Protecting a REST APIs with JWT is a tedious task and, normally, it is quite similar in common projects. To avoid this tedious task I have developed a Yeoman generator generator-spring-rest-jwt that automatically generates the skeleton of an Spring Boot API REST that is protected with JWT.
The first step is to install Yeoman and install the generator:
npm install -g yo npm install -g generator-spring-rest-jwt
After that, you have to generate your project with this command:
yo spring-rest-jwt
Once you have created your project you can get an access token for the following accounts:
Admin - admin:admin User - user:password Disabled - disabled:password (this user is disabled)
There are three endpoints that creates this generator:
/auth - authentication endpoint with unrestricted access /user - shows logged in user information /admin - an example endpoint that is restricted to authorized users with the role 'ROLE_ADMIN' (a valid JWT token must be present in the request header)
If you want to get a token for admin, you have to send a POST request to the endpoint /auth with the following JSON in the body request:
{
"username": "admin",
"password": "admin"
}Then you will get a token and you can use it passing it in your requests header:
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkaWVuY2UiOiJ3ZWIiLCJjcmVhdGVkIjoxNDg0OTE4NjA2ODMwLCJleHAiOjE0ODU1MjM0MDZ9.ghLIqZM0wgWmL_a6_OGYjuwtaDUDbQaBFGndkfy2DNwDgu05vuoW_d6aS9iCNsi6Ajxjr8rOEYlV7QFALA9seQ
Creating new endpoints
If you want to create new endpoints then you can run the following command inside the project folder:
yo spring-rest-jwt:resource
This will generate a basic Entity, a JPA Repository and a REST Controller with CRUD operations.
The post Spring Boot REST API protected with JWT appeared first on Jose Luis Monteagudo.