{"id":32997,"date":"2024-11-01T09:13:01","date_gmt":"2024-11-01T09:13:01","guid":{"rendered":"http:\/\/atmokpo.com\/w\/?p=32997"},"modified":"2024-11-01T11:29:26","modified_gmt":"2024-11-01T11:29:26","slug":"spring-boot-backend-development-course-implementing-login-and-logout-with-jwt-adding-token-service","status":"publish","type":"post","link":"https:\/\/atmokpo.com\/w\/32997\/","title":{"rendered":"Spring Boot Backend Development Course, Implementing Login and Logout with JWT, Adding Token Service"},"content":{"rendered":"

<\/p>\n

Spring Boot is a powerful framework for modern web application development. In this course, we will explain step by step how to implement user authentication using JWT (Json Web Token) and how to achieve login and logout functionality. This process will also cover how to add token services to enhance security and user management features.<\/p>\n

1. What is JWT?<\/h2>\n

JWT is an open standard based on JSON that provides a way to securely transmit information. A JWT consists of three parts: Header, Payload, Signature.<\/p>\n

1.1 Header<\/h3>\n

The Header specifies the type of the JWT and the hashing algorithm. For example:<\/p>\n

\n    {\n      \"alg\": \"HS256\",\n      \"typ\": \"JWT\"\n    }<\/pre>\n
1.2 Payload<\/h3>\n
The Payload contains the user’s information, user ID, expiration time, etc. This part is structured in an easily readable JSON format.<\/p>\n
1.3 Signature<\/h3>\n
The Signature is the value signed with a secret key by combining the encoded Header and Payload. This value guarantees the integrity of the token and is used by the server to validate the token.<\/p>\n
2. Project Setup<\/h2>\n
In this tutorial, we will create a project using Spring Boot and Maven. You can set up the project using IDEs such as IntelliJ IDEA or Eclipse.<\/p>\n
2.1 Creating a Maven Project<\/h3>\n
After creating a Maven project in Eclipse or IntelliJ IDEA, add the following dependencies to the pom.xml file.<\/p>\n
\n    <dependencies>\n        <dependency>\n            <groupId>org.springframework.boot<\/groupId>\n            <artifactId>spring-boot-starter-web<\/artifactId>\n        <\/dependency>\n        <dependency>\n            <groupId>io.jsonwebtoken<\/groupId>\n            <artifactId>jjsonwebtoken<\/artifactId>\n            <version>0.9.1<\/version>\n        <\/dependency>\n        <dependency>\n            <groupId>org.springframework.boot<\/groupId>\n            <artifactId>spring-boot-starter-security<\/artifactId>\n        <\/dependency>\n    <\/dependencies><\/pre>\n
2.2 Spring Security Configuration<\/h3>\n
Set up basic security configurations using Spring Security. Create a SecurityConfig class and add user authentication and authorization settings.<\/p>\n
\n    import org.springframework.context.annotation.Bean;\n    import org.springframework.context.annotation.Configuration;\n    import org.springframework.security.config.annotation.web.builders.HttpSecurity;\n    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\n    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n    @Configuration\n    @EnableWebSecurity\n    public class SecurityConfig extends WebSecurityConfigurerAdapter {\n\n        @Override\n        protected void configure(HttpSecurity http) throws Exception {\n            http.csrf().disable()\n                .authorizeRequests()\n                .antMatchers(\"\/api\/auth\/**\").permitAll()\n                .anyRequest().authenticated();\n        }\n    }\n    <\/pre>\n
3. JWT Creation and Validation<\/h2>\n
Now we will look at how to create and validate JWTs. Create a JWTUtil class and implement the necessary methods.<\/p>\n
