In this post, I will show how to secure your spring boot based REST API. It has been more of a trend to secure REST APIs to avoid any unnecessary calls to public APIs. We will be using some Spring Boot features for Spring Security, along with JSON WebTokens for authorization.
User flow in this case is
- User logs in.
- We validate user credentials.
- A token is sent back to user agent.
- User tries to access a protected resource.
- User sends JWT when accessing the protected resource. We validate JWT.
- If JWT is valid, we allow the user to access the resource.
JSON Web Tokens, known as JWTs are used for forming authorization for users. This helps us to build secure APIs and it is also easy to scale. During authentication, a JWT is returned. Whenever the user wants to access a protected resource, the browser must send JWTs in the Authorization header along with the request. One thing to understand here is that it is a good security practice to secure REST API.
Basically, we will show how to:
- Verify JSON WebToken
- Validate the signature
- Check the client permissions
What You Will Need?
- Java 8.
- MySQL Database.
- IntelliJ Editor.
- Gradle.
Note – This won’t be a full-fledged app, but REST APIs based on Spring boot, Spring security.
#java #spring boot #spring security #security
