bezkoder / spring-boot-refresh-token-jwt Goto Github PK

Spring Boot Refresh Token using JWT example - Expire and Renew JWT Token

Java 100.00%

spring-boot spring-boot-2 spring-data spring-security spring-boot-security jwt-authentication jwt-authorization jwt jwt-auth

spring-boot-refresh-token-jwt's Introduction

Spring Boot Refresh Token with JWT example

Build JWT Refresh Token in the Java Spring Boot Application. You can know how to expire the JWT, then renew the Access Token with Refresh Token.

The instruction can be found at: Spring Boot Refresh Token with JWT example

User Registration, User Login and Authorization process.

The diagram shows flow of how we implement User Registration, User Login and Authorization process.

And this is for Refresh Token:

Spring Boot Server Architecture with Spring Security

You can have an overview of our Spring Boot Server with the diagram below:

Configure Spring Datasource, JPA, App properties

Open src/main/resources/application.properties

spring.datasource.url= jdbc:mysql://localhost:3306/testdb?useSSL=false
spring.datasource.username= root
spring.datasource.password= 123456

spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQL5InnoDBDialect
spring.jpa.hibernate.ddl-auto= update

# App Properties
bezkoder.app.jwtSecret= bezKoderSecretKey
bezkoder.app.jwtExpirationMs= 3600000
bezkoder.app.jwtRefreshExpirationMs= 86400000

Run Spring Boot application

mvn spring-boot:run

Run following SQL insert statements

INSERT INTO roles(name) VALUES('ROLE_USER');
INSERT INTO roles(name) VALUES('ROLE_MODERATOR');
INSERT INTO roles(name) VALUES('ROLE_ADMIN');

Spring Boot JWT Refresh Token using HttpOnly Cookies

Spring Boot, Spring Security, MySQL: JWT Authentication & Authorization example

For PostgreSQL

For MongoDB

More Practice:

Spring Boot File upload example with Multipart File

Exception handling: @RestControllerAdvice example in Spring Boot

Spring Boot Repository Unit Test with @DataJpaTest

Spring Boot Pagination & Sorting example

Associations:

Spring Boot One To Many example with Spring JPA, Hibernate

Spring Boot Many To Many example with Spring JPA, Hibernate

JPA One To One example with Spring Boot

Deployment:

Deploy Spring Boot App on AWS – Elastic Beanstalk

Docker Compose Spring Boot and MySQL example

Fullstack Authentication

Spring Boot + Vue.js JWT Authentication

Spring Boot + Angular 8 JWT Authentication

Spring Boot + Angular 10 JWT Authentication

Spring Boot + Angular 11 JWT Authentication

Spring Boot + Angular 12 JWT Authentication

Spring Boot + Angular 13 JWT Authentication

Spring Boot + Angular 14 JWT Authentication

Spring Boot + Angular 15 JWT Authentication

Spring Boot + Angular 16 JWT Authentication

Spring Boot + Angular 17 JWT Authentication

Spring Boot + React JWT Authentication

Fullstack CRUD App

Vue.js + Spring Boot + H2 Embedded database example

Vue.js + Spring Boot + MySQL example

Vue.js + Spring Boot + PostgreSQL example

Angular 8 + Spring Boot + Embedded database example

Angular 8 + Spring Boot + MySQL example

Angular 8 + Spring Boot + PostgreSQL example

Angular 10 + Spring Boot + MySQL example

Angular 10 + Spring Boot + PostgreSQL example

Angular 11 + Spring Boot + MySQL example

Angular 11 + Spring Boot + PostgreSQL example

Angular 12 + Spring Boot + Embedded database example

Angular 12 + Spring Boot + MySQL example

Angular 12 + Spring Boot + PostgreSQL example

Angular 13 + Spring Boot + H2 Embedded Database example

Angular 13 + Spring Boot + MySQL example

Angular 13 + Spring Boot + PostgreSQL example

Angular 14 + Spring Boot + H2 Embedded Database example

Angular 14 + Spring Boot + MySQL example

Angular 14 + Spring Boot + PostgreSQL example

Angular 15 + Spring Boot + MySQL example

Angular 15 + Spring Boot + PostgreSQL example

Angular 15 + Spring Boot + MongoDB example

Angular 16 + Spring Boot + H2 Embedded Database example

Angular 16 + Spring Boot + MySQL example

Angular 16 + Spring Boot + PostgreSQL example

Angular 16 + Spring Boot + MongoDB example

Angular 17 + Spring Boot + H2 Embedded Database example

Angular 17 + Spring Boot + MySQL example

Angular 17 + Spring Boot + PostgreSQL example

Angular 17 + Spring Boot + MongoDB example

React + Spring Boot + MySQL example

React + Spring Boot + PostgreSQL example

React + Spring Boot + MongoDB example

Run both Back-end & Front-end in one place:

Integrate Angular with Spring Boot Rest API

Integrate React.js with Spring Boot Rest API

Integrate Vue.js with Spring Boot Rest API

More Practice:

Spring Boot File upload example with Multipart File

Exception handling: @RestControllerAdvice example in Spring Boot

Spring Boot Repository Unit Test with @DataJpaTest

Spring Boot Pagination & Sorting example

Associations:

JPA/Hibernate One To Many example

JPA/Hibernate Many To Many example

JPA/Hibernate One To One example

Deployment:

Deploy Spring Boot App on AWS – Elastic Beanstalk

Docker Compose Spring Boot and MySQL example

spring-boot-refresh-token-jwt's People

Contributors

Stargazers

Watchers

Forkers

uurdev menty44 acornel awsp ghostflare76 tryanderrorbot nickynodejs leottamichel fsd-training ksga-9th-spring-boot desertrose shravankb omfg74 lirongfeng erikcsik melvins1234 krishpintu devysk hujishuang mistermusk phanibuddi9 dodirizuan vdoan sobergrim jamesq castinglife luckywirasakti aitelabdsalma artemananev heroms01 zhaowei2530 grantyentzer yakovmakovets milad-fa logantect ilias500 germanfica reddigokul springbootlover oscarjz arzulla baggrek devbadi nemiass muyi0813 marcoflo doresz sonyoon7 einsteinarbert roro-17 heidsoft-java guerino hahaman graham218 trungngonptit mike6321 aykutyuksek herve-ch fecc82 pekumar7 geoffvargo aziziala tieptv6669 vednimatvi rogelio-blanco costinha44 logirl asiam9 praveen-gm leductien95 amarbibek zloyadmin dmkwon douglascwfung ramdevoxx doanquangtrungbkap ceejay1000 shekar-p honor974 tartelette-cs miamilabs nsqning yanghaochang104 hoangnhanny donhuvy sonamxrest ahmed-bulbul turcanuandrei hau2 anoudeth lucifer7355 hengdlkh lucaspalomo93 jayce-devlane angelorambrosio segye-eun nuicom sirliuyang snvastaffing hellonoynoy

spring-boot-refresh-token-jwt's Issues

Please upgrade to Spring Boot 3.0.0 with Spring Security 6.x

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

cannot work with Spring Boot 3.0.0 . See https://stackoverflow.com/questions/74667235/spring-security-6-when-upgrade-to-spring-boot-3-org-springframework-security-a

and

https://stackoverflow.com/questions/74666596/how-to-fix-error-of-websecurityconfigureradapter-when-upgrade-to-spring-boot-3-0

Thank you very much!

How about this way

Hi
I implemented a new way of refresh tokens and I don't know that it is secure or optimized. this is how it works:

1- User logs in or sign up
2- Refresh token with expiration and Access token with no expiration created and sends to client
3- These created tokens, stored in database like this:

table: tokens
user_id | refresh_token | access_token
1 | some_token | some_token

4- When clients requests for an endpoint, it should send refresh_token and access_token in the header

5- Server checks if the refresh_token expired or not and also checks both refresh_token and access_token with stored ones if they are equal or not

6- If everything was OK, server generates new access_token and updates the table and sends back to client

By this way, access_tokens are used once. If client request for an endpoint and it was successful, server sends back a new access_token and the client for every next request alongside refresh_token, should send this new access token

500 Server error for HTTP POST "/refreshtoken"

I am using the same end point for the refreshtoken action as given in this repository but,
When the refresh token is expired and we are supposed to get 403 FORBIDDEN, I am getting
This error:
ERROR o.s.b.a.w.r.e.AbstractErrorWebExceptionHandler - Could not resolve parameter [1] in public com.myprojectname.Exception.ErrorMessage .....
No suitable resolver.

