Code Monkey home page Code Monkey logo

hellospring's Introduction

JWT Spring Security App

Screenshot from running application

Requirements

This demo is build with with Maven 3 and Java 1.8.

Usage guide

Building and running

To build the Docker image, run the following:

docker build -t openware/hellospring .

To run the resulting image:

docker run -d -p 8080:8080 openware/hellospring

Wait for the app to fetch all the necessary dependencies and feel free to use it on localhost:8080!

cURL

Send a request without an authorization header to see if the API is protected:

curl -H 'Content-Type: application/json' \
  http://localhost:8080/persons

The response would look like:

{
  "timestamp" : "2018-11-12T10:41:58.656+0000",
  "status" : 401,
  "error" : "Unauthorized",
  "message" : "Unauthorized",
  "path" : "/persons"
}

Send a request using user credentials to get the JWT:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"username":"admin","password":"admin"}' \
  http://localhost:8080/auth

Get the resulting token from the response:

{
  "token" : "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTU0MjYyMzc0OCwiaWF0IjoxNTQyMDE4OTQ4fQ.c1N2SjCEu1Z13jSuwG3ax6JUsvHjm2XmprjwzER8C1TYHKe2SnC0nFUdvaPm-2fyGaaiAS49Sf-oC9kP4Wy-9A"
}

Send a request with the token in the header:

curl -H 'Content-Type: application/json' -H 'Authorization: Bearer *your_token*' \
  http://localhost:8080/persons

You should be able to see a proper response:

[ {
  "name" : "Hello",
  "email" : "World"
}, {
  "name" : "Foo",
  "email" : "Bar"
} ]

Web UI

There are three user accounts present to demonstrate the different levels of access to the endpoints in the API and the different authorization exceptions:

Admin - admin:admin
User - user:password
Disabled - disabled:password (this user is disabled)

There are three endpoints that are reasonable for the demo:

/auth - authentication endpoint with unrestricted access
/persons - an example endpoint that is restricted to authorized users (a valid JWT token must be present in the request header)
/protected - an example endpoint that is restricted to authorized users with the role 'ROLE_ADMIN' (a valid JWT token must be present in the request header)

hellospring's People

Contributors

vshatravenko avatar

Watchers

James Cloos avatar Marlon Hanks avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.