\n    import io.jsonwebtoken.Claims;\n    import io.jsonwebtoken.Jwts;\n    import io.jsonwebtoken.SignatureAlgorithm;\n    import org.springframework.stereotype.Component;\n\n    import java.util.Date;\n    import java.util.HashMap;\n    import java.util.Map;\n\n    @Component\n    public class JWTUtil {\n        private String secretKey = \"secret\";\n\n        public String generateToken(String username) {\n            Map<String, Object> claims = new HashMap<>();\n            return createToken(claims, username);\n        }\n\n        private String createToken(Map<String, Object> claims, String subject) {\n            return Jwts.builder()\n                    .setClaims(claims)\n                    .setSubject(subject)\n                    .setIssuedAt(new Date(System.currentTimeMillis()))\n                    .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10)) \/\/ 10 hours\n                    .signWith(SignatureAlgorithm.HS256, secretKey)\n                    .compact();\n        }\n\n        public Boolean validateToken(String token, String username) {\n            final String extractedUsername = extractUsername(token);\n            return (extractedUsername.equals(username) && !isTokenExpired(token));\n        }\n\n        private String extractUsername(String token) {\n            return extractAllClaims(token).getSubject();\n        }\n\n        private Claims extractAllClaims(String token) {\n            return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();\n        }\n\n        private Boolean isTokenExpired(String token) {\n            return extractAllClaims(token).getExpiration().before(new Date());\n        }\n    }\n    <\/pre>\n
4. Implementing User Authentication and Login API<\/h2>\n
Now it’s time to implement the user authentication and login API. Create an AuthController class and add the necessary methods.<\/p>\n
\n    import org.springframework.beans.factory.annotation.Autowired;\n    import org.springframework.http.ResponseEntity;\n    import org.springframework.security.authentication.AuthenticationManager;\n    import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\n    import org.springframework.web.bind.annotation.*;\n\n    @RestController\n    @RequestMapping(\"\/api\/auth\")\n    public class AuthController {\n\n        @Autowired\n        private AuthenticationManager authenticationManager;\n\n        @Autowired\n        private JWTUtil jwtUtil;\n\n        @PostMapping(\"\/login\")\n        public ResponseEntity<String> login(@RequestBody AuthRequest authRequest) {\n            authenticationManager.authenticate(\n                    new UsernamePasswordAuthenticationToken(authRequest.getUsername(), authRequest.getPassword())\n            );\n            final String token = jwtUtil.generateToken(authRequest.getUsername());\n            return ResponseEntity.ok(token);\n        }\n    }\n\n    class AuthRequest {\n        private String username;\n        private String password;\n\n        \/\/ getters and setters\n    }\n    <\/pre>\n
5. Implementing Logout API<\/h2>\n
The logout API is implemented by deleting the JWT token on the client side. A separate logout API is not required, but an example can be added for this part.<\/p>\n
6. Adding Token Service<\/h2>\n
By adding a token service, manage user information and implement functionality to manage user sessions as needed. Create a TokenService class to implement this functionality.<\/p>\n
\n    import org.springframework.stereotype.Service;\n\n    @Service\n    public class TokenService {\n\n        @Autowired\n        private JWTUtil jwtUtil;\n\n        public String refreshToken(String token) {\n            if (jwtUtil.isTokenExpired(token)) {\n                String username = jwtUtil.extractUsername(token);\n                return jwtUtil.generateToken(username);\n            }\n            return token;\n        }\n    }\n    <\/pre>\n
7. Other Considerations and Conclusion<\/h2>\n
In this course, we explored how to implement login and logout functionality using JWT and add a token service for user authentication. In real applications, additional security measures such as enhancing JWT validation, user permission management, and token storage implementation are required.<\/p>\n
8. Conclusion<\/h2>\n
Implementing a JWT-based authentication system using Spring Boot has become an essential element in enhancing the security of modern web applications. Through this course, you should understand the basic concepts of JWT and the fundamentals of implementing an authentication system using it. Furthermore, try to gain experience in implementing and optimizing various features required for actual projects.<\/p>\n
I hope this course helps you with your Spring Boot backend development!<\/p>\n