A complete authentication API built with Spring Boot, implementing JWT tokens, Repository Pattern, and SOLID principles for secure user management.
- JWT Authentication - Secure token-based authentication
- User Registration - Create new user accounts with validation
- User Login - Authenticate with username or email
- Protected Endpoints - Secure routes requiring valid JWT tokens
- Password Security - PBKDF2 hashing with salt for password protection
- Repository Pattern - Clean data access layer abstraction
- SOLID Principles - Maintainable and extensible code architecture
- Input Validation - Comprehensive request data validation
- Swagger Documentation - Interactive API documentation with JWT support
- Java 17 - Latest LTS Java version
- Spring Boot 3.5.4 - Application framework
- Spring Security - Authentication and authorization
- Spring Data JPA - Data persistence
- JWT (JSON Web Tokens) - Token-based authentication
- H2 Database - In-memory database for development
- Maven - Dependency management
- PBKDF2 - Password hashing algorithm
- Java 17 or higher
- Maven 3.6+
- IntelliJ IDEA, Eclipse or VS Code (optional)
-
Clone the repository
git clone https://github.com/H0wZy/jwt-java.git cd jwt-java -
Install dependencies
mvn clean install
-
Run the application
mvn spring-boot:run
-
Access the application
- API:
http://localhost:8080 - H2 Console:
http://localhost:8080/h2-console - Swagger UI:
http://localhost:8080/swagger-ui.html
- API:
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/auth/register |
Register new user | β |
| POST | /api/auth/login |
User login | β |
| GET | /api/auth/profile |
Get user profile | β |
POST /api/auth/register
{
"firstname": "John",
"lastname": "Doe",
"username": "johndoe",
"email": "john@example.com",
"password": "SecurePass123",
"confirmPassword": "SecurePass123",
"cargo": 1
}POST /api/auth/login
{
"usernameOrEmail": "johndoe",
"password": "SecurePass123"
}{
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"username": "johndoe",
"email": "john@example.com",
"firstname": "John",
"lastname": "Doe",
"cargo": 1
},
"message": "Login successful!",
"success": true
}src/main/java/com/example/jwtjava/
βββ controller/
β βββ AuthController.java # Authentication endpoints
βββ dto/
β βββ LoginDto.java # Login request model
β βββ RegisterDto.java # Registration request model
β βββ LoginResponseDto.java # Login response model
β βββ RegisterResponseDto.java # Registration response model
β βββ ResponseModelDto.java # Generic API response wrapper
βββ entity/
β βββ User.java # User entity
βββ enums/
β βββ Cargo.java # User roles enumeration
βββ repository/
β βββ UserRepository.java # User repository interface
βββ service/
β βββ AuthService.java # Authentication service interface
β βββ AuthServiceImpl.java # Business logic implementation
βββ util/
β βββ PasswordHelper.java # Password hashing utilities
β βββ JwtHelper.java # JWT token generation
βββ config/
β βββ SecurityConfig.java # Spring Security configuration
βββ JwtJavaApplication.java # Main application class
- Password Hashing: PBKDF2 with 100,000 iterations and random salt
- JWT Tokens: 30-minute expiration with secure claims
- Input Validation: Comprehensive validation on all endpoints using Bean Validation
- Authorization: Protected endpoints require valid Bearer tokens
- Register a new user using
/api/auth/register - Login with the created user via
/api/auth/login - Copy the JWT token from the login response
- Click "Authorize" button in Swagger UI
- Enter:
Bearer YOUR_TOKEN_HERE - Test protected endpoints like
/api/auth/profile
# JWT Configuration
jwt.secret=your-secret-key-here-must-be-256-bits-minimum
jwt.expiration=1800000
# Database Configuration (H2 for development)
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
# JPA Configuration
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
spring.jpa.hibernate.ddl-auto=create-drop
spring.jpa.show-sql=true
# H2 Console (for development)
spring.h2.console.enabled=true- β Enum Cargo - User roles (USER, MOD, ADMIN)
- β User Entity - User model with validations
- β DTOs - Transfer objects for requests/responses
- β PasswordHelper - PBKDF2 password hashing with salt
- β JwtHelper - JWT token generation and validation
- Repository Layer - User repository implementation
- Service Layer - Authentication service
- Security Configuration - Spring Security setup
- Authentication Controller - Register and login endpoints
- JWT Authentication Filter - Token validation middleware
- Exception Handling - Global exception handler
- Unit Tests - Comprehensive test coverage
- Integration Tests - API endpoint testing
- Docker Support - Containerization
- Refresh Tokens - Token refresh mechanism
- Role-based Authorization - Granular permissions
- Password Reset - Email-based password recovery
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is a Java/Spring Boot translation/adaptation of the original C# project:
This project is licensed under the MIT License - see the LICENSE file for details.
- GitHub: @H0wZy
- Email: h0wzymarcos@gmail.com
β Star this repository if you found it helpful!