16 thoughts to “Spring Boot, Spring Security, PostgreSQL: JWT Authentication example”

  1. hi, what I must write instead of this
    bezkoder.app.jwtSecret= bezKoderSecretKey
    bezkoder.app.jwtExpirationMs= 86400000

  2. Hey!
    Very wonderful tutorial you got up there. Would be very wonderful for both learning and reference.

    Anyways I stumble upon it when I was searching for the best way to store JWT and use it while making requests.

    I know already know about the Browser local storage but there seem to be a lot of security concerns as regards that method. So it’s being recommended to already store JWT in an HttpOnly cookie in the server but I haven’t seen a clear implementation of the latter method anywhere, I’ve been searching 🙁

    Please what do you have to say about these security concerns in your opinion as an experienced developer and also I would appreciate it so much if you could help me with some tips on the implementation or a tutorial you can point me to?

  3. Hi,

    first of all, thank you so much for sharing. Amazing work!

    I get the RuntimeException: Error: “Role is not found” when sending the post request to /api/auth/signup. In the request, I also send the role. For example:

    “username”: “yassine”,
    “email”: “[email protected]”,
    “password”: “password”,
    “role”: [“user”, “admin”]

    Do you have an idea what could this be?
    Again, thanks a lot for sharing this knowledge.

      1. Hi,

        thank you so much!
        That was actually the step that I did not perform. Now it’s working.

        Thanks a lot!

  4. it’s really very clear, well done for the work done. I have a question about creating accounts: how do I avoid using register some users with / signup API to create admin accounts? By disabling the API?

  5. Hi,

    What if most users don’t log out of the application explicitly and just close the browser instead – the number of expired refresh tokens will keep increasing over time in the database table, right? What’s the best way to deal with this – introduce a scheduled clean up job or do cleanup whenever a new token is added to database?

    Thank you

  6. During the implementation of this code, I found that a method called getRole() is used in the class AuthController for the class SignUpRequest but this method was not implemented for this class, can I please get some clarification.

  7. I am looking for a full-stack ForgotPassword concept.
    To manage when users want to reset their password with JavaMail
    I am able to mail, but I still need to figure out how to implement refresh token.

  8. Hey! First of all, amazing project. Thanks so much for sharing!

    I have a problem when wanting to register a new user. I get the error “java.lang.RuntimeException: Error: Role is not found.” Have you ever heard of this problem?

    Thanks so much, Alex

  9. I think “javax.validation cannot be resolved” should be at the beginning

  10. Hi! Great article, really appreciated it, two problems I came across:

    1.: getting this error when trying to run after finishing everything:



    Field authenticationManager in required a bean of type ‘org.springframework.security.authentication.AuthenticationManager’ that could not be found.


    Consider defining a bean of type ‘org.springframework.security.authentication.AuthenticationManager’ in your configuration.

    I solved this one by inserting this:
    public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
    into my websecurityconfigadapter.

    2.: I managed to create users, which showed up in the db, but when i tried to sign in postman just threw a 500 error. I found that the problem was that new Date(string) is deprecated, and the solution for that was either using a parser to convert jwtExpirationMs from string to long, or just simply add a long value in generateJwtToken method.

    Really thank you so much for this article helped me a lot, and made it easy to understand how everything works together.

Comments are closed to reduce spam. If you have any question, please send me an email.