All Projects → daniel-cottone → Cerberus

daniel-cottone / Cerberus

Licence: mit
A demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security.

Programming Languages

68154 projects - #9 most used programming language

Projects that are alternatives of or similar to Cerberus

A simple and efficient open-source security framework that focus on protection of restful api.
Stars: ✭ 254 (-47.3%)
Mutual labels:  restful-api, spring, authentication, jwt, authorization, spring-security
Spring Boot Webflux Jjwt
Example Spring Boot and WebFlux (Reactive Web) with Spring Security and JWT for token Authentication and Authorization
Stars: ✭ 71 (-85.27%)
Mutual labels:  spring-boot, spring, authentication, jwt, authorization, spring-security
Spring Security Pac4j
pac4j security library for Spring Security: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 231 (-52.07%)
Mutual labels:  spring-boot, authentication, jwt, authorization, spring-security
Spring Webflux template application with working Spring Security, Web-sockets, Rest, Web MVC, and Authentication with JWT.
Stars: ✭ 107 (-77.8%)
Mutual labels:  restful-api, spring-boot, spring, spring-security, json-web-token
Spring Security React Ant Design Polls App
Full Stack Polls App built using Spring Boot, Spring Security, JWT, React, and Ant Design
Stars: ✭ 1,336 (+177.18%)
Mutual labels:  spring-boot, authentication, jwt, authorization, spring-security
Spring Webmvc Jwt Sample
Secures REST APIs with Spring Security and JWT Token based Authentication
Stars: ✭ 299 (-37.97%)
Mutual labels:  spring-boot, spring, jwt, spring-security
Spring Microservice Sample
Spring Boot based Mircoservice sample
Stars: ✭ 199 (-58.71%)
Mutual labels:  rest, spring-boot, spring, spring-security
Guns基于SpringBoot 2,致力于做更简洁的后台管理系统,完美整合springmvc + shiro + mybatis-plus + beetl!Guns项目代码简洁,注释丰富,上手容易,同时Guns包含许多基础模块(用户管理,角色管理,部门管理,字典管理等10个模块),可以直接作为一个后台管理系统的脚手架!
Stars: ✭ 3,327 (+590.25%)
Mutual labels:  rest-api, rest, spring-boot, jwt
Source code for the tutorials published on the Javadevjournal site.
Stars: ✭ 141 (-70.75%)
Mutual labels:  rest-api, rest, spring-boot, spring-security
Ngx Api Utils
ngx-api-utils is a lean library of utilities and helpers to quickly integrate any HTTP API (REST, Ajax, and any other) with Angular.
Stars: ✭ 92 (-80.91%)
Mutual labels:  rest-api, rest, authentication, jwt
Angular Spring Starter
Full stack starter kit featuring Angular 7, Spring boot and stateless JWT authentication.
Stars: ✭ 294 (-39%)
Mutual labels:  spring-boot, spring, jwt, spring-security
Appy Backend
A user system to bootstrap your app.
Stars: ✭ 96 (-80.08%)
Mutual labels:  rest, restful-api, authentication, authorization
A library that tests if the implementation of a REST-API meets its specification.
Stars: ✭ 154 (-68.05%)
Mutual labels:  rest-api, rest, restful-api, spring
Spring Lemon
Helper library for Spring Boot web applications
Stars: ✭ 529 (+9.75%)
Mutual labels:  rest-api, spring-boot, spring-framework, spring-security
Node Express Mongoose Passport Jwt Rest Api Auth
Node, express, mongoose, passport and JWT REST API authentication example
Stars: ✭ 146 (-69.71%)
Mutual labels:  rest-api, rest, restful-api, jwt
Spring Boot Postgresql Jpa Hibernate Rest Api Demo
Building RESTful APIs with Spring Boot, PostgreSQL, JPA and Hibernate
Stars: ✭ 209 (-56.64%)
Mutual labels:  rest-api, rest, spring-boot, spring
Model Driven REST framework to automatically generate CRUD APIs
Stars: ✭ 138 (-71.37%)
Mutual labels:  rest-api, rest, spring-boot, spring
Jaguar, a server framework built for speed, simplicity and extensible. ORM, Session, Authentication & Authorization, OAuth
Stars: ✭ 286 (-40.66%)
Mutual labels:  rest-api, rest, authentication, authorization
Spring Reddit Clone
Reddit clone built using Spring Boot, Spring Security with JPA Authentication, Spring Data JPA with MySQL, Spring MVC. The frontend is built using Angular - You can find the frontend source code here -
Stars: ✭ 210 (-56.43%)
Mutual labels:  spring-boot, spring, jwt, spring-security
Stormpath Sdk Java
Official Java SDK for the Stormpath User Management REST API
Stars: ✭ 221 (-54.15%)
Mutual labels:  spring-boot, spring, authentication, authorization
██████╗███████╗██████╗ ██████╗ ███████╗██████╗ ██╗   ██╗███████╗
██╔════╝██╔════╝██╔══██╗██╔══██╗██╔════╝██╔══██╗██║   ██║██╔════╝
██║     █████╗  ██████╔╝██████╔╝█████╗  ██████╔╝██║   ██║███████╗
██║     ██╔══╝  ██╔══██╗██╔══██╗██╔══╝  ██╔══██╗██║   ██║╚════██║
╚██████╗███████╗██║  ██║██████╔╝███████╗██║  ██║╚██████╔╝███████║
╚═════╝╚══════╝╚═╝  ╚═╝╚═════╝ ╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝

