Billing System using Spring Boot-Integrating JWT Authorization. Access Token and Refresh Token flow

Welcome back, friends. In this story, I will be going to explain the implementation of JWT in our Spring Boot App. If you are not familiar with Security. I am suggesting to read the following Stories
Enabling default Spring Security in Spring Boot
Enabling Spring Security with a custom user
Spring Boot Basic Authentication step by step implementation

The following are key classes to enable JWT Authorization in our Spring Boot Application.

Following two artifacts we have to add in our pom.xml file. The first artifact enables the Spring security in our Spring Boot App. The second artifact is for JWT API. This artifact provides JWT API to implement JWT Mechanism


if you go through the Basic Authentication in my Stories here, it will great for understanding JWT because I will be using the same authentication configuration except for JWT related code and storing JWT Token in the DB.

What is JWT?
JWT Stands for JSON Web Token. It is a big encrypted string and it has three sections that separated by (Dot.). The Example of the JWT structure is below.


What type of data contains behind this JWT String? In the above string, I highlighted 3 sections. Let’s explore the three sections.

The first section is the header section which contains the following attribute.

Using this attribute we can know that this JWT encrypted using the “HS256” algorithm.

The second section is the Payload section it has the following attributes.

This attribute generated by our JWT API. while sending credentials from the client-side for authorization, our back-end System authorizes the credential, if it is valid then, create this JSON structure, In this JSON Structure is having 3 attributes first one is a username. it named it “sub”(Subject) and exp is the expiration time of the generated token i.e. The JWT token has a validity period. It is in a long format. The third one is “iat” which means “issued At”. This “iat” tells that when JWT token is generated.

The third section is the Signature section. it has signature data generated by the combination of header and payload.

All these 3 sections structured using JSON format so, the JSON encrypted string calling it as JSON Web Token.

Now, let's go for JWT implementation.

Implementation of AuthenticationService

This class must implement using the UserDetailsService interface Like below. Don’t forget to Annotated with @Service Annotation

I have Autowired following classes.

Use of loadUserByName method
I have to override this method from UserDetailsService. In this method, I am fetching the user name using emailId if the user name is found, I am assigning it to the User object. Then, I am initializing a new User object by passing an email id from the user.getEmailId() and password from the user.getPassword() and third parameter I am passing empty authorities. When notice, there are two different User Objects I am handling one User Object is coming from “itgarden.entity” package which I am retrieving using userRepository object and another one is I am initializing a new User Object which is from Spring Security User object. I am assigning the Spring Security User object to the UserDetails object. Finally, this method returns UesrDetails which holds the emailId, password, and Authorities(Roles). Since I am passing empty ArrayList there is no Role.

Use of saveJwt Method
This method simply stores the JWT Token data in jwt_token table. I will explain more details later point of time.
For further reading please click the below link
JWT Authorization integration in billing System



I am a Java / J2EE Consultant. Happy to learn.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store