Understanding the need for JSON Web Token(JWT)
- JWT stands for JSON Web Token
- It is pronounced as JAWT
- It is Open Standard - RFC7519
- JWT makes it possible to communicate securely between two bodies
- JWT is used for Authorization
VideoThis tutorial is explained in the below Youtube Video.
Spring Boot JSON Web Token- Table of ContentsUnderstanding the need for JSON Web Token(JWT) Understanding JWT Structure Implement Spring Boot Security Implement Spring Boot + JSON Web Token Security Implement Spring Boot Security + JSON Web Token + MySQL Spring Boot RestTemplate + JWT Authentication Example Spring Boot Security - Refresh Expired JSON Web Token Angular 7 + Spring Boot JWT Authentication Hello World Example Online JWT Generator Online JWT Decoder
Let us first understand what is Authorization and need for it.In order to understand Authorization we will be taking example of user interaction with Gmail. Consider a scenario where a user wants to access his Gmail inbox page. This will involve user interaction with the Gmail server. For this the user will be sending HTTP requests to Gmail server and in response will expect the response from Gmail Server.
- The user will send a http request to Gmail server with url /login. Along with this request the user will also be sending the username and password for authentication.
- The Gmail server will authenticate this request if it is successful it will return the Gmail inbox page as response to the user.
- Now suppose the user wants to access his sent mail page, so he will again send a request to the Gmail server with url /sentmails. This time he will not be sending the username and password since he user has already auntenticated himself in the first request.
- The user expects Gmail to return the sent mail page. However this will not be the case. The Gmail server will not return the sent mail page but will instead not recognize the user.
Once a user has been authenticated. For all subsequent requests the user should be authorized to perform allowed operations
Authorization can be implemented using
- Session Management
- JSON Web Token