Jwt-Spring-Security-JPA Project Introduction
Overview
Jwt-Spring-Security-JPA is a demo project designed to illustrate the implementation of backend authentication using JSON Web Tokens (JWT) within a Spring Security and MySQL JPA environment. This project serves as an educational tool for understanding how to manage user authentication seamlessly, providing a model of how JWT can be used for secure, stateless user sessions.
Key Features
-
User Registration and Admin Support: Users can register using their email or username. The system supports assigning administrative privileges to certain accounts.
-
Conventional Login System: Users log in using credentials, and upon successful authentication, a JWT token is generated for session management.
-
Multiple Devices Management: The project supports handling login sessions across multiple devices. Additionally, it includes a mechanism for users to log out from different devices, ensuring security.
-
JWT Blacklisting: JWT tokens are blacklisted upon user logout to prevent unauthorized access, employing an in-memory store.
-
Email Verification: Upon registration, users must verify their email within a specific time frame. If the verification expires, users can request for another verification email.
-
Password Recovery: There's a password reset feature that includes generating and validating reset tokens.
-
Protected Admin URLs: Certain URLs are protected and can only be accessed by users with administrative privileges using Spring Security.
-
JWT Management: The system allows refreshing JWT tokens after they expire, maintaining session continuity without re-authentication.
-
User Availability Check: During registration, the system checks if the email or username is already in use.
Technologies and Tools
-
JWTs (JSON Web Tokens): The project uses JWTs to securely transmit information between parties, employing them for stateless authentication processes.
-
Swagger Docs: The project is integrated with Swagger, enabling developers to interact with the API through a comprehensive interface available at
http://localhost:9004/swagger-ui. -
Exception Handling: Custom exceptions are handled through a controller advice, ensuring that error responses are clear and consistent.
Setup and Deployment
To get started with the Jwt-Spring-Security-JPA project, follow these steps:
-
Clone the Repository:
git clone https://github.com/isopropylcyanide/Jwt-Spring-Security-JPA.git cd Jwt-Spring-Security-JPA -
Create a MySQL Database:
create database login_db -
Configure MySQL and Mail Server: Adjust the MySQL username and password in
application.properties. Similarly, update the mail server details inmail.properties. -
Run the Application:
- For UNIX/Linux:
./mvnw spring-boot:run - For Windows:
mvnw.cmd spring-boot:run
The server will boot on port 9004, initializing necessary database tables.
- For UNIX/Linux:
User Interaction APIs
The project includes extensive API endpoints for user operations such as registration, login, email confirmation, accessing user and admin resources, logout, password reset, and token refresh. Each endpoint is designed with detailed responses for success and error scenarios, providing a full spectrum of use cases.
User Roles and Authorization
The project employs role-based authorization using Spring Security:
- Default role
ROLE_USERis assigned to new registrants. - Role definitions and table schema are initialized at the first run. If not, SQL insert commands are provided for manual setup.
Contributions
This demo project is a starting point and is not recommended for direct production use. It is an open invitation for developers to customize, expand, and enhance the functionality by forking the project. Contributions are encouraged, especially in expanding test coverage with JUnit.
In summary, the Jwt-Spring-Security-JPA project serves as a comprehensive example of implementing JWT-based authentication in a Spring Security framework, offering a rich feature set to study and build upon for developing secure, scalable web applications.