Last updated: 2023-02-26

  1. Learn
  2. Next Steps
  3. Working with JWT

Working with JWT during development

Bootify creates all classes to protect the generated application with JWT and Spring Security. The background of JWT and the implementation are explained here. How can we use and reproduce the functionality during development?

If we have enabled SwaggerUI in our project, we can make all requests via http://localhost:8080/swagger-ui.html (port 8081 if using DevServer) after starting the application. For this, we should first have a user available in our database - if we have enabled the registration option, we can use the /register endpoint for this.

For the integration tests the annotation @Sql({"/data/clearAll.sql", "/data/userData.sql"}) is attached at the BaseIT class. This provides a user "bootify" (password "Bootify!") in the database for each test, and the matching JWT is added as a header via the bearerToken() method. If the registry endpoint is not available, we could manually run the userData.sql script (the name corresponds to our user table) in our database for testing purposes.

Authentication for obtaining our JWT

Authentication for obtaining our JWT

With this we can now authenticate our user and get the token. Using the similar algorithm, payload and secret we can use the site jwt.io to validate and look into the token of our Spring Boot app.

Reconstruct a token on jwt.io

Reconstruct a token on jwt.io

The token can be stored in SwaggerUI so that it is automatically used for all protected endpoints.

Opening the Authorize Popup of SwaggerUI

Opening the Authorize Popup of SwaggerUI

After inserting the JWT (without the quotes) we only need to press the "Authorize" button.

Pasting our JWT into SwaggerUI

Pasting our JWT into SwaggerUI

With this, we can now call our protected endpoints. If we open the developer console of our browser, we can also verify that the Authorization header was automatically sent along.

SwaggerUI automatically adding the Authorization header

SwaggerUI automatically adding the Authorization header