Open in app

Sign in

Write

Sign in

Spring Security in Spring Boot

Sopheary Rin
2 min readDec 13, 2023

--

What Is Spring Security?

Spring Security is a separate module of the Spring framework that focuses on providing authentication and authorization methods in Java applications.

​​To use Spring Security in web applications, we can get started with the simple annotation @EnableWebSecurity.

  • Authentication: is the process to Check userId and Password with credential stores in App/DB.
  • Authorization: is the process of giving permission to access the resources, Check to see if the user has authorized a role.

What is JWT? It’s JSON Web Token, it provides a way to authorize our api request by using token base authentication.

When a user logs in, they are given a JWT which they can then use to make authenticated requests to the API. The JWT will contain information about the user, such as their name and ID.

JWTs are typically used in web applications and APIs to authenticate users and validate their permissions.

To implement JWT authentication in Spring Boot, you can use the Spring Security Library. Spring Security provides a number of features that make it easy to implement security in Spring applications, including authentication, authorization, and encryption.

Here are the steps on how to implement JWT authentication in Spring Boot:

  1. Add the Spring Security dependency to your pom.xml file
  2. Create a Spring Security configuration file.
  3. Configure Spring Security to use JWT authentication.
  4. Create a JWT token generator.
  5. Create a JWT token validator.
  6. Create a JWT authentication filter.
  7. Add the JWT authentication filter to your Spring Boot application

What is the JSON Web Token structure?

https://jwt.io/#debugger-io

JSON Web Tokens consist of three parts separated by dots (.), which are:

  • Header
  • Payload
  • Signature

Header

The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

Payload

The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.

Signature

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

Reference: https://jwt.io/introduction

--

--

Sopheary Rin
Sopheary Rin

Written by Sopheary Rin

4 Followers
4 Following

Backend Java Developer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams