JSON Web Token (JWT) Authentication in Java

This guide demonstrates how to use JSON Web Token (JWT) to authenticate users in a Java application. Specifically, we'll use JWT to secure APIs in a Spring Boot application, covering token generation, validation, and securing endpoints.

In this article, we will explore how to use JSON Web Token (JWT) for authentication and authorization in Java applications. JWT helps securely authenticate client requests and protect your APIs from unauthorized access. We will be using Spring Boot to build the application and integrate JWT.

Java Code

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import java.util.Date;
import java.util.function.Function;

@Component
public class JwtUtil {

    private String SECRET_KEY = "your_secret_key";

    // Generate JWT from username
    public String generateToken(UserDetails userDetails) {
        return Jwts.builder()
                .setSubject(userDetails.getUsername())
                .setIssuedAt(new Date())
                .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10)) // 10 hours
                .signWith(SignatureAlgorithm.HS256, SECRET_KEY)
                .compact();
    }

    // Extract username from JWT
    public String extractUsername(String token) {
        return extractClaim(token, Claims::getSubject);
    }

    // Extract a claim from JWT
    public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
        final Claims claims = extractAllClaims(token);
        return claimsResolver.apply(claims);
    }

    // Extract all claims from JWT
    private Claims extractAllClaims(String token) {
        return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
    }

    // Check if token is expired
    private Boolean isTokenExpired(String token) {
        return extractExpiration(token).before(new Date());
    }

    // Extract expiration date from JWT
    public Date extractExpiration(String token) {
        return extractClaim(token, Claims::getExpiration);
    }

    // Validate JWT
    public Boolean validateToken(String token, UserDetails userDetails) {
        final String username = extractUsername(token);
        return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
    }
}

Detailed explanation:

import io.jsonwebtoken.*;: JWT library for generating and validating tokens.
private String SECRET_KEY = "your_secret_key";: Secret key used for signing the JWT.
generateToken: Method to create JWT with a username and expiration time.
extractUsername: Extracts the username from the JWT.
extractClaim: Retrieves any claim from the JWT based on the provided key.
extractAllClaims: Extracts all claims from the JWT.
validateToken: Validates if the JWT is valid by checking the username and expiration.

System requirements:

Java 8 or higher
Spring Boot
JSON Web Token library (io.jsonwebtoken:jjwt)

How to install the libraries needed to run the above code:

Add the following dependency to your Maven pom.xml:

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>

Tips:

Make sure to use a strong secret key and do not share it with anyone.
Use HTTPS to protect JWT when transmitting over the network.

Tags: Java, Authentication, JSON Web Token

How to use Selenium to inject JavaScript code into a website on Chrome

A guide on how to use Selenium in Java to inject JavaScript code into a webpage on the Chrome browser. This article will help you understand how to interact with the DOM via JavaScript.

Writing data to an Excel file using Java

A guide on how to write data to an Excel file using Java, leveraging the Apache POI library for effective and simple manipulation of Excel files.

Read Excel Content Using Apache POI in Java

A detailed guide on reading Excel file content in Java using the Apache POI library. This article provides sample code, a detailed explanation of each line, and steps for installing the necessary libraries.

Guide to creating a multi-image upload form in Java

A step-by-step guide on how to create a multi-image upload form using Java with Spring Boot and the `Commons FileUpload` library. This tutorial covers setup and code examples.

Create a Simple Chat Application Using Socket.IO in Java

A detailed guide on how to create a simple chat application using Java and Socket.IO. This article will help you understand how to set up a server and client for real-time communication.

How to pass an Authentication Header Token when POSTing data to an API in Java

A guide on how to pass an authentication token in the Authorization Header when sending POST requests to an API using Java. The article provides sample Java code and detailed explanations.

How to SELECT data from a MySQL database using Java

A guide on how to use Prepared Statements in Java to query data from a table in a MySQL database safely and effectively.

How to automatically login to a website using Selenium with Chrome in Java

This article explains how to use Selenium with Chrome to automatically log into a website using Java. It covers how to interact with web elements to perform login actions on the user interface.

How to convert Unicode characters with accents to non-accented in Java

A guide on how to convert accented Unicode characters to non-accented characters in Java using `Normalizer` and regular expressions.

How to open Notepad using Java

This guide explains how to open the Notepad application using Java by utilizing `Runtime.getRuntime().exec()`. It demonstrates how Java can interact with the system to launch external programs.