##About This is just a simple demo for using JWT (JSON Web Token) with Spring Security and Spring Boot (backed by MongoDb). This solution is partially based on the blog entry REST Security with JWT using Java and Spring Security and the demo project Cerberus. Thanks to the authors!
##Requirements
- This demo is build with with Maven and Java 1.8.
- MongoDB up and running.
- Import initial data by executing
mongoimport --db jwt --collection user src/main/resources/import.json
##Usage
Just start the application with the Spring Boot maven plugin (mvn spring-boot:run). The application is
running at http://localhost:8080.
There are three user accounts present to demonstrate the different levels of access to the endpoints in the API and the different authorization exceptions:
Admin - admin:admin
User - user:password
Disabled - disabled:password (this user is disabled)
There are three endpoints that are reasonable for the demo:
/auth - authentication endpoint with unrestricted access
/persons - an example endpoint that is restricted to authorized users (a valid JWT token must be present in the request header)
/protected - an example endpoint that is restricted to authorized users with the role 'ROLE_ADMIN' (a valid JWT token must be present in the request header)
I've written a small Javascript client and put some comments in the code that hopefully makes this demo understandable.
###Generating password hash for new users
I'm using bcrypt to encode passwords. Your can generate your hashes with this simple tool: Bcrypt Generator
##External resources
Dan Vega (https://twitter.com/therealdanvega) created a video that explained this project quite fine. Thanks to him!
##Creator
Stephan Zerhusen
##MongoDb Fork
##Copyright and license
The code is released under the MIT license.
Please feel free to send me some feedback or questions!