Simple app which demonstrates how to issue and validate JWT tokens using dropwizard, related to this StackOverflow question.
mvn clean install && java -jar target/dropwizard-jwt-0.1.jar server dropwizard/config.yml
Log in using basic auth and obtain a JWT token.
curl -u RoleOneUser:RoleOnePass -X GET --header 'Accept: application/json' 'http://localhost:8080/auth/#'
Try it without auth:
curl -X GET --header 'Accept: application/json' 'http://localhost:8080/auth/#'
{
"token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicm9sZXMiOiJSb2xlT25lIiwidXNlciI6IlJvbGVPbmVVc2VyIiwiaWF0IjoxNTA2MDI3OTMxLCJqdGkiOiJaV2RrSXAzLW43UXEyQjh1aTN6M2FRIn0.LImJsleGZLVVnb0znnenxZJvUH-XVdtW-abCqv68l-I"
}
Go decode the token on jwt.io to see the contents.
Will accept the JWT obtained from the login above and echo some values from the JWT back.
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicm9sZXMiOiJSb2xlT25lIiwidXNlciI6IlJvbGVPbmUiLCJpYXQiOjE1MDYwMjYxNDYsImp0aSI6IlhwWU5ocHFoaUZ1b1l3anZ0REE4OEEifQ.k7-kx9hkGNxv-ECtSr8OTXr-HKe26evZvo2OQhXmb8A' 'http://localhost:8080/protectedResourceOne'
{
"role": "RoleOne",
"username": "RoleOne"
}
Will not accept the JWT obtained from the login above, because it expects a different role.
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicm9sZXMiOiJSb2xlT25lIiwidXNlciI6IlJvbGVPbmUiLCJpYXQiOjE1MDYwMjYxNDYsImp0aSI6IlhwWU5ocHFoaUZ1b1l3anZ0REE4OEEifQ.k7-kx9hkGNxv-ECtSr8OTXr-HKe26evZvo2OQhXmb8A' 'http://localhost:8080/protectedResourceTwo'
{
"code": 403,
"message": "User not authorized."
}