boot_security_jwt library
JWT authentication module for the Boot Framework.
Add this package to your dependencies and configure via application.yml:
boot:
security:
jwt:
secret: my-secret-key
expiration: 1h
refresh-expiration: 7d
issuer: my-app
All beans are auto-registered. Override any with @Replaces.
Classes
- $DefaultTokenReaderDefinition
- $JwtAuthenticationProviderDefinition
- $JwtConfigDefinition
- $JwtRefreshTokenGeneratorDefinition
- $JwtTokenGeneratorDefinition
- $JwtTokenValidatorDefinition
- Authentication
- Represents an authenticated user.
- AuthenticationProvider
- Implement to provide authentication logic (e.g., validate JWT, check credentials). Boot discovers all AuthenticationProvider beans and tries them in order.
- AuthenticationRequest
- The authentication request — carries all connection context for credential extraction. Works for HTTP, WebSocket, mTLS — providers check what's available.
- BearerTokenReader
- Default TokenReader that extracts tokens from the Authorization: Bearer header.
- DefaultTokenReader
-
Default TokenReader — reads tokens from the
Authorization: Bearerheader. - JwtAuthenticationProvider
- AuthenticationProvider that uses TokenReader to extract a token and TokenValidator to verify it.
- JwtConfig
- Configuration for JWT token handling.
- JwtRefreshTokenGenerator
- JWT implementation of RefreshTokenGenerator.
- JwtTokenGenerator
- JWT implementation of TokenGenerator.
- JwtTokenValidator
- JWT implementation of TokenValidator.
- RefreshTokenGenerator
- Generates refresh tokens.
- Secured
- Marks a controller or method with access rules.
- SecurityFilter
- Internal security filter — intercepts requests and enforces access rules. Checks both intercept-url-map (YAML) and @Secured annotations (route metadata).
- SecurityRule
- Constants for @Secured annotation values.
- SecurityRuleEntry
- A security rule entry from YAML intercept-url-map or @Secured annotations.
- TokenGenerator
- Generates access tokens.
- TokenReader
- Extracts a token string from an authentication request.
- TokenValidator
- Validates a token and returns its claims.
Constants
- securedAnnotationType → const AnnotationType
- AnnotationType constant for runtime metadata queries.
Functions
-
$BootSecurityJwtModule(
BeanContainer container, RouteRegistry router, BootConfig config, List< void Function()> deferred) → void - Module function for the boot_security_jwt library. Called by the consuming app's $configure() to wire this library's beans.