I’m a big fan of Spring framework. It makes my life easier and makes coding fun. A very cool part of Spring framework is the Spring security. It’s an extensible and customizable access control and authentication framework for Spring based applications. Especially for web applications, it is essential to use a well maintained and mature security framework since it frequently audited by the community (or by its maintainers) against security flaws and designed to prevent well-known security attacks.
Spring security provides easy to use mechanisms to restrict access to specific resources, built-in authentication providers to check authentication data from different sources (like SQL database, LDAP, JAAS etc.), login-logout handlers and much more. If you are interested you can look at Spring Security reference documentation to get more detail.
JWT on the other side is a relatively new technology to establish JSON based single sign-on (SSO) mechanism.
“JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.” – https://jwt.io/
I first came across with JWT about 1 year ago and find it very cool, since it simple to use, simple to understand and quite effective. Click here to see what JWT capable of.
In our new projects, we wanted to use microservice architecture at least apply some of the microservice patterns. My wish was to use both Spring framework and JWT to enable single sign-on across distributed microservices with a single authentication provider service. Spring ecosystem already provides wide variety tools and libraries for microservice implementation and orchestration. But unfortunately, I missed the JWT integration in Spring Security framework, which enables me to create JWT tokens after a successful login or provide mechanisms to verify JWT tokens attached to requests to authenticate users automatically.
But unfortunately, I missed the JWT integration in Spring Security framework, which enables me to create JWT tokens after a successful login or provide mechanisms to verify JWT tokens attached to requests to authenticate users automatically.
Thus I decided to implement my own JWT integration for Spring Security and make it free and open source.
In the second part of this article, I will tell you about the initial steps of the development, what I’ve learned from my research about JWT and Security, and some integral decisions I’ve made.