15 thoughts to “Spring Boot, Spring Security, PostgreSQL: JWT Authentication example”

  1. Hi! Great article, really appreciated it, two problems I came across:

    1.: getting this error when trying to run after finishing everything:

    ***************************
    APPLICATION FAILED TO START
    ***************************

    Description:

    Field authenticationManager in required a bean of type ‘org.springframework.security.authentication.AuthenticationManager’ that could not be found.

    Action:

    Consider defining a bean of type ‘org.springframework.security.authentication.AuthenticationManager’ in your configuration.

    I solved this one by inserting this:
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
    }
    into my websecurityconfigadapter.

    2.: I managed to create users, which showed up in the db, but when i tried to sign in postman just threw a 500 error. I found that the problem was that new Date(string) is deprecated, and the solution for that was either using a parser to convert jwtExpirationMs from string to long, or just simply add a long value in generateJwtToken method.

    Really thank you so much for this article helped me a lot, and made it easy to understand how everything works together.

  2. Hey! First of all, amazing project. Thanks so much for sharing!

    I have a problem when wanting to register a new user. I get the error “java.lang.RuntimeException: Error: Role is not found.” Have you ever heard of this problem?

    Thanks so much, Alex

  3. I am looking for a full-stack ForgotPassword concept.
    To manage when users want to reset their password with JavaMail
    I am able to mail, but I still need to figure out how to implement refresh token.

  4. During the implementation of this code, I found that a method called getRole() is used in the class AuthController for the class SignUpRequest but this method was not implemented for this class, can I please get some clarification.

  5. Hi,

    What if most users don’t log out of the application explicitly and just close the browser instead – the number of expired refresh tokens will keep increasing over time in the database table, right? What’s the best way to deal with this – introduce a scheduled clean up job or do cleanup whenever a new token is added to database?

    Thank you

  6. it’s really very clear, well done for the work done. I have a question about creating accounts: how do I avoid using register some users with / signup API to create admin accounts? By disabling the API?

  7. Hi,

    first of all, thank you so much for sharing. Amazing work!

    I get the RuntimeException: Error: “Role is not found” when sending the post request to /api/auth/signup. In the request, I also send the role. For example:

    {
    “username”: “yassine”,
    “email”: “[email protected]”,
    “password”: “password”,
    “role”: [“user”, “admin”]
    }

    Do you have an idea what could this be?
    Again, thanks a lot for sharing this knowledge.

  8. Hey!
    Very wonderful tutorial you got up there. Would be very wonderful for both learning and reference.

    Anyways I stumble upon it when I was searching for the best way to store JWT and use it while making requests.

    I know already know about the Browser local storage but there seem to be a lot of security concerns as regards that method. So it’s being recommended to already store JWT in an HttpOnly cookie in the server but I haven’t seen a clear implementation of the latter method anywhere, I’ve been searching 🙁

    Please what do you have to say about these security concerns in your opinion as an experienced developer and also I would appreciate it so much if you could help me with some tips on the implementation or a tutorial you can point me to?

Leave a Reply

Your email address will not be published. Required fields are marked *