{"id":1947,"date":"2024-06-21T20:05:07","date_gmt":"2024-06-21T20:05:07","guid":{"rendered":"https:\/\/www.w3computing.com\/articles\/?p=1947"},"modified":"2024-06-21T20:05:24","modified_gmt":"2024-06-21T20:05:24","slug":"how-to-implement-jwt-authentication-in-java","status":"publish","type":"post","link":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/","title":{"rendered":"How to Implement JWT Authentication in Java"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity-protected with a Message Authentication Code (MAC) and\/or encrypted.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Prerequisites<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Basic understanding of Java and Spring Boot.<\/li>\n\n\n\n<li>Familiarity with RESTful web services.<\/li>\n\n\n\n<li>Basic knowledge of security principles.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Tools and Technologies<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Java 11 or higher<\/li>\n\n\n\n<li>Spring Boot 2.5.x or higher<\/li>\n\n\n\n<li>Spring Security<\/li>\n\n\n\n<li>jjwt library (Java JWT: JSON Web Token for Java and Android)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step-by-Step Guide<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Setting Up the Spring Boot Project<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">First, you need to create a Spring Boot project. You can use Spring Initializr (https:\/\/start.spring.io\/) to generate the base project.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Group<\/strong>: com.example<\/li>\n\n\n\n<li><strong>Artifact<\/strong>: jwt-authentication<\/li>\n\n\n\n<li><strong>Dependencies<\/strong>: Spring Web, Spring Security, Spring Boot DevTools<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Alternatively, you can create the project manually by including the necessary dependencies in your <code>pom.xml<\/code> file:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"HTML, XML\" data-shcb-language-slug=\"xml\"><span><code class=\"hljs language-xml\"><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">dependencies<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>org.springframework.boot<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>spring-boot-starter-security<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>org.springframework.boot<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>spring-boot-starter-web<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>io.jsonwebtoken<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>jjwt<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">version<\/span>&gt;<\/span>0.9.1<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">version<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>org.springframework.boot<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>spring-boot-starter-devtools<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">scope<\/span>&gt;<\/span>runtime<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">scope<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">optional<\/span>&gt;<\/span>true<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">optional<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>org.springframework.boot<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">groupId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>spring-boot-starter-test<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">artifactId<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">scope<\/span>&gt;<\/span>test<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">scope<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">dependency<\/span>&gt;<\/span>\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">dependencies<\/span>&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">HTML, XML<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">xml<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">2. Configuring Spring Security<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Create a configuration class to configure Spring Security. This class will define the security configurations, including the paths that require authentication and the paths that do not.