ivangfr/springboot-react-jwt-token ivangfr/springboot-react-jwt-token

  • Stars
    star
    139
  • Rank 262,286 (Top 6 %)
  • Language
    Java
  • Created over 4 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ivangfr/springboot-react-jwt-token
github

ivangfr

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The goal of this project is to implement an application called order-app to manage orders. For it, we will implement a back-end Spring Boot application called order-api and a font-end React application called order-ui. Besides, we will use JWT Authentication to secure both applications.

springboot-react-jwt-token

The goal of this project is to implement an application called order-app to manage orders. For it, we will implement a back-end Spring Boot application called order-api and a font-end React application called order-ui. Besides, we will use JWT Authentication to secure both applications.

Proof-of-Concepts & Articles

On ivangfr.github.io, I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.

Additional Readings

Project Diagram

project-diagram

Applications

  • order-api

    Spring Boot Web Java backend application that exposes a Rest API to create, retrieve and delete orders. If a user has ADMIN role he/she can also retrieve information of other users or delete them.

    The application secured endpoints can just be accessed if a valid JWT access token is provided.

    order-api stores its data in Postgres database.

    order-api has the following endpoints

    Endpoint Secured Roles
    POST /auth/authenticate -d {"username","password"} No
    POST /auth/signup -d {"username","password","name","email"} No
    GET /public/numberOfUsers No
    GET /public/numberOfOrders No
    GET /api/users/me Yes ADMIN, USER
    GET /api/users Yes ADMIN
    GET /api/users/{username} Yes ADMIN
    DELETE /api/users/{username} Yes ADMIN
    GET /api/orders [?text] Yes ADMIN
    POST /api/orders -d {"description"} Yes ADMIN, USER
    DELETE /api/orders/{id} Yes ADMIN

  • order-ui

    React frontend application where a user with role USER can create an order and retrieve a specific order. On the other hand, a user with role ADMIN as access to all secured endpoints.

    In order to access the application, a user or admin must login using his/her username and password. All the requests coming from order-ui to secured endpoints in order-api have the JWT access token. This token is generated when the user or admin logins.

    order-ui uses Semantic UI React as CSS-styled framework.

Prerequisites

Start Environment

  • In a terminal, make sure you are inside springboot-react-jwt-token root folder

  • Run the following command to start docker compose containers

    docker compose up -d

Running order-app using Maven & Npm

  • order-api

    • Open a terminal and navigate to springboot-react-jwt-token/order-api folder

    • Run the following Maven command to start the application

      ./mvnw clean spring-boot:run

  • order-ui

    • Open another terminal and navigate to springboot-react-jwt-token/order-ui folder

    • Run the command below if you are running the application for the first time

      npm install

    • Run the npm command below to start the application

      npm start

Applications URLs

Application URL Credentials
order-api http://localhost:8080/swagger-ui.html
order-ui http://localhost:3000 admin/admin, user/user or signing up a new user

Note: the credentials shown in the table are the ones already pre-defined. You can signup new users

Demo

  • The gif below shows a user loging in

    user-login

  • The gif below shows an admin loging in

    admin-login

Testing order-api Endpoints

  • Manual Endpoints Test using Swagger

    • Open a browser and access http://localhost:8080/swagger-ui.html. All endpoints with the lock sign are secured. In order to access them, you need a valid JWT access token.

    • Click POST /auth/authenticate and then, click Try it out button

    • Provide the user credentials username and password

      { "password": "user", "username": "user" }

    • Click Execute button. It should return something like

      Code: 200
{ "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9..." }

      Note 1: You can use the admin credentials to access more secured endpoints

      Note 2: The token will expire in 10 minutes

    • Copy the accessToken value (without the double quotes)

    • Click the Authorize button at the top of the page

    • In Value input field, paste the copied token

    • Click Authorize button and then, click Close button

    • To create an order, click POST /api/orders and then, click Try it out button

    • Provide the description of the order

      { "description": "Buy two iPhones" }

    • Click Execute button. It should return something like

      Code: 200
{
  "id": "718c9f40-5c06-4571-bc3e-3f888c52eff2",
  "description": "Buy two iPhones",
  "user": { "username": "user" },
  "createdAt": "..."
}

  • Manual Endpoints Test using curl

    • Open a terminal

    • Call GET /public/numberOfUsers

      curl -i localhost:8080/public/numberOfUsers

      It should return

      HTTP/1.1 200
2

    • Call GET /api/orders without JWT access token

      curl -i localhost:8080/api/orders

      As for this endpoint a valid JWT access token is required, it should return

      HTTP/1.1 401

    • Call POST /auth/authenticate to get admin JWT access token

      ADMIN_ACCESS_TOKEN="$(curl -s -X POST http://localhost:8080/auth/authenticate \
  -H 'Content-Type: application/json' \
  -d '{"username": "admin", "password": "admin"}' | jq -r .accessToken)"

    • Call again GET /api/orders, now with admin JWT access token

      curl -i -H "Authorization: Bearer $ADMIN_ACCESS_TOKEN" localhost:8080/api/orders

      It should return an empty array or an array with orders

      HTTP/1.1 200
[ ... ]

    • Call GET /api/users/me to get more information about the admin

      curl -i -H "Authorization: Bearer $ADMIN_ACCESS_TOKEN" localhost:8080/api/users/me

      It should return

      HTTP/1.1 200
{
  "id": 1, "username": "admin", "name": "Admin", "email": "[email protected]", "role": "ADMIN",
  "orders": []
}

  • Automatic Endpoints Test

    • Open a terminal and make sure you are in springboot-react-jwt-token root folder

    • Run the following script

      ./order-api/test-endpoints.sh

      It should return something like the output below, where it shows the http code for different requests

      POST auth/authenticate
======================
admin access token
------------------
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE1ODY2MjM1MjksImlhdCI6MTU4Nj..._ha2pM4LSSG3_d4exgA

user access token
-----------------
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE1ODY2MjM1MjksImlhdCIyOSwian...Y3z9uwhuW_nwaGX3cc5A

POST auth/signup
================
user2 access token
------------------
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE1ODY2MjM1MjksImanRpIjoiYTMw...KvhQbsMGAlFov1Q480qg

Authorization
=============
                Endpoints | without token |  user token |  admin token |
------------------------- + ------------- + ----------- + ------------ |
 GET public/numberOfUsers |           200 |         200 |          200 |
GET public/numberOfOrders |           200 |         200 |          200 |
......................... + ............. + ........... + ............ |
        GET /api/users/me |           401 |         200 |          200 |
           GET /api/users |           401 |         403 |          200 |
     GET /api/users/user2 |           401 |         403 |          200 |
  DELETE /api/users/user2 |           401 |         403 |          200 |
......................... + ............. + ........... + ............ |
          GET /api/orders |           401 |         403 |          200 |
         POST /api/orders |           401 |         201 |          201 |
  DELETE /api/orders/{id} |           401 |         403 |          200 |
------------------------------------------------------------------------
 [200] Success -  [201] Created -  [401] Unauthorized -  [403] Forbidden

Util Commands

  • Postgres

    docker exec -it postgres psql -U postgres -d orderdb
\dt

  • jwt.io

    With jwt.io you can inform the JWT token and the online tool decodes the token, showing its header and payload.

Shutdown

  • To stop order-api and order-ui, go to the terminals where they are running and press Ctrl+C

  • To stop and remove docker compose containers, network and volumes, go to a terminal and, inside springboot-react-jwt-token root folder, run the command below

    docker compose down -v

How to upgrade order-ui dependencies to latest version

  • In a terminal, make sure you are in springboot-react-jwt-token/order-ui folder

  • Run the following commands

    npm upgrade
npm i -g npm-check-updates
ncu -u
npm install

References

More Repositories

1

springboot-react-keycloak

The goal of this project is to secure movies-app using Keycloak (with PKCE). movies-app consists of two applications: one is a Spring Boot Rest API called movies-api and another is a React application called movies-ui.
JavaScript
398
star
2

keycloak-clustered

Keycloak-Clustered extends quay.io/keycloak/keycloak official Keycloak Docker image by adding JDBC_PING discovery protocol.
Shell
166
star
3

springboot-react-social-login

The goal of this project is to implement an application called movie-app to manage movies. For it, we will implement a back-end Spring Boot application called movie-api and a font-end React application called movie-ui. Besides, we will use OAuth2 (Social Login) to secure both applications.
Java
146
star
4

springboot-keycloak-openldap

The goal of this project is to create a simple Spring Boot REST API, called simple-service, and secure it with Keycloak. Furthermore, the API users will be loaded into Keycloak from OpenLDAP server.
Java
145
star
5

graalvm-quarkus-micronaut-springboot

The goal of this project is to compare some Java Microservice Frameworks like: Quarkus, Micronaut and Spring Boot. For it, we will implement applications using those frameworks, build their JVM and Native Docker images and measure start-up times, memory footprint, etc.
Shell
122
star
6

springboot-kafka-connect-jdbc-streams

Project goal: Explore Kafka, Kafka Connect, and Kafka Streams. Components: store-api: Inserts/updates MySQL records. Source Connectors: Monitor MySQL changes, push messages to Kafka. Sink Connectors: Listen to Kafka, insert/update Elasticsearch docs. store-streams: Listens to Kafka, processes with Kafka Streams, pushes new messages to Kafka.
Java
102
star
7

springboot-kafka-connect-debezium-ksqldb

Experiment with Kafka, Debezium, and ksqlDB. research-service: Performs MySQL record manipulation. Source Connectors: Monitor MySQL changes, push messages to Kafka. Sink Connectors and kafka-research-consumer: Listen to Kafka, insert/update Elasticsearch. ksqlDB-Server: Listens to Kafka, performs joins, and pushes new messages to new Kafka topics.
Java
79
star
8

springboot-react-basic-auth

The goal of this project is to implement an application called book-app to manage books. For it, we will implement a back-end Spring Boot application called book-api and a font-end React application called book-ui. Besides, we will use Basic Authentication to secure both applications.
Java
71
star
9

spring-cloud-stream-kafka-elasticsearch

The goal of this project is to implement a "News" processing pipeline composed of five Spring Boot applications: producer-api, categorizer-service, collector-service, publisher-api and news-client.
Java
66
star
10

springboot-elk-prometheus-grafana

The goal of this project is to implement a Spring Boot application, called movies-api, and use Filebeat & ELK Stack (Elasticsearch, Logstash and Kibana) to collect and visualize application's logs and Prometheus & Grafana to monitor application's metrics.
Java
53
star
11

springboot-kafka-websocket

The goal of this project is to implement two Spring Boot applications: bitcoin-api and bitcoin-client. The bitcoin-api application simulates BTC price changes, while the bitcoin-client application listens to these changes and updates a real-time UI. The bitcoin-client UI is secured using Basic Authentication.
Java
52
star
12

springboot-keycloak-mongodb-testcontainers

The goals of this project are: 1) Create a Spring Boot application that manages books, called book-service; 2) Use Keycloak as OpenID Connect Provider; 3) Test using Testcontainers; 4) Explore the utilities and annotations that Spring Boot provides when testing applications.
Java
35
star
13

springboot-ldap-testcontainers

The goal of this project is to create a simple Spring Boot REST API, named 'simple-service,' and secure it using the Spring Security LDAP module. Additionally, Testcontainers will be utilized for integration testing.
Java
33
star
14

axon-springboot-websocket

The goal is to explore Axon. We will develop a food-ordering app comprising 3 Spring Boot applications: customer-service, restaurant-service, and food-ordering-service. These services are implemented with CQRS and Event Sourcing, utilizing the Axon Framework. They connect to axon-server, which serves as the Event Store and Message Routing solution.
Java
29
star
15

spring-data-jpa-r2dbc-mysql-stream-million-records

In this project, we will implement two Spring Boot Java Web application called, streamer-data-jpa and streamer-data-r2dbc. They both will fetch 1 million of customer's data from MySQL and stream them to Kafka. The main goal is to compare the application's performance and resource utilization.
Java
26
star
16

spring-cloud-stream-event-sourcing-testcontainers

Goal: create a Spring Boot application that handles users using Event Sourcing. So, whenever a user is created, updated, or deleted, an event informing this change is sent to Kafka. Also, we will implement another application that listens to those events and saves them in Cassandra. Finally, we will use Testcontainers for end-to-end testing.
Java
25
star
17

springboot-graphql-databases

The goal of this project is to explore GraphQL. For it, we will implement two microservices: author-book-api and book-review-api.
Java
23
star
18

spring-webflux-reactive-databases

The goal of this project is to play with Spring WebFlux on client and server side. For it, we will implement some Spring Boot Java Web applications, product-api, customer-api, order-api and client-shell, and use reactive NoSQL database like Cassandra, MongoDB, Postgres and MySQL.
Java
23
star
19

springboot-kong-keycloak

Goal: create a Spring Boot app called book-service accessible only through the Kong API gateway. In Kong, the kong-oidc plugin will be installed, enabling communication between Kong and Keycloak. This setup ensures that when Kong receives a request for book-service, it validates the request in conjunction with Keycloak to ensure its authenticity.
Shell
23
star
20

socketio-express-phaser3

The goal of this project is to implement a multiplayer game using Socket.IO, Express and Phaser 3.
JavaScript
22
star
21

springboot-rsocket-webflux-aop

The goal of this project is to play with RSocket protocol. For it, we will implement three Spring Boot Java applications, movie-server, movie-client-shell and movie-client-ui. As storage, it's used the reactive NoSQL database MongoDB. All the streaming of movie events and the logging are handling by AOP (Aspect Oriented Programming).
Java
22
star
22

springboot-vault-examples

The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.
Java
18
star
23

https-springboot-react

The goal of this project is to play with HTTPS and enable it in Spring Boot applications. For it, we will implement a Spring Boot Rest API that will have its endpoints ready to accept and server over HTTPS. Furthermore, a Spring Boot Shell Java application and a Frontend React application will be implemented to consume movies-api.
Java
17
star
24

kubernetes-minikube-environment

The goal of this project is have some examples using Kubernetes (Minikube)
Mustache
16
star
25

spring-kafka-de-serialization-types

The goal is to play with Spring Kafka. We've implemented 5 examples of producer and consumer services that exchanges messages through Kafka using different types of serialization and approaches.
Java
15
star
26

springboot-kong-plugins

The goal of this project is to create a simple Spring Boot REST API and securing it with Kong using the LDAP Authentication and Basic Authentication plugins. Besides, we will explore more plugins that Kong offers like: Rate Limiting and Prometheus plugins.
Shell
14
star
27

spring-data-jpa-relationships

The goal of this project is to study the JPA relationships: one-to-one, one-to-many / many-to-one, and many-to-many.
Java
14
star
28

ethereum-springboot-react

Goals: Implement an Ethereum Smart Contract called SoccerManager and deploy it to Ethereum Blockchain running locally; Implement 2 Spring Boot BE applications, ethereum-api and player-api, that uses Web3j to communicate with Ethereum blockchain; Implement 2 React FE applications, ethereum-ui and player-ui, that communicate to their respective BE.
Java
14
star
29

springboot-elasticsearch-thymeleaf

The goal of this project is to implement an application called product-app. It consists of two Spring Boot services: product-api (backend) and product-ui (frontend). Data will be stored in Elasticsearch
Java
13
star
30

okta-springboot-react

The goal of this project is to implement an application where a user can manage (create/read/update/delete) jobs. For it, we will create: a backend Restful API called jobs-api and a frontend user interface called jobs-ui. Furthermore, we will use Okta to secure the complete application.
JavaScript
13
star
31

spring-cloud-stream-event-routing-cloudevents

The goal of this project is to play with Spring Cloud Stream Event Routing and CloudEvents. For it, we will implement a producer and consumer of news & alert events.
Java
12
star
32

springboot-aws-localstack-dynamodb-lambda-sns-sqs

In this project, we are going to use LocalStack to simulate locally, some services provided by AWS Cloud such as: DynamoDB, Lambda, SNS and SQS. Also, in order to simplify the use of AWS managed services, we are going to use Spring Cloud AWS.
Java
12
star
33

web-reactive-jvm-native-cds-aot-virtual-threads

In this project, we’ll create six apps using Spring Boot, Quarkus, and Micronaut. For each framework, one app will use blocking Web with Tomcat, and the other will use non-blocking Reactive with Netty. We’ll build both JVM and Native Docker images. For Spring Boot, additional images will test configurations with Virtual Threads, CDS, and AOT
Java
11
star
34

springboot-jpa-studies

The goal of this project is to study JPA Batch Processing (i.e, insert / update / delete a set of records in a single command), JPA Locking and Datetime in JPA.
Java
10
star
35

spring-cloud-stream-kafka-multi-topics

The goal of this project is to create two applications: one as a Spring Boot producer and the other as a Spring Boot consumer. We'll be using Spring for Apache Kafka and Spring Cloud Stream.
Java
9
star
36

