Package vaultWeb.security

Class JwtUtil

java.lang.Object
vaultWeb.security.JwtUtil
@Component public class JwtUtil extends Object
Utility class for creating and parsing JSON Web Tokens (JWT). A JWT is a compact, URL-safe token format consisting of three parts: header, payload, and signature.
  • Header: contains metadata about the token, such as the signing algorithm (e.g., HS256) and token type.
  • Payload: contains claims — pieces of information about the user or the token itself.
  • Signature: cryptographic signature to ensure token integrity and authenticity.
Claims are key-value pairs embedded inside the JWT payload that provide data such as:
  • Registered claims like sub (subject, often the username), iat (issued at), and exp (expiration time).
  • Public claims which can be custom, e.g. user roles, email, etc.
  • Private claims defined by your application for specific needs.

In this class, the "role" claim is a custom public claim used to store the user's role for authorization purposes.

The token is cryptographically signed using the secret key to ensure its integrity and authenticity.

  • Constructor Details

    • JwtUtil

      public JwtUtil(@Value("${jwt.secret}") String secret, @Value("${jwt.refreshSecret}") String refreshSecret)

  • Method Details

    • generateToken

      public String generateToken(User user)
      Generates a signed JWT token for the given user. The token is signed with the SECRET_KEY using HS256.
      Parameters:
      user - the user entity containing username and role
      Returns:
      a signed JWT token string

    • extractUsername

      public String extractUsername(String token)
      Extracts the username (subject) from the provided JWT token.

      This method also validates the token's signature using the SECRET_KEY. If the token is invalid or expired, parsing will throw an exception.

      Parameters:
      token - the JWT token string
      Returns:
      the username (subject) embedded in the token
      Throws:
      io.jsonwebtoken.JwtException - if token parsing or validation fails

    • validateToken

      public boolean validateToken(String token)

    • getAuthentication

      public org.springframework.security.core.Authentication getAuthentication(String token)

    • generateRefreshToken

      public String generateRefreshToken(User user, String tokenId)
      Generates a signed refresh token JWT for the given user.

      The refresh token:

      • Uses the user's ID as the subject (sub).
      • Includes a unique token identifier (jti) used for refresh token rotation and revocation.
      • Has a long expiration time.
      • Is signed using a dedicated refresh-token signing key.
      Parameters:
      user - the authenticated user
      tokenId - the unique refresh token identifier (jti)
      Returns:
      a signed refresh token JWT

    • parseRefreshToken

      public io.jsonwebtoken.Claims parseRefreshToken(String token)
      Parses and validates a refresh token JWT.

      This method verifies the refresh token's signature and expiration using the refresh-token signing key and returns its claims.

      Parameters:
      token - the refresh token JWT
      Returns:
      the parsed JWT claims
      Throws:
      io.jsonwebtoken.JwtException - if the token is invalid or expired

    • extractTokenId

      public String extractTokenId(String refreshToken)
      Extracts the refresh token identifier (jti) from a refresh token.

      The refresh token is fully validated before extracting the identifier.

      Parameters:
      refreshToken - the refresh token JWT
      Returns:
      the token identifier (jti)
      Throws:
      io.jsonwebtoken.JwtException - if the token is invalid or expired

    • extractUsernameFromRequest

      public String extractUsernameFromRequest(jakarta.servlet.http.HttpServletRequest request)
      Extracts username from Authorization header if present and valid
      Parameters:
      request - the HTTP request
      Returns:
      username or null if not authenticated