Skip to content

Working with Spring Security

Jump to bottom
Somkiat Puisungnoen edited this page Dec 2, 2023 · 6 revisions

Working with Spring Security

Code demo

Step 1 :: Add Spring Security library

build.gradle

implementation 'io.jsonwebtoken:jjwt-api:0.12.2'
implementation 'io.jsonwebtoken:jjwt-impl:0.12.2'
implementation 'io.jsonwebtoken:jjwt-jackson:0.12.2'
implementation 'org.springframework.boot:spring-boot-starter-security'
testImplementation 'org.springframework.security:spring-security-test'

pom.xml

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.apache.commons</groupId>
		<artifactId>commons-lang3</artifactId>
	</dependency>
	<dependency>
		<groupId>org.projectlombok</groupId>
		<artifactId>lombok</artifactId>
		<optional>true</optional>
	</dependency>
	<dependency>
		<groupId>io.jsonwebtoken</groupId>
		<artifactId>jjwt-api</artifactId>
		<version>0.12.2</version>
	</dependency>
	<dependency>
		<groupId>io.jsonwebtoken</groupId>
		<artifactId>jjwt-impl</artifactId>
		<version>0.12.2</version>
	</dependency>
	<dependency>
		<groupId>io.jsonwebtoken</groupId>
		<artifactId>jjwt-jackson</artifactId>
		<version>0.12.2</version>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>

	<dependency>
		<groupId>com.h2database</groupId>
		<artifactId>h2</artifactId>
		<scope>runtime</scope>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-test</artifactId>
		<scope>test</scope>
	</dependency>
</dependencies>

Step 2 :: Flow of authentication and authorization

  1. Sign up
    • Create a new user (email and password)
  2. Sign in
    • Use email and password
    • Create JWT Token
  3. Access to protected resources with JWT Token

Step 3 :: Design, Develop and Test for Sign up API

POST http://127.0.0.1:8080/api/v1/auth/signup
{
    "email": "demo",
    "password": "demo",
    "firstName": "",
    "lastName": ""
}

Response 200
{
  "token": "xxxx"
}

Design class with Spring Boot

  • AuthenticationController
    • SignUpResponse signup(SignUpRequest)
  • AuthenticationService
    • signup()

Step 4 :: Design, Develop and Test for Sign in API

POST http://127.0.0.1:8080/api/v1/auth/signin
{
    "email": "demo",
    "password": "demo"
}

Response 200
{
  "token": "xxxx"
}

Design class with Spring Boot

  • AuthenticationController
    • SigninResponse signin(SigninRequest)
  • AuthenticationService
    • signin()

Step 5 :: Design, Develop and Test for Access to protected resources with JWT Token

GET http://127.0.0.1:8080/api/v1/customer
HEADER
* Authorization=Bearer <jwt token>

Response 200
Clone this wiki locally