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"Java\" data-shcb-language-slug=\"java\"><span><code class=\"hljs language-java\"><span class=\"hljs-keyword\">import<\/span> org.springframework.context.annotation.Bean;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.context.annotation.Configuration;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.crypto.password.PasswordEncoder;\n\n<span class=\"hljs-meta\">@Configuration<\/span>\n<span class=\"hljs-meta\">@EnableWebSecurity<\/span>\n<span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">SecurityConfig<\/span> <span class=\"hljs-keyword\">extends<\/span> <span class=\"hljs-title\">WebSecurityConfigurerAdapter<\/span> <\/span>{\n\n    <span class=\"hljs-meta\">@Override<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">protected<\/span> <span class=\"hljs-keyword\">void<\/span> <span class=\"hljs-title\">configure<\/span><span class=\"hljs-params\">(HttpSecurity http)<\/span> <span class=\"hljs-keyword\">throws<\/span> Exception <\/span>{\n        http.csrf().disable()\n            .authorizeRequests()\n            .antMatchers(<span class=\"hljs-string\">\"\/api\/auth\/**\"<\/span>).permitAll()\n            .anyRequest().authenticated();\n    }\n\n    <span class=\"hljs-meta\">@Bean<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> PasswordEncoder <span class=\"hljs-title\">passwordEncoder<\/span><span class=\"hljs-params\">()<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> <span class=\"hljs-keyword\">new<\/span> BCryptPasswordEncoder();\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Java<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">java<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">3. Creating JWT Utility Class<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Create a utility class for generating and validating JWT tokens. This class will use the <code>jjwt<\/code> library to handle JWT operations.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"Java\" data-shcb-language-slug=\"java\"><span><code class=\"hljs language-java\"><span class=\"hljs-keyword\">import<\/span> io.jsonwebtoken.Claims;\n<span class=\"hljs-keyword\">import<\/span> io.jsonwebtoken.Jwts;\n<span class=\"hljs-keyword\">import<\/span> io.jsonwebtoken.SignatureAlgorithm;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.stereotype.Component;\n\n<span class=\"hljs-keyword\">import<\/span> java.util.Date;\n<span class=\"hljs-keyword\">import<\/span> java.util.HashMap;\n<span class=\"hljs-keyword\">import<\/span> java.util.Map;\n<span class=\"hljs-keyword\">import<\/span> java.util.function.Function;\n\n<span class=\"hljs-meta\">@Component<\/span>\n<span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">JwtUtil<\/span> <\/span>{\n\n    <span class=\"hljs-keyword\">private<\/span> String secret = <span class=\"hljs-string\">\"mySecretKey\"<\/span>;\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> String <span class=\"hljs-title\">extractUsername<\/span><span class=\"hljs-params\">(String token)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> extractClaim(token, Claims::getSubject);\n    }\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> Date <span class=\"hljs-title\">extractExpiration<\/span><span class=\"hljs-params\">(String token)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> extractClaim(token, Claims::getExpiration);\n    }\n\n    <span class=\"hljs-keyword\">public<\/span> &lt;T&gt; <span class=\"hljs-function\">T <span class=\"hljs-title\">extractClaim<\/span><span class=\"hljs-params\">(String token, Function&lt;Claims, T&gt; claimsResolver)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">final<\/span> Claims claims = extractAllClaims(token);\n        <span class=\"hljs-keyword\">return<\/span> claimsResolver.apply(claims);\n    }\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">private<\/span> Claims <span class=\"hljs-title\">extractAllClaims<\/span><span class=\"hljs-params\">(String token)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();\n    }\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">private<\/span> Boolean <span class=\"hljs-title\">isTokenExpired<\/span><span class=\"hljs-params\">(String token)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> extractExpiration(token).before(<span class=\"hljs-keyword\">new<\/span> Date());\n    }\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> String <span class=\"hljs-title\">generateToken<\/span><span class=\"hljs-params\">(String username)<\/span> <\/span>{\n        Map&lt;String, Object&gt; claims = <span class=\"hljs-keyword\">new<\/span> HashMap&lt;&gt;();\n        <span class=\"hljs-keyword\">return<\/span> createToken(claims, username);\n    }\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">private<\/span> String <span class=\"hljs-title\">createToken<\/span><span class=\"hljs-params\">(Map&lt;String, Object&gt; claims, String subject)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> Jwts.builder()\n                .setClaims(claims)\n                .setSubject(subject)\n                .setIssuedAt(<span class=\"hljs-keyword\">new<\/span> Date(System.currentTimeMillis()))\n                .setExpiration(<span class=\"hljs-keyword\">new<\/span> Date(System.currentTimeMillis() + <span class=\"hljs-number\">1000<\/span> * <span class=\"hljs-number\">60<\/span> * <span class=\"hljs-number\">60<\/span> * <span class=\"hljs-number\">10<\/span>))\n                .signWith(SignatureAlgorithm.HS256, secret)\n                .compact();\n    }\n\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> Boolean <span class=\"hljs-title\">validateToken<\/span><span class=\"hljs-params\">(String token, String username)<\/span> <\/span>{\n        <span class=\"hljs-keyword\">final<\/span> String extractedUsername = extractUsername(token);\n        <span class=\"hljs-keyword\">return<\/span> (extractedUsername.equals(username) &amp;&amp; !isTokenExpired(token));\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Java<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">java<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">4. Implementing User Authentication<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Create a service class that implements <code>UserDetailsService<\/code> to load user-specific data.