Files
velocity-pay-springboot/JWT_AUTH_README.md
2025-08-28 23:50:54 +02:00

2.8 KiB

JWT Authentication Implementation

This Spring Boot application now includes JWT-based authentication with user registration and login functionality.

Features Added

  • JWT token generation and validation
  • User registration endpoint
  • User login endpoint
  • Protected endpoints requiring authentication
  • Public endpoints accessible without authentication
  • Password encryption using BCrypt
  • User entity with Spring Security integration

API Endpoints

Public Endpoints (No Authentication Required)

  • GET /api/test/public - Test public endpoint
  • POST /auth/register - User registration
  • POST /auth/login - User login
  • GET /auth/test - Test authentication endpoints

Protected Endpoints (Authentication Required)

  • GET /api/test/protected - Test protected endpoint
  • All other endpoints in the application

Testing the Authentication

1. Register a New User

curl -X POST http://localhost:6950/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "username": "testuser",
    "password": "password123",
    "email": "test@example.com",
    "phone": "+263771234567",
    "firstName": "Test",
    "lastName": "User"
  }'

2. Login with the User

curl -X POST http://localhost:6950/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "testuser",
    "password": "password123"
  }'

3. Access Protected Endpoint

curl -X GET http://localhost:6950/api/test/protected \
  -H "Authorization: Bearer YOUR_JWT_TOKEN_HERE"

4. Test Public Endpoint

curl -X GET http://localhost:6950/api/test/public

Configuration

The JWT configuration is in application.properties:

  • jwt.secret: Secret key for signing JWT tokens
  • jwt.expiration: Token expiration time in milliseconds (default: 24 hours)

Security Features

  • Password Encryption: All passwords are encrypted using BCrypt
  • JWT Tokens: Stateless authentication using JSON Web Tokens
  • CORS Support: Cross-origin requests are enabled for testing
  • Input Validation: Request validation using Bean Validation annotations
  • Stateless Sessions: No server-side session storage
  • Direct Password Validation: Login uses direct password comparison for simplicity

Database

The application will automatically create the users table when it starts up. The table includes:

  • User credentials (username, password, email)
  • Personal information (first name, last name)
  • Account status flags
  • Timestamps for creation and updates

Notes

  • In production, change the jwt.secret to a secure, randomly generated key
  • The default JWT expiration is set to 24 hours
  • All passwords must be at least 6 characters long
  • Usernames and emails must be unique
  • The application uses PostgreSQL as the database