search

rubytomato / demo-security-jwt-spring2

java 1.8, Spring Security & JWT with Spring Boot 2.0 Rest API application
MIT License
26 stars 7 forks source link
java jwt maven spring-boot spring-security

readme

Spring Security & JWT with Spring Boot 2.0 Rest API application

Development environment

Build & Run

using an embedded database H2.

mvn clean package
java -jar .\target\demo.jar

test user

email password admin
kkamimura@example.com iWKw06pvj true
rsakuma@example.com sk10ZIaiq false
tyukinaga@example.com me02yFufL false
zsawatari@example.com FjqU39aia false
ehiyama@example.com ruFOep18r false

API

login API

認証が成功するとトークンが取得できます。このトークンは認証が必要なAPIで使用します。

curl -i -X POST "http://localhost:9000/app/login" -d "email=kkamimura@example.com" -d "pass=iWKw06pvj"

For example, the response is as follows

HTTP/1.1 200
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI1IiwibmJmIjoxNTMzMDA2NDc0LCJleHAiOjE1MzMwMDcwNzQsImlhdCI6MTUzMzAwNjQ3NH0.HHrg8dGkexwgw3z06n5NGa69DLzJn--PWzlBYNQ8r3KXDLsXwJKNt7qwJK3xGHc2CP0zBi2fcdjAWV-2zs68wA
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 0
Date: Tue, 31 Jul 2018 03:07:54 GMT

No authentication required API

curl -i "http://localhost:9000/app/hello"
curl -i "http://localhost:9000/app/hello/{message}"
curl -i -X POST "http://localhost:9000/app/hello" -d "message=world"

These APIs do not need roles

But the user needs to be authenticated.

curl -i -H "Authorization: Bearer {TOKEN}" "http://localhost:9000/app/memo/1"
curl -i -H "Authorization: Bearer {TOKEN}" "http://localhost:9000/app/memo/list"

These APIs requiring authentication and USER role

curl -i -H "Authorization: Bearer {TOKEN}" "http://localhost:9000/app/user"
curl -i -H "Authorization: Bearer {TOKEN}" "http://localhost:9000/app/user/echo/{message}"
curl -i -H "Authorization: Bearer {TOKEN}" -H "Content-Type:application/json" -X POST "http://localhost:9000/app/user/echo" -d "{\"message\": \"hello world\"}"

These APIs requiring authentication and ADMIN role

curl -i -H "Authorization: Bearer {TOKEN}" "http://localhost:9000/app/admin"
curl -i -H "Authorization: Bearer {TOKEN}" "http://localhost:9000/app/admin/echo/{message}"
curl -i -H "Authorization: Bearer {TOKEN}" -H "Content-Type:application/json" -X POST "http://localhost:9000/app/admin/echo" -d "{\"message\": \"hello world\"}"