Skip to content

psenger/Jersey2-Security-JWT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Jersey2 Security JWT

Written by Philip A Senger

philip.a.senger@cngrgroup.com | mobile: 0404466846 | CV/Resume | blog | LinkedIn | twitter | keybase

About

Build Status

There are many ways you can implement Authentication and Authorization with Jersey. This is the most simplest example I could demo with JWT authentication. By no means should you drop this code into production, not only does it have security flaws it can not be clustered due to the single instance nature of the keys.

Additionally, in this project I have added tomcat as a plugin to the maven pom and created a war goal so this can be deployed as a war to a 2.5 servlet speced container, but I never tried it out. I suspect it will need to be tweaked to get it to deploy properly.

Why

If you are reading this, you may be wondering why I built this project. It is because someone in my Linkedin network asked me how to do this. This was the simplest example I could think of and is a collection of examples I gathered from other resources on the web.

How

First you will need Java 1.8 installed on your computer.

Next you will need to install Apache Maven. You will NOT need tomcat, as I have installed a Tomcat pluggin.

Then you can run the whole project with Tomcat ( as a plugin ) via the following command line. I have included tomcat 7 in this build so you dont have to download it and install it. This should run with tomcat 8 with some minor tweaks to the web.xml More information on the goals can be found here tomcat 7 maven goals

mvn clean tomcat6:run

How to run the tests

mvn clean test

To get the books a http transaction would look like this. The string aXJvbm1hbjpwYXNzd29yZA== is a base64 encoded ASCII string containing the userid a colon and password. In this case it is "ironman:password"

POST http://localhost:8080/authentication
accept: application/json
content-type: application/x-www-form-urlencoded
username=ironman&password=password

200
Content-Type: application/json
{
  "authToken": "eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJKZXJzZXktU2VjdXJpdHktQmFzaWMiLCJzdWIiOiJpcm9ubWFuIiwiYXVkIjoidXNlcixhZG1pbiIsImV4cCI6MTQ0Njk0ODI0OCwiaWF0IjoxNDQ2OTQ3MzQ4LCJqdGkiOiIwIn0.ekbS7km7DFJM4Jixu7Y1k2Z-2RreRZf621F0iP3FPCk",
  "expires": "2015-11-08T02:04:08.801 UTC"
}

GET http://localhost:8080/books
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJKZXJzZXktU2VjdXJpdHktQmFzaWMiLCJzdWIiOiJpcm9ubWFuIiwiYXVkIjoidXNlcixhZG1pbiIsImV4cCI6MTQ0Njk0ODI0OCwiaWF0IjoxNDQ2OTQ3MzQ4LCJqdGkiOiIwIn0.ekbS7km7DFJM4Jixu7Y1k2Z-2RreRZf621F0iP3FPCk

200
[
  {
    "title": "The Sharp Sliver",
    "author": "Clementine Green",
    "isbn": "1234",
    "published": "2015-11-08T01:49:05.679 UTC",
    "id": "1",
    "genre": null
  },
  {
    "title": "Edge of Darkness",
    "author": "Francisco Fry",
    "isbn": "1234",
    "published": "2015-11-08T01:49:05.679 UTC",
    "id": "2",
    "genre": null
  }
]