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"Java\" data-shcb-language-slug=\"java\"><span><code class=\"hljs language-java\"><span class=\"hljs-keyword\">import<\/span> org.springframework.beans.factory.annotation.Autowired;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.User;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.UserDetails;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.UserDetailsService;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.UsernameNotFoundException;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.stereotype.Service;\n\n<span class=\"hljs-keyword\">import<\/span> java.util.ArrayList;\n\n<span class=\"hljs-meta\">@Service<\/span>\n<span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">MyUserDetailsService<\/span> <span class=\"hljs-keyword\">implements<\/span> <span class=\"hljs-title\">UserDetailsService<\/span> <\/span>{\n\n    <span class=\"hljs-meta\">@Override<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> UserDetails <span class=\"hljs-title\">loadUserByUsername<\/span><span class=\"hljs-params\">(String username)<\/span> <span class=\"hljs-keyword\">throws<\/span> UsernameNotFoundException <\/span>{\n        <span class=\"hljs-comment\">\/\/ This is a sample implementation. Replace it with actual user fetching logic.<\/span>\n        <span class=\"hljs-keyword\">if<\/span> (<span class=\"hljs-string\">\"user\"<\/span>.equals(username)) {\n            <span class=\"hljs-keyword\">return<\/span> <span class=\"hljs-keyword\">new<\/span> User(<span class=\"hljs-string\">\"user\"<\/span>, <span class=\"hljs-string\">\"$2a$10$7dToUQhysu5EriKNhCPlRuITcTGtR9m2M4c35lNSZo1ONjJWuIqZC\"<\/span>, <span class=\"hljs-keyword\">new<\/span> ArrayList&lt;&gt;());\n        } <span class=\"hljs-keyword\">else<\/span> {\n            <span class=\"hljs-keyword\">throw<\/span> <span class=\"hljs-keyword\">new<\/span> UsernameNotFoundException(<span class=\"hljs-string\">\"User not found\"<\/span>);\n        }\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Java<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">java<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">5. Creating Authentication Controller<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Create a controller to handle authentication requests. This controller will provide an endpoint for users to authenticate and receive a JWT.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"Java\" data-shcb-language-slug=\"java\"><span><code class=\"hljs language-java\"><span class=\"hljs-keyword\">import<\/span> org.springframework.beans.factory.annotation.Autowired;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.authentication.AuthenticationManager;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.Authentication;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.AuthenticationException;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.web.bind.annotation.*;\n\n<span class=\"hljs-meta\">@RestController<\/span>\n<span class=\"hljs-meta\">@RequestMapping<\/span>(<span class=\"hljs-string\">\"\/api\/auth\"<\/span>)\n<span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">AuthController<\/span> <\/span>{\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> AuthenticationManager authenticationManager;\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> MyUserDetailsService userDetailsService;\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> JwtUtil jwtUtil;\n\n    <span class=\"hljs-meta\">@PostMapping<\/span>(<span class=\"hljs-string\">\"\/login\"<\/span>)\n    <span class=\"hljs-keyword\">public<\/span> ResponseEntity&lt;?