Open in app

Sign in

Write

Sign in

Billing System using Spring Boot-Integrating JWT Authorization. Access Token and Refresh Token flow

Suresh
3 min readNov 17, 2020

--

Welcome back, friends. In this story, I will be going to explain the implementation of JWT in our Spring Boot App. If you are not familiar with Security. I am suggesting to read the following Stories
Enabling default Spring Security in Spring Boot
Enabling Spring Security with a custom user
Spring Boot Basic Authentication step by step implementation

The following are key classes to enable JWT Authorization in our Spring Boot Application.

AuthenticationService
JwtUtils
SecurityConfig
JwtRequestFilter
JwtTokenRepository

Following two artifacts we have to add in our pom.xml file. The first artifact enables the Spring security in our Spring Boot App. The second artifact is for JWT API. This artifact provides JWT API to implement JWT Mechanism

<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-security</artifactId>
</dependency><dependency>
   <groupId>io.jsonwebtoken</groupId>
   <artifactId>jjwt</artifactId>
   <version>0.9.1</version>
</dependency>

if you go through the Basic Authentication in my Stories here, it will great for understanding JWT because I will be using the same authentication configuration except for JWT related code and storing JWT Token in the DB.

What is JWT?
JWT Stands for JSON Web Token. It is a big encrypted string and it has three sections that separated by (Dot.). The Example of the JWT structure is below.

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzdXJlc2guY3VzdG9tZXJAZ21haWwuY29tIiwiZXhwIjoxNjA1NTcwOTU2LCJpYXQiOjE2MDU1NjU5NTZ9.NjTWNR2j6hDBHX9VjQI7aTx6Gr3h1pMnt4FxE9BmB3k

What type of data contains behind this JWT String? In the above string, I highlighted 3 sections. Let’s explore the three sections.

The first section is the header section which contains the following attribute.

{
  "alg": "HS256"
}

Using this attribute we can know that this JWT encrypted using the “HS256” algorithm.

The second section is the Payload section it has the following attributes.

{
  "sub": "suresh.customer@gmail.com",
  "exp": 1605570956,
  "iat": 1605565956
}

This attribute generated by our JWT API. while sending credentials from the client-side for authorization, our back-end System authorizes the credential, if it is valid then, create this JSON structure, In this JSON Structure is having 3 attributes first one is a username. it named it “sub”(Subject) and exp is the expiration time of the generated token i.e. The JWT token has a validity period. It is in a long format. The third one is “iat” which means “issued At”. This “iat” tells that when JWT token is generated.

The third section is the Signature section. it has signature data generated by the combination of header and payload.

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
)

All these 3 sections structured using JSON format so, the JSON encrypted string calling it as JSON Web Token.

Now, let's go for JWT implementation.

Implementation of AuthenticationService

This class must implement using the UserDetailsService interface Like below. Don’t forget to Annotated with @Service Annotation

@Service
public class AuthenticationService implements UserDetailsService {

I have Autowired following classes.

@Autowired
private UserRepository userRepository;

@Autowired
private JwtTokenRepository jwtTokenRepository;

@Autowired
private JwtUtils jwtUtils;

Use of loadUserByName method
I have to override this method from UserDetailsService. In this method, I am fetching the user name using emailId if the user name is found, I am assigning it to the User object. Then, I am initializing a new User object by passing an email id from the user.getEmailId() and password from the user.getPassword() and third parameter I am passing empty authorities. When notice, there are two different User Objects I am handling one User Object is coming from “itgarden.entity” package which I am retrieving using userRepository object and another one is I am initializing a new User Object which is from Spring Security User object. I am assigning the Spring Security User object to the UserDetails object. Finally, this method returns UesrDetails which holds the emailId, password, and Authorities(Roles). Since I am passing empty ArrayList there is no Role.

Use of saveJwt Method
This method simply stores the JWT Token data in jwt_token table. I will explain more details later point of time.
For further reading please click the below link
JWT Authorization integration in billing System

Jwt
Jwt Token
Jwt Auth
Itgoesbothways
Billing System Itgarden

--

--

Suresh

Written by Suresh

90 Followers

I am a Java / J2EE Consultant. Happy to learn. https://pinepad.in/blog/

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams