JWT Tokens in JAVA 21
- Mark Kendall
- Nov 29, 2024
- 2 min read
Sure! Below is an example of a JWT utility class in Java that handles JWT requests, including token creation, validation, and parsing. This example uses the io.jsonwebtoken library, which is a popular choice for working with JWTs in Java.
Maven Dependency
First, add the following dependency to your pom.xml:
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
JWT Utility Class
Here's a utility class for handling JWT operations:
package com.example.demo.util;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
import java.util.Date;
import java.util.Map;
import java.util.function.Function;
public class JwtUtil {
private static final Key SECRET_KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
private static final long EXPIRATION_TIME = 1000 * 60 * 60 * 10; // 10 hours
// Generate a token
public String generateToken(Map<String, Object> claims, String subject) {
return Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(SECRET_KEY)
.compact();
}
// Extract username from token
public String extractUsername(String token) {
return extractClaim(token, Claims::getSubject);
}
// Extract expiration date from token
public Date extractExpiration(String token) {
return extractClaim(token, Claims::getExpiration);
}
// Extract a specific claim from token
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
final Claims claims = extractAllClaims(token);
return claimsResolver.apply(claims);
}
// Validate token
public boolean isTokenValid(String token, String username) {
final String extractedUsername = extractUsername(token);
return (extractedUsername.equals(username) && !isTokenExpired(token));
}
// Check if the token is expired
private boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date());
}
// Extract all claims from token
private Claims extractAllClaims(String token) {
return Jwts.parserBuilder()
.setSigningKey(SECRET_KEY)
.build()
.parseClaimsJws(token)
.getBody();
}
}
Usage Example
Here's an example of how you might use this utility class in a service:
package com.example.demo.service;
import com.example.demo.util.JwtUtil;
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.Map;
@Service
public class JwtService {
private final JwtUtil jwtUtil;
public JwtService(JwtUtil jwtUtil) {
this.jwtUtil = jwtUtil;
}
public String createToken(String username) {
Map<String, Object> claims = new HashMap<>();
return jwtUtil.generateToken(claims, username);
}
public boolean validateToken(String token, String username) {
return jwtUtil.isTokenValid(token, username);
}
public String extractUsername(String token) {
return jwtUtil.extractUsername(token);
}
}
Security Configuration
Ensure your security configuration is set up to use the JWT utility for authentication. Here's a basic example using Spring Security:
package com.example.demo.config;
import com.example.demo.service.JwtService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
@Autowired
private JwtService jwtService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
String username = null;
String jwt = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
jwt = authorizationHeader.substring(7);
username = jwtService.extractUsername(jwt);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
if (jwtService.validateToken(jwt, username)) {
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
username, null, new ArrayList<>());
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
chain.doFilter(request, response);
}
}
This setup provides a comprehensive JWT utility for handling token creation, validation, and extraction in a Java 21 application. If you have any further questions or need additional modifications, feel free to ask!