This project demonstrates JWT (JSON Web Token) generation, validation, and reissuance using Spring Boot and the jjwt library. It includes both Access Token and Refresh Token management for user authentication, using Refresh Token Rotation (RTR) to securely renew tokens when the access token expires.
Spring Boot v2.7.0 (Java 1.8)jjwt-api-0.11.5jjwt-impl-0.11.5jjwt-jackson-0.11.5Lombok
- POST /api/v1/jwt/{userId}
- Description: Generates access and refresh tokens using the provided
userIdvia the path. This is primarily for testing purposes. - Response:
{ "userId": "user001", "accessToken": "<access_token>", "refreshToken": "<refresh_token>", "active": true }
- POST /api/v1/jwt/validation
- Description: Validates the provided access or refresh token.
- Request Body:
{ "token" : "<access_token or refresh token>", "type" : "ACCESS or REFRESH" } - Response:
{ "userId": "user001", "token": "<access_token or refresh token>", "active": true }
- POST /api/v1/jwt/reissuance
- Description: Reissues new access and refresh tokens using the provided valid refresh token.
- Request Body:
{ "token" : "<refresh_token>" } - Response:
{ "userId": "user001", "accessToken": "<access_token>", "refreshToken": "<refresh_token>", "success": true }
- Clone the repository:
git clone https://github.com/your-username/spring-jwt-demo.git cd spring-jwt-demo - Build and run the project:
./gradlew build ./gradlew bootRun
- Token expiration settings: Modify token expiration times in the JwtUtil class if necessary:
private static final long ACCESS_TOKEN_EXPIRATION_TIME = 1000 * 60 * 30; // 30 minutes private static final long REFRESH_TOKEN_EXPIRATION_TIME = 1000 * 60 * 60 * 24 * 21; // 21 days