There's no official integration (package) for JWT in Java Spring?

I am new to Java Spring and want to create a simple RESTful server with JWT auth. Checked many tutorials, all of them involved creating your own JWT middleware to retrieve JWT token from incoming request and validate it using some 3rd party JWT library like jwtk/jjwt.

I am surprised this is not as simple as including a Spring JWT package and it would work out of box. I used to write a similar site using Python/Django, and for that adding JWT support is quite simple as adding "xxx.middleware.JWTAuthMiddleware".

  • 1
    Yep, as far as I remember, we also used a custom JWT implementation of the spring boot oauth package. We had it running as a microservice alongside the main application usually. But to be fair implementing JWT was like 3 classes no longer than 70 lines cause it's literally just a base64 encoded json and some basic signature checking

    Though to be fair, it's best to avoid implementing your own oauth in general. It's much better to use a 3rd party service for this. One that you can host yourself for free is keycloak and indeed Spring can even run keycloak embedded (which I didn't know until googling it right now). Here's a tutorial by the spring god himself: https://baeldung.com/spring-securit...

    and embedded keycloak is apparently pre-configured to just use JWT out of the box, so there you go! This is the best approach as keycloak is a high quality and production ready oauth service with plenty of features and options in terms of security
Add Comment