Spring Security JWT Tutorial

Spring Security JWT Tutorial

Spring Security is the de facto industry standard when it comes to securing Spring-based apps, but it can be tricky to configure. This article demonstrates how you can implement it without wasting too much time.

Spring is considered a trusted framework in the Java ecosystem and is widely used. It’s no longer valid to refer to Spring as a framework, as it’s more of an umbrella term that covers various frameworks. One of these frameworks is Spring Security, which is a powerful and customizable authentication and authorization framework. It is considered the de facto standard for securing Spring-based applications.

Despite its popularity, I must admit that when it comes to single-page applications, it’s not simple and straightforward to configure. I suspect the reason is that it started more as an MVC application-oriented framework, where webpage rendering happens on the server-side and communication is session-based.

If the back end is based on Java and Spring, it makes sense to use Spring Security for authentication/authorization and configure it for stateless communication. While there are a lot of articles explaining how this is done, for me, it was still frustrating to set it up for the first time, and I had to read and sum up information from multiple sources. That’s why I decided to write this article, where I will try to summarize and cover all the required subtle details and foibles you may encounter during the configuration process.

Defining Terminology

Before diving into the technical details, I want to explicitly define the terminology used in the Spring Security context just to be sure that we all speak the same language.

These are the terms we need to address:

  • Authentication refers to the process of verifying the identity of a user, based on provided credentials. A common example is entering a username and a password when you log in to a website. You can think of it as an answer to the question Who are you?.
  • Authorization refers to the process of determining if a user has proper permission to perform a particular action or read particular data, assuming that the user is successfully authenticated. You can think of it as an answer to the question Can a user do/read this?.
  • Principle refers to the currently authenticated user.
  • Granted authority refers to the permission of the authenticated user.
  • Role refers to a group of permissions of the authenticated user.

Creating a Basic Spring Application

Before moving to the configuration of the Spring Security framework, let’s create a basic Spring web application. For this, we can use a Spring Initializr and generate a template project. For a simple web application, only a Spring web framework dependency is enough:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

spring

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Spring vs Spring Boot

We will see how Spring and Spring Boot can be compared. Programmers need not start from scratch when they want to work on some projects.

Consumer-Driven Contract Testing With Spring Cloud Contract

The article demonstrates how to write a contract between the producer & the consumer and how to implements the producer & the consumer side test cases for Spring Cloud Contract through an HTTP request between two microservices.

Spring | Spring JDBC Tutorial | Java Spring Tutorial Spring Training

Spring | Spring JDBC Tutorial | Java Spring Tutorial Spring Training . Spring Framework Certification Training This post Spring JDBC Tutorial video will help you

Learn Hibernate and Spring for Beginners (Includes Spring Boot)

Spring 5: Learn Spring 5 Core, AOP, Spring MVC, Spring Security, Spring REST, Spring Boot 2, Thymeleaf, JPA & Hibernate

Spring Live | Introduction to Spring Framework | Java Spring Tutorial | Spring Training

Spring Live , Introduction to Spring Framework, Java Spring Tutorial ,Spring Training .Spring Framework Certification Training "Introduction to Spring Framework"