&gt; createAuthenticationToken(<span class=\"hljs-meta\">@RequestBody<\/span> AuthenticationRequest authenticationRequest) <span class=\"hljs-keyword\">throws<\/span> Exception {\n        <span class=\"hljs-keyword\">try<\/span> {\n            Authentication authentication = authenticationManager.authenticate(\n                <span class=\"hljs-keyword\">new<\/span> UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword())\n            );\n        } <span class=\"hljs-keyword\">catch<\/span> (AuthenticationException e) {\n            <span class=\"hljs-keyword\">throw<\/span> <span class=\"hljs-keyword\">new<\/span> Exception(<span class=\"hljs-string\">\"Invalid username or password\"<\/span>, e);\n        }\n\n        <span class=\"hljs-keyword\">final<\/span> UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());\n        <span class=\"hljs-keyword\">final<\/span> String jwt = jwtUtil.generateToken(userDetails.getUsername());\n\n        <span class=\"hljs-keyword\">return<\/span> ResponseEntity.ok(<span class=\"hljs-keyword\">new<\/span> AuthenticationResponse(jwt));\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Java<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">java<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p class=\"wp-block-paragraph\">Create request and response classes for handling authentication:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">AuthenticationRequest<\/span> <\/span>{\n    <span class=\"hljs-keyword\">private<\/span> String username;\n    <span class=\"hljs-keyword\">private<\/span> String password;\n\n    <span class=\"hljs-comment\">\/\/ Getters and Setters<\/span>\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">AuthenticationResponse<\/span> <\/span>{\n    <span class=\"hljs-keyword\">private<\/span> <span class=\"hljs-keyword\">final<\/span> String jwt;\n\n    <span class=\"hljs-keyword\">public<\/span> AuthenticationResponse(String jwt) {\n        this.jwt = jwt;\n    }\n\n    <span class=\"hljs-keyword\">public<\/span> String getJwt() {\n        <span class=\"hljs-keyword\">return<\/span> jwt;\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">6. Configuring JWT Filter<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Create a JWT filter to intercept requests and validate JWT tokens. This filter will extract the token from the request header, validate it, and set the authentication context if the token is valid.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-8\" data-shcb-language-name=\"Java\" data-shcb-language-slug=\"java\"><span><code class=\"hljs language-java\"><span class=\"hljs-keyword\">import<\/span> org.springframework.beans.factory.annotation.Autowired;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.context.SecurityContextHolder;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.UserDetails;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.UserDetailsService;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.web.authentication.WebAuthenticationDetailsSource;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.stereotype.Component;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.web.filter.OncePerRequestFilter;\n\n<span class=\"hljs-keyword\">import<\/span> javax.servlet.FilterChain;\n<span class=\"hljs-keyword\">import<\/span> javax.servlet.ServletException;\n<span class=\"hljs-keyword\">import<\/span> javax.servlet.http.HttpServletRequest;\n<span class=\"hljs-keyword\">import<\/span> javax.servlet.http.HttpServletResponse;\n<span class=\"hljs-keyword\">import<\/span> java.io.IOException;\n\n<span class=\"hljs-meta\">@Component<\/span>\n<span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">JwtRequestFilter<\/span> <span class=\"hljs-keyword\">extends<\/span> <span class=\"hljs-title\">OncePerRequestFilter<\/span> <\/span>{\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> MyUserDetailsService userDetailsService;\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> JwtUtil jwtUtil;\n\n    <span class=\"hljs-meta\">@Override<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">protected<\/span> <span class=\"hljs-keyword\">void<\/span> <span class=\"hljs-title\">doFilterInternal<\/span><span class=\"hljs-params\">(HttpServletRequest request, HttpServletResponse response, FilterChain chain)<\/span>\n            <span class=\"hljs-keyword\">throws<\/span> ServletException, IOException <\/span>{\n\n        <span class=\"hljs-keyword\">final<\/span> String authorizationHeader = request.getHeader(<span class=\"hljs-string\">\"Authorization\"<\/span>);\n\n        String username = <span class=\"hljs-keyword\">null<\/span>;\n        String jwt = <span class=\"hljs-keyword\">null<\/span>;\n\n        <span class=\"hljs-keyword\">if<\/span> (authorizationHeader != <span class=\"hljs-keyword\">null<\/span> &amp;&amp; authorizationHeader.startsWith(<span class=\"hljs-string\">\"Bearer \"<\/span>)) {\n            jwt = authorizationHeader.substring(<span class=\"hljs-number\">7<\/span>);\n            username = jwtUtil.extractUsername(jwt);\n        }\n\n        <span class=\"hljs-keyword\">if<\/span> (username != <span class=\"hljs-keyword\">null<\/span> &amp;&amp; SecurityContextHolder.getContext().getAuthentication() == <span class=\"hljs-keyword\">null<\/span>) {\n            UserDetails userDetails = <span class=\"hljs-keyword\">this<\/span>.userDetailsService.loadUserByUsername(username);\n\n            <span class=\"hljs-keyword\">if<\/span> (jwtUtil.validateToken(jwt, userDetails.getUsername())) {\n                