springboot-aws-localstack-opensearch-s3-secretsmanager

In this project, we are going to use LocalStack to simulate locally, some services provided by AWS Cloud such as OpenSearch, S3, and Secrets Manager. Also, in order to simplify the use of AWS managed services, we are going to use Spring Cloud AWS.
Java
9
star
37

springboot-proxysql-mysql

The goal of this project is to use ProxySQL to load balance requests from a Spring-Boot application to MySQL Replication Master-Slave Cluster.
Java
7
star
38

react-graphql-databases

The goal of this project is to implement two front-end React applications, author-book-ui and book-review-ui. They will consume the GraphQL endpoints of the two back-end (BE) applications present in the project springboot-graphql-databases, author-book-api and book-review-api.
JavaScript
7
star
39

knative-minikube-environment

The goal of this project is to set up Knative on Minikube, enabling the deployment and execution of Serverless applications.
Shell
6
star
40

springboot-gmail

The goal of this project is to implement a simple Spring Boot Web Java application that communicates with a GMail inbox account using GMail API.
Java
6
star
41

api-oha-benchmarker

api-oha-benchmarker is a tool to easily benchmark APIs. It uses Testcontainers to manage Docker containers. The load testing is done with OHA. To collect information like CPU and memory usage, it uses the docker stats command. It also uses cAdvisor to visually monitor CPU and memory usage.
Java
5
star
42

okta-springboot

The goal of this project is to develop a straightforward Spring Boot REST API application, named simple-service, which utilizes Okta for authentication handling.
Java
4
star
43

spring-integration-examples

The goal of this project is to learn String Integration Framework For it, we will implement some Spring Boot applications and try to use the well known Enterprise Integration Patterns.
Java
4
star
44

springboot-caching-neo4j

The goal of this project is to explore how caching works. To achieve this, we will implement a simple Spring Boot application called "restaurant-api." We will use Neo4j for storage and select one of the following solutions (Simple, Caffeine, or Redis) for caching.
Java
4
star
45

docker-swarm-environment

The goal of this project is to have some examples using Docker Swarm.
Shell
3
star
46

springboot-activemq-rabbitmq-delayed-messages

The goal of this project is to create an application that produces and consumes delayed messages randomly. Those messages are sent to ActiveMQ or RabbitMQ. The delayed broker to which the message is sent depends on a feature toggle defined in Unleash.
Java
3
star
47

spring-boot-grpc-client-server

This project aims to create two Spring Boot applications using gRPC: movie-grpc-server and movie-grpc-client. The movie-grpc-lib project defines the gRPC interface that both applications use.
Java
3
star
48

jenkins-dind-postman-newman

The goal of this project is to implement an Automation Testing for a fake online REST API called ReqRes. We will use: Jenkins, Docker-in-Docker (dind), Postman API Client and Newman
Dockerfile
2
star
49

box2dcreatejs

Box2DCreateJS is a powerful JavaScript library that combines the capabilities of the Box2D 2D Physics Engine with the comprehensive CreateJS suite of libraries and tools, including EaselJS and SoundJS, to provide a user-friendly solution for building HTML and JavaScript games.
JavaScript
2
star
50

springboot-testing-mysql

Goals: 1) Create a simple Spring Boot application to manage users; 2) Explore the utilities and annotations that Spring Boot provides for testing; 3) Test using Testcontainers.
Java
2
star
51

springboot-jsoup-html-parser

The goal of this project is to get a list of games and their scores from a website. The application must parse the website HTML content, get the necessary information, save the game score data in a database and expose them through a REST API.
HTML
2
star
52

spring-boot-nginx-keycloak-cluster

The goal of this project is to use Nginx as a reverse proxy and load balancer for a Keycloak cluster with two instances and a Spring Boot application, called simple-service, also with two instances. The simple-service app will use Keycloak for IAM.
Shell
2
star
53

kubeless-minikube-environment

The goal of this project is to setup Kubeless in Minikube and then, deploy and run some functions.
Java
1
star
54

springboot-mesos-marathon-keycloak-openldap

The goal of this project is to create a simple REST API, called simple-service, and secure it with Keycloak. The API users will be loaded from OpenLDAP server. Furthermore, we will start Mesos / Marathon environment, so that we can deploy Keycloak and simple-service in it.
Java
1
star
55

calculatorws

CalculatorWS is a REST web service implemented in Java using the framework Spring Boot. It uses RabbitMQ for the communications between two modules that exists in the WS, Rest and Calculator.
Java
1
star