                  ,___/\_/\ \  ~     /
                  \     ~  \ )   XXX
                    XXX     /    /\_/\___,
                       \o-o/-o-o/   ~    /
                        ) /     \    XXX
                       _|    / \ \_/
                    ,-/   _  \_/   \
                   / (   /____,__|  )
                  (  |_ (    )  \) _|
                 _/ _)   \   \__/   (_
                (,-(,(,(,/      \,),),)


Cerberus is a demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security.


For an API to be truly RESTful, no application state can be stored on the server itself. One particular challenge in implementing this is ensuring that your API is secure. Cerberus is the answer to this problem; access to the endpoints in the API requires a JSON Web Token to be present in the request header. This token is obtained by successfully performing an authentication request with the API, and afterwards this token will grant access to the API based on the authorities granted to the specified user.


Cerberus requires Maven and Java 1.7 or greater.


To use start Cerberus, run in the terminal mvn spring-boot:run. Cerberus will now be running at http://localhost:8080/api/

There are two built-in user accounts to demonstrate the differing levels of access to the endpoints in the API:

User - user:password
Admin - admin:admin

Cerberus also has two endpoints. The first is the authentication endpoint, which is unrestricted. The second is a protected endpoint which only admin users may access (provided the correct JWT token is present in the request header):


To authenticate with Cerberus, you can curl a POST request with the following credentials to receive a JWT token:

curl -i -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/auth

The response should look like this:

  "token" : "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiJ9.bKweskM-3QqOY8ScxhC9AcREOCG2UDY0Ylezdv1h81ALFg_v0QYBgxwfUjtf_Ns7RqAQIh_kFg1ZkeFV-szRUg"

You can now insert this token into your request header for GET access to /api/protected:

curl -i -H "Content-Type: application/json" -H "X-Auth-Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiJ9.bKweskM-3QqOY8ScxhC9cREOCG2UDY0Ylezdv1h81ALFg_v0QYBgxwfUjtf_Ns7RqAQIh_kFg1ZkeFV-szRUg" -X GET http://localhost:8080/api/protected

You should get an HTTP 200 and the response :O

Tokens are configured to expire after a week. To ensure that a token remains fresh and does not expire, you can refresh an existing token by sending a GET to /api/auth/refresh with the token set in the request header. The response will be a new token with an updated expiration date. This refresh mechanism only works for tokens that have not expired yet, unless the token was provided to a mobile device. Tokens for mobile devices can always be refreshed.


To run Cerberus's unit tests, run in the terminal mvn clean package.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].