JWT-Authentication

Overview

The JWT-Authentication project aims to provide a secure authentication and authorization solution using Spring Security, JSON Web Tokens (JWT), and MySQL. It serves as a practical example of how to implement robust token-based authentication and role-based authorization for applications.

Table of Contents

• Overview
• Features
• Installation
• Usage
• Configuration
• Endpoints
• Contributing
• License

Features

1. Token-Based Authentication:

   • Secure user authentication using JWT tokens.
   • When a user logs in, the server generates a JWT token containing user information and roles. Subsequent requests to protected endpoints require this token for authorization.

2. Role-Based Authorization:

   • Define roles (e.g., user, admin) and restrict access to specific endpoints based on these roles.
   • For example, an admin might have access to additional management endpoints compared to regular users.

3. Spring Security Integration:

   • Utilize Spring Security features for enhanced security.
   • Configure authentication providers, access control rules, and custom filters.

4. MySQL Database Integration:

   • Store user information and tokens in a MySQL database.
   • The database schema includes tables for users, roles, and tokens.

Installation

1. Clone the Repository:

   • Start by cloning this repository to your local machine:

     git clone https://github.com/shivamverma26/JWT-Authentication.git

2. Database Configuration:

   • Set up your MySQL database and configure the connection details in application.properties.
   • Create the necessary tables (users, roles, etc.) using database migration tools (e.g., Flyway, Liquibase).

3. Build and Run:

   • Build and run the project using Maven:

     cd JWT-Authentication
     ./mvnw spring-boot:run

Usage

1. Register a User Account:

   • Use the provided endpoints to create a new user account.
   • Example: POST /api/register

2. Authentication:

   • Authenticate and obtain an access token.
   • Send a POST request to /api/authenticate with valid credentials (username and password).
   • The server responds with a JWT token.

3. Access Protected Resources:

   • Use the obtained token to access protected resources.
   • Include the token in the Authorization header of subsequent requests.
   • Example: GET /api/profile

Configuration

• Database Configuration:

  • Update the application.properties file with your MySQL database details.
  • Customize other settings related to database connections and pooling.

• Security Configuration:

  • Customize security settings in SecurityConfig.java.
  • Define access rules, authentication providers, and other security-related configurations.

Endpoints

• Register User:

  • POST /api/register: Create a new user account.
  • Provide user details (username, password, etc.).

• Authentication:

  • POST /api/authenticate: Authenticate and obtain an access token.
  • Requires valid user credentials.

• Protected Resource:

  • Example: GET /api/profile
  • Requires a valid JWT token with appropriate roles (e.g., user, admin).

Contributing

Contributions are welcome! If you'd like to contribute to this project, please follow the contribution guidelines.

License

This project is licensed under the MIT License.