Can someone please help me?

"RefreshToken is not a managed type"

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'refreshTokenRepository' defined in com.securitySimulator.repository.RefreshTokenRepository defined in @EnableJpaRepositories declared on Main: Not a managed type: class com.securitySimulator.model.user.RefreshToken
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1770) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:598) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:520) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:325) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:967) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:950) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:616) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:738) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:440) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1295) ~[spring-boot-3.1.5.jar:3.1.5]
at com.securitySimulator.Main.main(Main.java:18) ~[classes/:na]
Caused by: java.lang.IllegalArgumentException: Not a managed type: class com.securitySimulator.model.user.RefreshToken
at org.hibernate.metamodel.model.domain.internal.JpaMetamodelImpl.managedType(JpaMetamodelImpl.java:192) ~[hibernate-core-6.2.13.Final.jar:6.2.13.Final]
at org.hibernate.metamodel.model.domain.internal.MappingMetamodelImpl.managedType(MappingMetamodelImpl.java:467) ~[hibernate-core-6.2.13.Final.jar:6.2.13.Final]
at org.hibernate.metamodel.model.domain.internal.MappingMetamodelImpl.managedType(MappingMetamodelImpl.java:97) ~[hibernate-core-6.2.13.Final.jar:6.2.13.Final]
at org.springframework.data.jpa.repository.support.JpaMetamodelEntityInformation.(JpaMetamodelEntityInformation.java:82) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.data.jpa.repository.support.JpaEntityInformationSupport.getEntityInformation(JpaEntityInformationSupport.java:69) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.data.jpa.repository.support.JpaRepositoryFactory.getEntityInformation(JpaRepositoryFactory.java:246) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.data.jpa.repository.support.JpaRepositoryFactory.getTargetRepository(JpaRepositoryFactory.java:211) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.data.jpa.repository.support.JpaRepositoryFactory.getTargetRepository(JpaRepositoryFactory.java:194) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.data.jpa.repository.support.JpaRepositoryFactory.getTargetRepository(JpaRepositoryFactory.java:81) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.data.repository.core.support.RepositoryFactorySupport.getRepository(RepositoryFactorySupport.java:317) ~[spring-data-commons-3.1.5.jar:3.1.5]
at org.springframework.data.repository.core.support.RepositoryFactoryBeanSupport.lambda$afterPropertiesSet$5(RepositoryFactoryBeanSupport.java:279) ~[spring-data-commons-3.1.5.jar:3.1.5]
at org.springframework.data.util.Lazy.getNullable(Lazy.java:245) ~[spring-data-commons-3.1.5.jar:3.1.5]
at org.springframework.data.util.Lazy.get(Lazy.java:114) ~[spring-data-commons-3.1.5.jar:3.1.5]
at org.springframework.data.repository.core.support.RepositoryFactoryBeanSupport.afterPropertiesSet(RepositoryFactoryBeanSupport.java:285) ~[spring-data-commons-3.1.5.jar:3.1.5]
at org.springframework.data.jpa.repository.support.JpaRepositoryFactoryBean.afterPropertiesSet(JpaRepositoryFactoryBean.java:132) ~[spring-data-jpa-3.1.5.jar:3.1.5]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1817) ~[spring-beans-6.0.13.jar:6.0.13]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1766) ~[spring-beans-6.0.13.jar:6.0.13]
... 16 common frames omitted

bezkoder / spring-boot-refresh-token-jwt Goto Github PK

spring-boot-refresh-token-jwt's Introduction

Spring Boot Refresh Token with JWT example

User Registration, User Login and Authorization process.

Spring Boot Server Architecture with Spring Security

Configure Spring Datasource, JPA, App properties

Run Spring Boot application

Run following SQL insert statements

More Practice:

Fullstack Authentication

Fullstack CRUD App

More Practice:

spring-boot-refresh-token-jwt's People

Contributors

Stargazers

Watchers

Forkers

spring-boot-refresh-token-jwt's Issues

Recommend Projects

Recommend Topics

Recommend Org