Implement JWT Authentication with Java & SpringBoot in 2023
Requirements
- Basic knowledge of Java
- Basic knowledge SpringBoot
Description
This course has been updated in 2023 as per new Spring Security Features and JWT Specification to implement Role Based Authentication & Authorization of any SpringBoot based Application.
JWT(Json web token) is a standard for securing API’s in a Microservices architecture, using this standard we can secure API’s built in any technology like Nodejs, Python, .NET etc but in this course we will building API’s using Java and SpringBoot and than we will be securing them using JWT and Spring security, we will also use all the industry best practices and standards along the way.
We will start with learning concepts like:
- What is Authentication
- What is Authorization
- Importance of securing RESTful API’s
- What is JWT(Json Web Token)
- Various components and terminology associated with JWT
- Workflow and a diagramatic use case of using JWT
Than we will move on to the actual handson and implementation of JWT in our Springboot project by following below steps:
- Create springboot project from scratch
- Adding required maven dependencies
- Setup project in Github and follow continous integration process
- Setting up database and establishing connection
- Create our Hibernate entity classes
- Create our controller class
- Create the first API
- Start configuring JWT and Spring security
- Create security related classes like configuartion, filters, service
- Making the secret and expiration time configurable
- Configuring the allowed and not allowed endpoints
- Creating user registration and login endpoints
- Creating Role based classes
- Create multiple roles
- Restrict users to functionalities based on Roles
- Setting up github to push code with token
- Creating a JWT token
- Using the JWT token to call a secured API
- Using Postman to test our API’s
- Mechanism to check if a particular JWT token is valid or not
- Extracting user information and role information from JWT token
- Complete source code
Who this course is for:
- Anyone who wants to learn about securing API’s at an industry grade standard