2.8 KiB
2.8 KiB
JWT Authentication Implementation
This Spring Boot application now includes JWT-based authentication with user registration and login functionality.
Features Added
- ✅ JWT token generation and validation
- ✅ User registration endpoint
- ✅ User login endpoint
- ✅ Protected endpoints requiring authentication
- ✅ Public endpoints accessible without authentication
- ✅ Password encryption using BCrypt
- ✅ User entity with Spring Security integration
API Endpoints
Public Endpoints (No Authentication Required)
GET /api/test/public- Test public endpointPOST /auth/register- User registrationPOST /auth/login- User loginGET /auth/test- Test authentication endpoints
Protected Endpoints (Authentication Required)
GET /api/test/protected- Test protected endpoint- All other endpoints in the application
Testing the Authentication
1. Register a New User
curl -X POST http://localhost:6950/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"password": "password123",
"email": "test@example.com",
"phone": "+263771234567",
"firstName": "Test",
"lastName": "User"
}'
2. Login with the User
curl -X POST http://localhost:6950/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"password": "password123"
}'
3. Access Protected Endpoint
curl -X GET http://localhost:6950/api/test/protected \
-H "Authorization: Bearer YOUR_JWT_TOKEN_HERE"
4. Test Public Endpoint
curl -X GET http://localhost:6950/api/test/public
Configuration
The JWT configuration is in application.properties:
jwt.secret: Secret key for signing JWT tokensjwt.expiration: Token expiration time in milliseconds (default: 24 hours)
Security Features
- Password Encryption: All passwords are encrypted using BCrypt
- JWT Tokens: Stateless authentication using JSON Web Tokens
- CORS Support: Cross-origin requests are enabled for testing
- Input Validation: Request validation using Bean Validation annotations
- Stateless Sessions: No server-side session storage
- Direct Password Validation: Login uses direct password comparison for simplicity
Database
The application will automatically create the users table when it starts up. The table includes:
- User credentials (username, password, email)
- Personal information (first name, last name)
- Account status flags
- Timestamps for creation and updates
Notes
- In production, change the
jwt.secretto a secure, randomly generated key - The default JWT expiration is set to 24 hours
- All passwords must be at least 6 characters long
- Usernames and emails must be unique
- The application uses PostgreSQL as the database