Book Image

Building RESTful Web Services with Spring 5 - Second Edition

By : Raja CSP Raman, Ludovic Dewailly
Book Image

Building RESTful Web Services with Spring 5 - Second Edition

By: Raja CSP Raman, Ludovic Dewailly

Overview of this book

REST is an architectural style that tackles the challenges of building scalable web services. In today's connected world, APIs have taken a central role on the web. APIs provide the fabric through which systems interact, and REST has become synonymous with APIs.The depth, breadth, and ease of use of Spring makes it one of the most attractive frameworks in the Java ecosystem. Marrying the two technologies is therefore a very natural choice.This book takes you through the design of RESTful web services and leverages the Spring Framework to implement these services. Starting from the basics of the philosophy behind REST, you'll go through the steps of designing and implementing an enterprise-grade RESTful web service. Taking a practical approach, each chapter provides code samples that you can apply to your own circumstances.This second edition brings forth the power of the latest Spring 5.0 release, working with MVC built-in as well as the front end framework. It then goes beyond the use of Spring to explores approaches to tackle resilience, security, and scalability concerns. Improve performance of your applications with the new HTTP 2.0 standards. You'll learn techniques to deal with security in Spring and discover how to implement unit and integration test strategies.Finally, the book ends by walking you through building a Java client for your RESTful web service, along with some scaling techniques using the new Spring Reactive libraries.
Table of Contents (21 chapters)
Title Page
Copyright and Credits
Dedication
Packt Upsell
Contributors
Preface
6
Spring Security and JWT (JSON Web Token)
Index

Login and token management


In the last section, we have covered user registration topics, such as customer, admin, and CSR. Once the user is successfully registered, they will have to log in to perform an action. So, let's create login- and session-related API and business implementations.

Before moving to login and session, we will talk about JSON Web Token, which will be used for session authentication. As we already have the createToken method in our securityService class, we will only talk about the subject used in token generation.

Generating a token

We may need to use the JSON Web Token for session purposes. We will use our existing token generation method to keep our user details:

    String subject = user.getUserid()+"="+user.getUsertype();
    String token = securityService.createToken(subject, (15 * 1000 * 60)); // 15 mins expiry time

We have used user.getUserid()+"="+user.getUsertype() as a subject. Also, we have mentioned 15 minutes as an expiry time, so the token will be valid for...