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = \n                    <span class=\"hljs-keyword\">new<\/span> UsernamePasswordAuthenticationToken(userDetails, <span class=\"hljs-keyword\">null<\/span>, userDetails.getAuthorities());\n                usernamePasswordAuthenticationToken.setDetails(<span class=\"hljs-keyword\">new<\/span> WebAuthenticationDetailsSource().buildDetails(request));\n                SecurityContextHolder\n\n.getContext().setAuthentication(usernamePasswordAuthenticationToken);\n            }\n        }\n        chain.doFilter(request, response);\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-8\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Java<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">java<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">7. Registering the JWT Filter<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Register the JWT filter in the security configuration class to ensure that it gets executed for every request.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-9\" data-shcb-language-name=\"Java\" data-shcb-language-slug=\"java\"><span><code class=\"hljs language-java\"><span class=\"hljs-keyword\">import<\/span> org.springframework.beans.factory.annotation.Autowired;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.context.annotation.Bean;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.context.annotation.Configuration;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.config.http.SessionCreationPolicy;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.core.userdetails.UserDetailsService;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.crypto.password.PasswordEncoder;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;\n\n<span class=\"hljs-meta\">@Configuration<\/span>\n<span class=\"hljs-meta\">@EnableWebSecurity<\/span>\n<span class=\"hljs-keyword\">public<\/span> <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">SecurityConfig<\/span> <span class=\"hljs-keyword\">extends<\/span> <span class=\"hljs-title\">WebSecurityConfigurerAdapter<\/span> <\/span>{\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> MyUserDetailsService myUserDetailsService;\n\n    <span class=\"hljs-meta\">@Autowired<\/span>\n    <span class=\"hljs-keyword\">private<\/span> JwtRequestFilter jwtRequestFilter;\n\n    <span class=\"hljs-meta\">@Override<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">protected<\/span> <span class=\"hljs-keyword\">void<\/span> <span class=\"hljs-title\">configure<\/span><span class=\"hljs-params\">(AuthenticationManagerBuilder auth)<\/span> <span class=\"hljs-keyword\">throws<\/span> Exception <\/span>{\n        auth.userDetailsService(myUserDetailsService);\n    }\n\n    <span class=\"hljs-meta\">@Override<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">protected<\/span> <span class=\"hljs-keyword\">void<\/span> <span class=\"hljs-title\">configure<\/span><span class=\"hljs-params\">(HttpSecurity http)<\/span> <span class=\"hljs-keyword\">throws<\/span> Exception <\/span>{\n        http.csrf().disable()\n            .authorizeRequests().antMatchers(<span class=\"hljs-string\">\"\/api\/auth\/**\"<\/span>).permitAll()\n            .anyRequest().authenticated()\n            .and().sessionManagement()\n            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);\n        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter<span class=\"hljs-class\">.<span class=\"hljs-keyword\">class<\/span>)<\/span>;\n    }\n\n    <span class=\"hljs-meta\">@Bean<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> PasswordEncoder <span class=\"hljs-title\">passwordEncoder<\/span><span class=\"hljs-params\">()<\/span> <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> <span class=\"hljs-keyword\">new<\/span> BCryptPasswordEncoder();\n    }\n\n    <span class=\"hljs-meta\">@Override<\/span>\n    <span class=\"hljs-meta\">@Bean<\/span>\n    <span class=\"hljs-function\"><span class=\"hljs-keyword\">public<\/span> AuthenticationManager <span class=\"hljs-title\">authenticationManagerBean<\/span><span class=\"hljs-params\">()<\/span> <span class=\"hljs-keyword\">throws<\/span> Exception <\/span>{\n        <span class=\"hljs-keyword\">return<\/span> <span class=\"hljs-keyword\">super<\/span>.authenticationManagerBean();\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-9\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Java<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">java<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">8. Testing the Implementation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">With the above setup, you can now test your implementation. Here are the steps to verify that everything works as expected:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Run the Application<\/strong>: Start your Spring Boot application.