This is a demonstration of stateless token-based authentication using JSON Web Token and CSRF protection, Spring Security, Spring Boot and Vue js.
|Backend (REST)||SpringBoot (Java)|
|Security||Token Based (Spring Security, JJWT, CSRF)|
|Client Build Tools||vue-cli, Webpack, npm|
|Server Build Tools||Maven|
Run Environment: Java11, Node 12, Maven3
Clone this project
git clone https://github.com/PuZhiweizuishuai/SpringSecurity-JWT-Vue-Deom.git
Run back end server
cd spring-security-jwt mvn clean package
java -jar target/security-0.0.1-SNAPSHOT.jar
Run front end server
cd vue npm install
npm run serve
To generating and verifying JWT I use JJWT. JJWT – a self-contained Java library providing end-to-end JSON Web Tokens creation and verification.
We have a couple of options where to store the token:
HTML5 Web Storage (localStorage or sessionStorage) Cookies
However, cookies are vulnerable to a different type of attack: cross-site request forgery (CSRF). A CSRF attack is a type of attack that occurs when a malicious web site, email, or blog causes a user’s web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.
The code is released under the MIT license.