Bird
Raised Fist0
Spring Bootframework~30 mins

JWT generation in Spring Boot - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
JWT Generation with Spring Boot
📖 Scenario: You are building a simple Spring Boot application that needs to create JSON Web Tokens (JWT) for user authentication. JWTs are like digital ID cards that prove who the user is.In this project, you will create the data needed for the token, set up a secret key, generate the token using the key and data, and finally complete the token creation method.
🎯 Goal: Build a Spring Boot service that generates a JWT token string using a username and a secret key.
📋 What You'll Learn
Create a Map<String, Object> called claims with a single entry: key "username" and value "user123".
Create a String variable called secretKey with the value "mySecretKey12345".
Use the Jwts.builder() to build a JWT token with the claims and sign it with the secretKey using SignatureAlgorithm.HS256.
Complete the generateToken() method to return the generated JWT token string.
💡 Why This Matters
🌍 Real World
JWT tokens are widely used in web applications to securely transmit user identity and permissions between client and server.
💼 Career
Understanding JWT generation is essential for backend developers working on authentication and authorization in modern web services.
Progress0 / 4 steps
1
Create the JWT claims data
Create a Map<String, Object> called claims and add one entry with key "username" and value "user123".
Spring Boot
Hint

Use new HashMap<>() to create the map and put to add the username.

2
Add the secret key for signing
Add a String variable called secretKey and set it to "mySecretKey12345".
Spring Boot
Hint

Declare a String variable and assign the exact secret key string.

3
Build the JWT token using claims and secret key
Use io.jsonwebtoken.Jwts.builder() to create a JWT token. Set the claims with setClaims(claims) and sign it with signWith(SignatureAlgorithm.HS256, secretKey). Store the result in a String variable called token.
Spring Boot
Hint

Chain the builder methods to set claims and sign the token, then call compact() to get the token string.

4
Complete the generateToken() method
Create a public method generateToken() that returns a String. Move the token generation code inside this method and return the token string.
Spring Boot
Hint

Wrap the token creation code inside a method and return the token string.

Practice

(1/5)
1. What is the main purpose of generating a JWT (JSON Web Token) in a Spring Boot application?
easy
A. To securely identify users without storing session data on the server
B. To store user passwords in the database
C. To create HTML pages dynamically
D. To manage database connections

Solution

  1. Step 1: Understand JWT purpose

    JWTs are used to securely identify users by encoding user info and signing it.

  2. Step 2: Compare options

    Only To securely identify users without storing session data on the server describes JWT's role in stateless authentication without server sessions.

  3. Final Answer:

    To securely identify users without storing session data on the server -> Option A

  4. Quick Check:

    JWT purpose = secure user identity without sessions [OK]
Hint: JWTs identify users without server sessions [OK]
Common Mistakes:
  • Confusing JWT with session storage
  • Thinking JWT stores passwords
  • Assuming JWT creates web pages
2. Which of the following code snippets correctly initializes a JWT builder using the jjwt library in Spring Boot?
easy
A. JwtBuilder().setSubject("user").sign(secretKey).build();
B. Jwts.builder().subject("user").sign(secretKey).compact();
C. Jwts.create().subject("user").signWith(secretKey).generate();
D. Jwts.builder().setSubject("user").signWith(secretKey).compact();

Solution

  1. Step 1: Recall jjwt syntax

    The correct method chain starts with Jwts.builder(), uses setSubject(), signWith(), then compact().

  2. Step 2: Check each option

    Jwts.builder().setSubject("user").signWith(secretKey).compact(); matches the correct method names and order. Others use incorrect method names or chaining.

  3. Final Answer:

    Jwts.builder().setSubject("user").signWith(secretKey).compact(); -> Option D

  4. Quick Check:

    Correct jjwt builder syntax = Jwts.builder().setSubject("user").signWith(secretKey).compact(); [OK]
Hint: Use Jwts.builder(), setSubject(), signWith(), compact() [OK]
Common Mistakes:
  • Using incorrect method names like sign() instead of signWith()
  • Missing Jwts.builder() start
  • Using create() or build() instead of compact()
3. Given the following code snippet, what will be the output type of the token variable?
String token = Jwts.builder()
  .setSubject("user123")
  .signWith(secretKey)
  .compact();
medium
A. A JSON object representing the token
B. A signed JWT string token
C. A byte array of the token
D. An exception is thrown

Solution

  1. Step 1: Understand compact() output

    The compact() method returns the JWT as a compact URL-safe string.

  2. Step 2: Analyze code snippet

    The code builds a JWT with subject and signs it, then calls compact(), so token is a String.

  3. Final Answer:

    A signed JWT string token -> Option B

  4. Quick Check:

    compact() returns String token [OK]
Hint: compact() returns JWT as a string [OK]
Common Mistakes:
  • Expecting a JSON object instead of string
  • Thinking output is byte array
  • Assuming code throws exception without error
4. Identify the error in this JWT generation code snippet:
String token = Jwts.builder()
  .setSubject("user")
  .signWith("mySecretKey")
  .compact();
medium
A. Jwts.builder() is not a valid method
B. setSubject() cannot accept a String
C. signWith() requires a Key object, not a String
D. compact() should be called before signWith()

Solution

  1. Step 1: Check signWith() parameter type

    signWith() expects a java.security.Key or SecretKey, not a plain String.

  2. Step 2: Verify other methods

    setSubject() accepts String, compact() is correctly called last, and Jwts.builder() is valid.

  3. Final Answer:

    signWith() requires a Key object, not a String -> Option C

  4. Quick Check:

    signWith() needs Key, not String [OK]
Hint: Use Key object with signWith(), not plain String [OK]
Common Mistakes:
  • Passing String directly to signWith()
  • Calling compact() too early
  • Misunderstanding setSubject() input
5. You want to generate a JWT in Spring Boot that expires in 10 minutes. Which code snippet correctly sets the expiration time using jjwt?
hard
A. Jwts.builder().setSubject("user").setExpiration(new Date(System.currentTimeMillis() + 600000)).signWith(secretKey).compact();
B. Jwts.builder().setSubject("user").setExpiry(600000).signWith(secretKey).compact();
C. Jwts.builder().setSubject("user").setExpiration(600000).signWith(secretKey).compact();
D. Jwts.builder().setSubject("user").setExpiresAt(new Date(600000)).signWith(secretKey).compact();

Solution

  1. Step 1: Understand expiration setting in jjwt

    setExpiration() expects a Date object representing the expiration time.

  2. Step 2: Calculate expiration time

    Use current time plus 600000 milliseconds (10 minutes) to set expiration correctly.

  3. Step 3: Check options

    Only Jwts.builder().setSubject("user").setExpiration(new Date(System.currentTimeMillis() + 600000)).signWith(secretKey).compact(); correctly uses setExpiration() with new Date(System.currentTimeMillis() + 600000).

  4. Final Answer:

    Jwts.builder().setSubject("user").setExpiration(new Date(System.currentTimeMillis() + 600000)).signWith(secretKey).compact(); -> Option A

  5. Quick Check:

    setExpiration(Date) with currentTime + 10min = Jwts.builder().setSubject("user").setExpiration(new Date(System.currentTimeMillis() + 600000)).signWith(secretKey).compact(); [OK]
Hint: Use setExpiration(new Date(System.currentTimeMillis() + millis)) [OK]
Common Mistakes:
  • Using setExpiry() or setExpiresAt() which don't exist
  • Passing milliseconds directly instead of Date
  • Setting expiration to a fixed past date