|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Springboot Jwt Starter||671||8 days ago||1||mit||Java|
|A Spring Boot JWT starter kit for stateless and token-based authentication apps.|
|Angular Rest Springsecurity||635||3 years ago||9||apache-2.0||Java|
|An example AngularJS Application that uses a Spring Security protected Jersey REST backend based on Hibernate/JPA|
|Microservices Event Sourcing||634||6 years ago||12||apache-2.0||Java|
|Microservices Event Sourcing 是一个微服务架构的在线购物网站，使用Spring Boot、Spring Cloud、Spring Reactor、OAuth2、CQRS 构建，实现了基于Event Sourcing的最终一致性，提供了构建端到端微服务的最佳实践|
|Study Step By Step||471||3 years ago||3|
|A sample AngularJs /Spring MVC app|
|Spring Cloud Microservice Examples||362||6 years ago||7||Java|
|Jwt Angular Spring||355||6 years ago||1||mit||Java|
|JSON Web Token example that integrates both a Spring backend with an AngularJS frontend.|
|Angularjs Springmvc Sample Boot||301||5 years ago||apache-2.0||Java|
|A RESTful sample using Spring Boot, Spring MVC, Spring Data and Angular/Bootstrap.|
|Angularjs Springmvc Sample||292||3 years ago||1||Java|
|A RESTful sample using AnguarJS/Bootstrap as frontend and Spring MVC as REST API producer|
|Spring Mvc Angularjs||280||7 years ago||3||Java|
|A simple application to demonstrate how to configure angularjs with Spring MVC|
This is an example project where a Spring REST API is secured using JSON Web Tokens. Since there are relatively few examples available for Java and there are some pitfalls (such as most sources pointing to a Java lib that's not straightforward to use) I decided to extract my proof of concept into a stand-alone example and publish it for all to see.
JSON Web Tokens have a few benefits over just sending a 'regular' token over the line. The more common approach to securing a REST API (outside of normal HTTP Basic Auth) is to send a random string as a token on succesful login from the server to the client. The client then sends this token on every request, and the server does an internal lookup on that token (in for example a REDIS cache or a simple Hashtable) to retrieve the corresponding user data.
With JSON Web Tokens the latter part isn't needed: the token itself contains a representation of the 'claims' of client: this can be just a username, but can also be extended to include any data you wish. This token is transmitted from the client on every request. The contents of the token are encrypted and a hash is added to prevent tampering: this way the content is secure: the server is the one signing and encrypting the token and is also the only one who had the key needed to decrypt the token.
In this example this key is fixed ("secretkey") but in a real life situations the secret key would simply be an array of bytes randomly generated on application startup. This has the added benefit that any tokens get automatically invalidated when you restart the service. If this behaviour is undesired you can persist the keys in for example REDIS.
I like using Spring (Boot) to create RESTful services. On the server side, the JWT signing is done in the user/login REST call in UserController. It contains a tiny 'database' of 2 users, one of which has the 'admin' rights. The verification is done in a Filter (JwtFilter): it filters every request that matches "/api/*". If a correct token isn't found an exception is thrown. If a correct token is found, the claims object is added to the Http Request object and can be used in any REST endpoint (as shown in ApiController).
The heavy lifting for JWT signing is done by the more than excellent Java JWT library.
The simple Angular app shows a login page. On successful login it checks with 'the API' which roles are available (of which the 'foo' role doesn't exist for any user).
It is a standard Maven project and can be imported into your favorite IDE. You run the example by starting the WebApplication class (it has a main) and navigating to http://localhost:8080/. If everything is correct you should see a "Welcome to the JSON Web Token / AngularJR / Spring example!" message and a login form.