Spring Bootframework~5 mins

Stateless authentication mental model in Spring Boot

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

Stateless authentication lets a server check who you are without saving your info between requests. This makes apps faster and easier to scale.

When building APIs that many users access at the same time.

When you want to avoid storing user sessions on the server.

When you want your app to work well across multiple servers or cloud instances.

When you want simpler server design without session management.

When you want users to stay logged in without server memory.

Syntax

Spring Boot

1. Client sends login info to server.
2. Server verifies and creates a token (like JWT).
3. Server sends token back to client.
4. Client sends token with each request in headers.
5. Server checks token to allow or deny access.

The token usually contains user info and expiry time.

Server does not keep any session data; it trusts the token.

Examples

User logs in and receives a token to use later.

Spring Boot

POST /login
Request Body: {"username": "user", "password": "pass"}
Response: {"token": "eyJhbGciOiJI..."}

Client sends token in header to get protected data.

Spring Boot

GET /profile
Headers: Authorization: Bearer eyJhbGciOiJI...
Response: {"name": "User", "email": "user@example.com"}

Sample Program

This simple Spring Boot app shows stateless auth. The login returns a token string. The profile endpoint checks the token in the Authorization header. No session is stored on the server.

Spring Boot

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletRequest;

@SpringBootApplication
@RestController
public class DemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }

    // Simulate login endpoint
    @PostMapping("/login")
    public String login(@RequestParam String username, @RequestParam String password) {
        if ("user".equals(username) && "pass".equals(password)) {
            // In real app, create JWT token here
            return "token12345"; // simple token for demo
        }
        return "Invalid credentials";
    }

    // Protected endpoint
    @GetMapping("/profile")
    public String profile(HttpServletRequest request) {
        String authHeader = request.getHeader("Authorization");
        if (authHeader != null && authHeader.equals("Bearer token12345")) {
            return "{\"name\": \"User\", \"email\": \"user@example.com\"}";
        }
        return "Unauthorized";
    }
}

OutputSuccess

Important Notes

Tokens should be signed and encrypted in real apps for security.

Tokens usually expire after some time to reduce risk.

Always send tokens over HTTPS to keep them safe.

Summary

Stateless authentication uses tokens to identify users without server memory.

Clients send tokens with each request to prove who they are.

This method helps apps scale and stay simple.