Reactive JWT Authentication Using Spring WebFlux

JSON Web Token (JWT) authentication is a popular method for securing APIs in microservices architectures. With Spring WebFlux, the reactive web framework, we can create highly scalable and responsive applications. In this article, we will guide you on how to implement JWT authentication in a reactive Spring WebFlux application.

JWT is a compact and URL-safe token that can represent a set of claims. It is commonly used for authentication and authorization in distributed systems. The JWT consists of three parts: Header, Payload, and Signature. In a typical setup, the client sends the JWT token in the authorization header of the HTTP requests, and the server validates the token to authenticate the user of the application.

JWT Structure:

• Header: It contains the metadata about the token such as the type (JWT) and signing the algorithm.
• Payload: It contains the claims which are statements about the user like user ID and roles of the application.
• Signature: It ensures that the token has not been tempered with. It is created by the encoding the header and payload using the secret key.

Implementation of the Reactive JWT Authentication Using Spring WebFlux

By following the below steps, we can implement the reactive JWT authentication in Spring WebFlux.

1. Set up the Spring project.
2. Add the necessary dependencies.
3. Configure the JWT utility classes.
4. Implement the authentication and authorization logic.
5. Secure the WebFlux endpoints.

Step 1: Create Spring Starter Project

We will first create the Spring reactive project using the spring Initializr. On creating the project add the below dependencies into the project.

Dependencies:

• Spring Reactive Web
• Spring Security
• Lombok
• Spring Data Reactive Mongodb
• Spring DevTools

JWT Dependencies:

 <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
 <dependency>
 <groupId>io.jsonwebtoken</groupId>
 <artifactId>jjwt</artifactId>
 <version>0.12.5</version>
 </dependency>

 <dependency>
 <groupId>io.jsonwebtoken</groupId>
 <artifactId>jjwt-api</artifactId>
 <version>0.11.2</version>
 </dependency>
 <dependency>
 <groupId>io.jsonwebtoken</groupId>
 <artifactId>jjwt-impl</artifactId>
 <version>0.11.2</version>
 <scope>runtime</scope>
 </dependency>
 <dependency>
 <groupId>io.jsonwebtoken</groupId>
 <artifactId>jjwt-jackson</artifactId>
 <version>0.11.2</version>
 <scope>runtime</scope>
 </dependency>

Project Structure:

Step 2: Application Properties

Open the application.properties and add the configuration of the mongodb uri and server port.

spring.application.name=spring-webflux-jwt
spring.data.mongodb.uri=mongodb://localhost:27017/reactive-jwt-auth
server.port=8085

Step 3: Create User class

Go to src > main > java > org.example.springwebfluxjwt > model > User and put the below code. We have used here a secure hashing algorithm like BCrypt, which is supported by Spring Security for password encryption.

This class represents the user entity, including properties like username, password, and roles.

Step 4: Create AuthRequest Class

Go to src > main > java > org.example.springwebfluxjwt > model > AuthRequest and put the below code.

This class represents the request body for user authentication, containing username and password.

Step 5: Create AuthResponse class

Go to src > main > java > org.example.springwebfluxjwt > model > AuthResponse and put the below code.

This class represents the response body for successful user authentication, containing the JWT token.

Step 6: Create UserRepository Interface

Go to src > main > java > org.example.springwebfluxjwt > repository > UserRepository and put the below code.

This interface defines methods for interacting with the user data store, such as saving and finding users.

Step 7: Create SecufityConfig Class

Go to src > main > java > org.example.springwebfluxjwt > config > SecufityConfig and put the below code.

This class configures security settings for the application, including JWT authentication.

Step 8: Create the JWTUtil Class

Go to src > main > java > org.example.springwebfluxjwt > config > JWTUtil and put the below code.

This class provides utility methods for generating and validating JWT tokens.

Step 9: Create UserService Class

Ensure that when saving a user, you set the password using the setPassword method of the User class.

Go to src > main > java > org.example.springwebfluxjwt > service > UserService and put the below code.

This class contains business logic related to user management, such as user creation and retrieval.

Step 10: Create JWTAuthenticationManager Class

Go to src > main > java > org.example.springwebfluxjwt > service > JWTAuthenticationManager and put the below code.

This class implements the authentication logic using JWT tokens.

Step 11: Create AuthController Class

Go to src > main > java > org.example.springwebfluxjwt > controller > AuthController and put the below code.

This class defines REST endpoints for user authentication, including signup and login.

Step 12: Main Class

No changes are required in the main class.

pom.xml:

Step 13: Run the application

Once complete the project, run the application, it will start at port 8085.

Step 14: Testing the Endpoints

Sign up Enpoint:

POST http://localhost:8085/signup

Output:

login Endpoint:

POST http://localhost:8085/login

Output:

Protected Endpoint Testing:

Secure Endpoint access with the token.

GET http://localhost:8085/protected

Output:

Conclusion

Implementing reactive JWT authentication in a Spring WebFlux application involves setting up the project, adding the necessary dependencies, and configuring the security components to handle JWT tokens. This ensures that the application is secure and can handle a large number of concurrent requests efficiently.