security

In this last part of the series, I’ll show you, how you can implement a token renewal mechanism. This is necessary, because the JWTs, issued by the backend, expire after a certain amount of time. This means, that logged in users can not authenticate themselves once the JWTs expired. To prevent this from happening, the frontend will automatically request a new token from the server shortly before the old one expires as long as the user is logged in and the browser window is not closed.

Continue reading How to implement JWT authentication in Spring Security and Angular – Part 5

Now that we’ve secured the backend with Spring security and implemented the basic JWT features, it’s time to allow users to log in from a user interface. In this example, I’ll show you how to implement a very basic authentication form in an Angular frontend. The pages, that may only be visited by authenticated users, will be protected by a special guard. For that purpose, I’ll show you how to implement such a guard and how to use the Angular router to redirect unauthenticated users to the login page.

Continue reading How to implement JWT authentication in Spring Security and Angular – Part 4

In this part of the series we’ll look at the most complex part of the project: Generating, reading, and validating JWT tokens. Our backend server will issue a token and return it to a requesting user. When a user tries to access a restricted resource, the token gets validated and, if the user is permitted, the resource can be accessed.

Continue reading How to implement JWT authentication in Spring Security and Angular – Part 3

In this part of the series we’ll make sure that Spring Security restricts access to certain resources and uses our custom bearer token authorization method to allow authenticated users to access resources.

Continue reading How to implement JWT authentication in Spring Security and Angular – Part 2

I recently had to implement a bearer token authentication mechanism in a Spring backend and an Angular frontend. I wasn’t surprised to see that there are already a lot of tutorials around, however, I was shocked by how poorly most of them are written and how bad some solutions were. Now, don’t get me wrong: By no means do I want to claim that my solution is the state-of-the art single way to go. However, this has worked for me and I think it’s much easier to understand and follow than other guides. Additionally, there are a few things that almost all tutorials get wrong and I’ll try to address these as well.

Continue reading How to implement JWT authentication in Spring Security and Angular – Part 1