<\/li>\n\n\n\n<li><strong>Authenticate User<\/strong>: Send a POST request to <code>\/api\/auth\/login<\/code> with a JSON body containing a valid username and password.<\/li>\n<\/ol>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-10\" data-shcb-language-name=\"JSON \/ JSON with Comments\" data-shcb-language-slug=\"json\"><span><code class=\"hljs language-json\">{\n    <span class=\"hljs-attr\">\"username\"<\/span>: <span class=\"hljs-string\">\"user\"<\/span>,\n    <span class=\"hljs-attr\">\"password\"<\/span>: <span class=\"hljs-string\">\"password\"<\/span>\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-10\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JSON \/ JSON with Comments<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">json<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>Receive JWT Token<\/strong>: If the authentication is successful, you will receive a JWT token in the response.<\/li>\n\n\n\n<li><strong>Access Protected Resources<\/strong>: Use the JWT token to access protected resources by including it in the Authorization header of your requests.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Example request using <code>curl<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-11\" data-shcb-language-name=\"Shell Session\" data-shcb-language-slug=\"shell\"><span><code class=\"hljs language-shell\">curl -H \"Authorization: Bearer &lt;your_jwt_token&gt;\" http:\/\/localhost:8080\/api\/protected<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-11\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">Shell Session<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">shell<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Implementing JWT authentication in a Java application using Spring Boot involves setting up Spring Security, creating utility classes for JWT handling, and configuring filters to validate tokens. This tutorial has provided a step-by-step guide to achieving a secure authentication mechanism using JWTs, suitable for a RESTful web service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Further Enhancements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Role-Based Access Control (RBAC)<\/strong>: Enhance the security configuration to handle different roles and permissions.<\/li>\n\n\n\n<li><strong>Token Expiry and Refresh<\/strong>: Implement token expiry checks and provide a mechanism to refresh tokens.<\/li>\n\n\n\n<li><strong>Logout Functionality<\/strong>: Implement logout functionality to invalidate JWT tokens.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This implementation provides a solid foundation for adding JWT-based authentication to your Java applications, ensuring secure and stateless authentication mechanisms.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5,4],"tags":[],"class_list":["post-1947","post","type-post","status-publish","format-standard","category-java","category-programming-languages","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Implement JWT Authentication in Java<\/title>\n<meta name=\"description\" content=\"JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Implement JWT Authentication in Java\" \/>\n<meta property=\"og:description\" content=\"JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-21T20:05:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-21T20:05:24+00:00\" \/>\n<meta name=\"author\" content=\"w3compadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"w3compadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/\"},\"author\":{\"name\":\"w3compadmin\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/#\\\/schema\\\/person\\\/a550b3e20d78bb4f79b7c6b7b53f0561\"},\"headline\":\"How to Implement JWT Authentication in Java\",\"datePublished\":\"2024-06-21T20:05:07+00:00\",\"dateModified\":\"2024-06-21T20:05:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/\"},\"wordCount\":535,\"articleSection\":[\"Java\",\"Programming Languages\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/\",\"url\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/\",\"name\":\"How to Implement JWT Authentication in Java\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/#website\"},\"datePublished\":\"2024-06-21T20:05:07+00:00\",\"dateModified\":\"2024-06-21T20:05:24+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/#\\\/schema\\\/person\\\/a550b3e20d78bb4f79b7c6b7b53f0561\"},\"description\":\"JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/how-to-implement-jwt-authentication-in-java\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Articles Home\",\"item\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Programming Languages\",\"item\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/programming-languages\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/programming-languages\\\/java\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"How to Implement JWT Authentication in