# JWT Authentication Implementation This Spring Boot application now includes JWT-based authentication with user registration and login functionality. ## Features Added - ✅ JWT token generation and validation - ✅ User registration endpoint - ✅ User login endpoint - ✅ Protected endpoints requiring authentication - ✅ Public endpoints accessible without authentication - ✅ Password encryption using BCrypt - ✅ User entity with Spring Security integration ## API Endpoints ### Public Endpoints (No Authentication Required) - `GET /api/test/public` - Test public endpoint - `POST /auth/register` - User registration - `POST /auth/login` - User login - `GET /auth/test` - Test authentication endpoints ### Protected Endpoints (Authentication Required) - `GET /api/test/protected` - Test protected endpoint - All other endpoints in the application ## Testing the Authentication ### 1. Register a New User ```bash curl -X POST http://localhost:6950/auth/register \ -H "Content-Type: application/json" \ -d '{ "username": "testuser", "password": "password123", "email": "test@example.com", "phone": "+263771234567", "firstName": "Test", "lastName": "User" }' ``` ### 2. Login with the User ```bash curl -X POST http://localhost:6950/auth/login \ -H "Content-Type: application/json" \ -d '{ "username": "testuser", "password": "password123" }' ``` ### 3. Access Protected Endpoint ```bash curl -X GET http://localhost:6950/api/test/protected \ -H "Authorization: Bearer YOUR_JWT_TOKEN_HERE" ``` ### 4. Test Public Endpoint ```bash curl -X GET http://localhost:6950/api/test/public ``` ## Configuration The JWT configuration is in `application.properties`: - `jwt.secret`: Secret key for signing JWT tokens - `jwt.expiration`: Token expiration time in milliseconds (default: 24 hours) ## Security Features - **Password Encryption**: All passwords are encrypted using BCrypt - **JWT Tokens**: Stateless authentication using JSON Web Tokens - **CORS Support**: Cross-origin requests are enabled for testing - **Input Validation**: Request validation using Bean Validation annotations - **Stateless Sessions**: No server-side session storage - **Direct Password Validation**: Login uses direct password comparison for simplicity ## Database The application will automatically create the `users` table when it starts up. The table includes: - User credentials (username, password, email) - Personal information (first name, last name) - Account status flags - Timestamps for creation and updates ## Notes - In production, change the `jwt.secret` to a secure, randomly generated key - The default JWT expiration is set to 24 hours - All passwords must be at least 6 characters long - Usernames and emails must be unique - The application uses PostgreSQL as the database