Spring Bootframework~30 mins

Authentication with JWT token in Spring Boot - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Authentication with JWT token

📖 Scenario: You are building a simple Spring Boot backend for a web app that needs secure user login. You will create a JWT token authentication system to protect user data.

🎯 Goal: Build a Spring Boot project that creates a JWT token after user login and validates it for protected routes.

📋 What You'll Learn

Create a user data structure with username and password

Add a secret key configuration for JWT token signing

Implement JWT token creation logic after successful login

Add JWT token validation filter to secure API endpoints

💡 Why This Matters

🌍 Real World

JWT tokens are widely used to secure APIs by verifying user identity without storing session data on the server.

💼 Career

Understanding JWT authentication is essential for backend developers working on secure web applications and REST APIs.

Progress0 / 4 steps

Create User Data Structure

Create a Java record called User with two fields: username of type String and password of type String.

Spring Boot

// Your code here

Need a hint?

Use Java 17+ record syntax to create a simple immutable data class.

Add JWT Secret Key Configuration

Create a String variable called jwtSecret and set it to the value "mySecretKey12345" inside a class called JwtConfig.

Spring Boot

public class JwtConfig {
    // Your code here
}

Need a hint?

Use a public static final String for the secret key inside JwtConfig class.

Implement JWT Token Creation Logic

Inside a class called JwtUtil, write a method public static String generateToken(String username) that returns a JWT token string. Use io.jsonwebtoken.Jwts builder with setSubject(username), signWith using JwtConfig.jwtSecret and compact() to create the token.

Spring Boot

public class JwtUtil {
    // Your code here
}

Need a hint?

Use Jwts.builder() to create the token with subject and sign it with HS256 algorithm and the secret key.

Add JWT Token Validation Filter

Create a class JwtFilter that extends OncePerRequestFilter. Override doFilterInternal method to extract the JWT token from the Authorization header, validate it using Jwts.parser().setSigningKey(JwtConfig.jwtSecret).parseClaimsJws(token), and then call filterChain.doFilter(request, response).

Spring Boot

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;

public class JwtFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, java.io.IOException {
        // Your code here
    }
}

Need a hint?

Extract the token from Authorization header, validate it with Jwts.parser(), and call filterChain.doFilter() if valid.