "http://localhost:9090";

โš ๏ธ 10. Error Handling

Error Code Cause
Invalid credentials 401 Wrong login
Token expired 401 Expired JWT
Missing token 401 No header
Forbidden 403 Role issue
Service down 503 Backend unavailable

๐Ÿ”’ 11. Security Best Practices

โœ… Implemented

  • JWT signing (HS256)
  • Token expiration
  • Stateless auth
  • Role-based access
โš ๏ธ **GitHub.com Fallback** โš ๏ธ