Skip to main content


Showing posts from January 8, 2018

REST tutorial : security with JWT token


This is the last part of our security tutorial.
Complete source code
$ git clone
$ cd todoapp
$ git checkout security

follow the complete tutorial
JWT JSON Web Token is an open standard that defines a compact and self-contained way for securely sharing data between parties using a JSON object.
Compact - smaller sizeSelf-contained - payload contains all the required information Typically contains,
Header - consists of the type of the token, hashing algorithm being usedPayload - contains the claims.Signature A token fields are separated by dots like this, xxx.yyy.zzz

Since we already have added token support in our previes tutorial, we only have to modify it to a JWT token.

Sample Header {
  "alg": "HS512"
Sample Payload {
  "sub": "manjula",
  "userId": "1",
  "role": "ADMIN",
  "iat": 1515401468,
  "exp": 15154…