52 thoughts to “Spring Boot + React: JWT Authentication with Spring Security”

          1. hye please tell me
            i was working with spring boot and thymeleaf i used to use spring security to add authentication to my application but i have never heard of JWT because i was working with full stack spring application (no client side thymeleaf pages are sent by server not like react)

            what i want to know is that. is it necessary to use JWT to link spring security authentication with react or i can do it someway like with thymeleaf

    1. In conclusion section there is code for back end only.. i want the source code with React part. Please provide the github link.

  1. Is it secure to use Local Storage instead of HTTP only cookies? If I were to use HTTP only cookies instead, what would the SpringBoot-React implementation look like? Thank you very much for this helpful resource.

  2. Man, you are a life saver!! you really helped me out here… But forgive me if this is a stupid question, how does the admin signup/signin? (i’m new to this)

    1. I believe you sign up like normal account and then change your role in the database to get ADMIN privileges or you can create an OWNER (you will change in the database only once) and when through the GUI you will be able to control all users and their roles.

  3. Hi! Great tutorial! I have a question, I am new to this, I can’t login the admin or moderator only user, is it me doing something wrong or? And after login, when I want to pass data from backend to frontend, do I always have to send token or once logged in I am safe to send data like in normal apps without authorization? Because when I did it, it said error unauthorized (I only tried to pass some data about user to which subject he can attend at faculty)

  4. I am a beginner programmer and found it very difficult to implement JWT Authentication. Reviewed a lot of sites and videos. Your resource is the best, everything is told in steps and everything is clear. Thank you very much for your work! Greetings from Russia 🙂

  5. Having read this tutorial and I thought it is very enlightening.
    I appreciate you taking the time and energy to write this.

  6. Sir, can you explain how to restrict pages according to user roles ? I am stuck with that point. in your code WebSecurityConfig.java file –

    protected void configure(HttpSecurity http) throws Exception {
    		http.cors().and().csrf().disable()
    			.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
    			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
    			.authorizeRequests().antMatchers("/api/auth/**").permitAll()
    			.anytMatchers("/api/test/**").permitAll() 
    			.anyRequest().authenticated();
    		
    		http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    	}
    

    you’re give all permit to rest URL – (.anytMatchers("/api/test/**").permitAll()) but sir, I need to divide that URL according to user roles. I tried like this way but didn’t work. – (.anytMatchers("/api/test/**").hasAnyAuthority("ROLE_USER")).

    would you mind giving me a solution for that sir!
    Thank you!

      1. yes sir it was there. but how did that come from? how spring security recognize that is ‘USER’?

  7. I’m trying to understand how JWT authentication fits into the picture with OAuth/OIDC and third-party identity providers such as Amazon Cognito.

    My understanding with the above example is that the identity management is independent of whether it’s done internally (i.e. within a backend service such as Spring Boot) or it can be done with a third-party provider. Is this correct?

    Therefore it would be possible to extend your example to have Cognito specific settings in the application.yml and in Spring Boot with classes that subclass WebMvcConfigurer to support it. I’d like to confirm if this is true also?

  8. hi, your fullstack tutorial is amazing!!!
    I had an important question. when you sign up in the login page, the user details already had been saved in the database???
    and if I want to enter a new user, how can I do it?

  9. Can you please give me an example on microservices
    standard way of handling cookies with session details acrooss multiple module in microservices.

    thanks in advance

  10. Hi Sir, The tutorial was a life saver… Thanks a lot for this.

    However, I am not able to signup , it is showing “Error:Role not found” . Any suggestions would be appreciated.

  11. Super straight forward example with excellent explanation and everything works like a charm. You have taught me a lot of things. I owe you a virtual beer 🙂 God bless you.

    1. Hi, you can check the Header with correct Authorization header with Bearer token (for Spring Boot Server) instead of x-access-token header (for Node Express Server).

  12. Hello Sir, I would like to have some help. I have an error like following:

    Access to XMLHttpRequest at ‘http://localhost:8080/api/test/all’ from origin ‘http://localhost:8081’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

    I have already looked for solutions but no result, always the same error

    Thanks

  13. hi
    I am getting a error
    Could not resolve placeholder ‘bezkoder.app.jwtSecret’ in value “${bezkoder.app.jwtSecret}”
    what does error mean
    ı am searching internet but could not get an answer

  14. hello sir
    great tutorial..

    I am getting Request failed with status code 500 error in React application.

    and in spring-boot
    Error: Role is not found.
    at com.bezkoder.springjwt.controllers.AuthController.lambda$1(AuthController.java:99) ~[classes/:na]

    Please Help ASAP.

Leave a Reply

Your email address will not be published.