Java\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/#website\",\"url\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/\",\"name\":\"Developer Articles Hub\",\"description\":\"\",\"alternateName\":\"Developer Articles\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/#\\\/schema\\\/person\\\/a550b3e20d78bb4f79b7c6b7b53f0561\",\"name\":\"w3compadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/wp-content\\\/litespeed\\\/avatar\\\/bd481d404e42caa2763662a3bfe825f8.jpg?ver=1780141266\",\"url\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/wp-content\\\/litespeed\\\/avatar\\\/bd481d404e42caa2763662a3bfe825f8.jpg?ver=1780141266\",\"contentUrl\":\"https:\\\/\\\/www.w3computing.com\\\/articles\\\/wp-content\\\/litespeed\\\/avatar\\\/bd481d404e42caa2763662a3bfe825f8.jpg?ver=1780141266\",\"caption\":\"w3compadmin\"},\"sameAs\":[\"http:\\\/\\\/w3computing.com\\\/articles\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Implement JWT Authentication in Java","description":"JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/","og_locale":"en_US","og_type":"article","og_title":"How to Implement JWT Authentication in Java","og_description":"JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.","og_url":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/","article_published_time":"2024-06-21T20:05:07+00:00","article_modified_time":"2024-06-21T20:05:24+00:00","author":"w3compadmin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"w3compadmin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/#article","isPartOf":{"@id":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/"},"author":{"name":"w3compadmin","@id":"https:\/\/www.w3computing.com\/articles\/#\/schema\/person\/a550b3e20d78bb4f79b7c6b7b53f0561"},"headline":"How to Implement JWT Authentication in Java","datePublished":"2024-06-21T20:05:07+00:00","dateModified":"2024-06-21T20:05:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/"},"wordCount":535,"articleSection":["Java","Programming Languages"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/","url":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/","name":"How to Implement JWT Authentication in Java","isPartOf":{"@id":"https:\/\/www.w3computing.com\/articles\/#website"},"datePublished":"2024-06-21T20:05:07+00:00","dateModified":"2024-06-21T20:05:24+00:00","author":{"@id":"https:\/\/www.w3computing.com\/articles\/#\/schema\/person\/a550b3e20d78bb4f79b7c6b7b53f0561"},"description":"JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.","breadcrumb":{"@id":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.w3computing.com\/articles\/how-to-implement-jwt-authentication-in-java\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Articles Home","item":"https:\/\/www.w3computing.com\/articles\/"},{"@type":"ListItem","position":2,"name":"Programming Languages","item":"https:\/\/www.w3computing.com\/articles\/programming-languages\/"},{"@type":"ListItem","position":3,"name":"Java","item":"https:\/\/www.w3computing.com\/articles\/programming-languages\/java\/"},{"@type":"ListItem","position":4,"name":"How to Implement JWT Authentication in Java"}]},{"@type":"WebSite","@id":"https:\/\/www.w3computing.com\/articles\/#website","url":"https:\/\/www.w3computing.com\/articles\/","name":"Developer Articles Hub","description":"","alternateName":"Developer Articles","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.w3computing.com\/articles\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.w3computing.com\/articles\/#\/schema\/person\/a550b3e20d78bb4f79b7c6b7b53f0561","name":"w3compadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.w3computing.com\/articles\/wp-content\/litespeed\/avatar\/bd481d404e42caa2763662a3bfe825f8.jpg?ver=1780141266","url":"https:\/\/www.w3computing.com\/articles\/wp-content\/litespeed\/avatar\/bd481d404e42caa2763662a3bfe825f8.jpg?ver=1780141266","contentUrl":"https:\/\/www.w3computing.com\/articles\/wp-content\/litespeed\/avatar\/bd481d404e42caa2763662a3bfe825f8.jpg?ver=1780141266","caption":"w3compadmin"},"sameAs":["http:\/\/w3computing.com\/articles"]}]}},"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"w3compadmin","author_link":"https:\/\/www.w3computing.com\/articles\/author\/w3compadmin\/"},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/posts\/1947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/comments?post=1947"}],"version-history":[{"count":2,"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/posts\/1947\/revisions"}],"predecessor-version":[{"id":1949,"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/posts\/1947\/revisions\/1949"}],"wp:attachment":[{"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/media?parent=1947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/categories?post=1947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.w3computing.com\/articles\/wp-json\/wp\/v2\/tags?post=1947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}