Pendahuluan
Pada aplikasi modern, authentication sangat penting untuk mengamankan API.
Salah satu metode paling populer adalah:
JSON Web Token (JWT)
JWT digunakan untuk:
- Login authentication
- Secure REST API
- Role-based authorization
- Microservices authentication
- Mobile apps backend
- Enterprise systems
Pada tutorial ini kita akan membangun:
Spring Boot REST API
↓
JWT Authentication
↓
Spring Security
↓
MySQL Database
↓
Docker Container
Apa yang Akan Dibuat?
Fitur:
✅ Register API
✅ Login API
✅ JWT Access Token
✅ Role USER / ADMIN
✅ BCrypt Password Hashing
✅ Secure Endpoint
✅ MySQL Integration
✅ Docker & Docker Compose
✅ Swagger UI
✅ Testing Postman
Tools yang Digunakan
Kita akan menggunakan:
- Spring Boot
- Spring Security
- MySQL
- Docker
- Docker Compose
- Maven
Arsitektur Sistem
Flow authentication:
Client Login
↓
Spring Boot API
↓
Validate username/password
↓
Generate JWT Token
↓
Return Token
↓
Client Access Protected API
1. Membuat Project Spring Boot
Buka:
Pilih:
Project : Maven
Language : Java
Spring Boot : 3.x
Java : 21
Dependencies:
Spring Web
Spring Security
Spring Data JPA
MySQL Driver
Validation
Lombok
Springdoc OpenAPI
2. Struktur Project Enterprise
src/main/java/com/example/authapi
│
├── config
├── controller
├── dto
├── entity
├── exception
├── repository
├── security
├── service
└── util
3. Dependency JWT
Tambahkan ke pom.xml
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.12.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.12.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</artifactId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.5</version>
<scope>runtime</scope>
</dependency>
4. Docker Compose MySQL
Buat file:
docker-compose.yml
version: '3.8'
services:
mysql:
image: mysql:8
container_name: mysql-jwt
environment:
MYSQL_DATABASE: jwt_db
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: admin
MYSQL_PASSWORD: admin123
ports:
- "3306:3306"
volumes:
- mysql_data:/var/lib/mysql
volumes:
mysql_data:
Jalankan:
docker compose up -d
5. application.yml
spring:
datasource:
url: jdbc:mysql://localhost:3306/jwt_db
username: admin
password: admin123
jpa:
hibernate:
ddl-auto: update
jwt:
secret: super-secret-key-super-secret-key
expiration: 86400000
6. Entity User
@Entity
@Table(name = "users")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String username;
private String password;
private String role;
}
7. Repository
@Repository
public interface UserRepository
extends JpaRepository<User, Long> {
Optional<User> findByUsername(
String username
);
}
8. DTO Login & Register
@Data
public class LoginRequest {
private String username;
private String password;
}
@Data
public class RegisterRequest {
private String username;
private String password;
}
9. JWT Utility
@Component
public class JwtUtil {
@Value("${jwt.secret}")
private String secret;
public String generateToken(
String username
) {
return Jwts.builder()
.subject(username)
.issuedAt(new Date())
.expiration(
new Date(
System.currentTimeMillis()
+ 86400000
)
)
.signWith(
getKey()
)
.compact();
}
private Key getKey() {
return Keys.hmacShaKeyFor(
secret.getBytes()
);
}
}
10. Auth Service
@Service
@RequiredArgsConstructor
public class AuthService {
private final UserRepository repository;
private final PasswordEncoder encoder;
private final JwtUtil jwtUtil;
public void register(
RegisterRequest request
) {
User user =
User.builder()
.username(
request.getUsername()
)
.password(
encoder.encode(
request.getPassword()
)
)
.role("USER")
.build();
repository.save(user);
}
public String login(
LoginRequest request
) {
User user =
repository
.findByUsername(
request.getUsername()
)
.orElseThrow();
boolean valid =
encoder.matches(
request.getPassword(),
user.getPassword()
);
if(!valid){
throw new RuntimeException(
"Invalid Credential"
);
}
return jwtUtil.generateToken(
user.getUsername()
);
}
}
11. Controller
@RestController
@RequestMapping("/api/auth")
@RequiredArgsConstructor
public class AuthController {
private final AuthService service;
@PostMapping("/register")
public String register(
@RequestBody
RegisterRequest request
) {
service.register(request);
return "Register Success";
}
@PostMapping("/login")
public String login(
@RequestBody
LoginRequest request
) {
return service.login(request);
}
}
12. Security Config
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
SecurityFilterChain filterChain(
HttpSecurity http
) throws Exception {
http.csrf(csrf -> csrf.disable());
http.authorizeHttpRequests(auth -> auth
.requestMatchers(
"/api/auth/**"
)
.permitAll()
.anyRequest()
.authenticated()
);
return http.build();
}
}
13. Testing API
Register
POST /api/auth/register
Body:
{
"username": "isma",
"password": "123456"
}
Login
POST /api/auth/login
Body:
{
"username": "isma",
"password": "123456"
}
Response:
eyJhbGciOiJIUzI1NiJ9....
JWT token berhasil dibuat.
Gambar HD Developer Coding
Gambar Docker Architecture
Prompt HD
Enterprise Spring Boot JWT authentication architecture with Docker and MySQL, secure REST API, token authentication flow, ultra HD 4K infographic
Best Practice Production
✅ Gunakan refresh token
✅ Simpan secret di environment variable
✅ Gunakan role-based authorization
✅ Gunakan HTTPS
✅ Tambahkan exception handler
✅ Rate limit login API
✅ Simpan audit login
Kesimpulan
Dengan kombinasi Spring Boot + JWT + Docker + MySQL, kita dapat membangun REST API authentication yang aman, scalable, dan siap production untuk aplikasi enterprise.
SEO Slug
tutorial-jwt-rest-api-java-spring-boot-docker
Tags
Spring Boot
JWT
Docker
Java
Spring Security
REST API
Authentication
Backend
MySQL
Enterprise Development
0 komentar:
Posting Komentar