How to Create JSON Web Token (JWT) using Java

How to Create JSON Web Token (JWT) using Java: In this tutorial, we will see how we gonna create JSON web token using Java.

What is JWT?

JSON Web Token is a string in an encrypted format. After the decryption of the JWT String will have JSON information.

JWT is generally used for session validations and to pass user information to client side in secure way. every time when user access the pages server will send a JWT token. which is used JWT token is used for user authentication at the server-side.

what is the JWT Structure

header
{ ...
},
body {
...
},
signature {
...
}

We can create a JWT token using different programming languages. it is independent of programming language.

How to Create a JWT token in java.

Create a simple maven project. add below dependency

 

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>

 

Below is the code to generate the JWT token

 

Key key = MacProvider.generateKey();
		Map<String,Object> map=new HashMap<String,Object>();
		map.put("name","Mark");
		map.put("age",25);
		map.put("gender","Male");
		String Jwstoken = Jwts.builder()
		  .setSubject("json web token").addClaims(map)
		  .signWith(SignatureAlgorithm.HS512, key)
		  .compact();

 

in above code we are creating the JWT token for Map object with subject as JSON web token. generated JWT token is using SignatureAlgorithm.HS512.  we can use the different algorithms by referring to API.

below are all available algorithms

 

HS256: HMAC using SHA-256
HS384: HMAC using SHA-384
HS512: HMAC using SHA-512
RS256: RSASSA-PKCS-v1_5 using SHA-256
RS384: RSASSA-PKCS-v1_5 using SHA-384
RS512: RSASSA-PKCS-v1_5 using SHA-512
PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256
PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384
PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512
ES256: ECDSA using P-256 and SHA-256
ES384: ECDSA using P-384 and SHA-384
ES512: ECDSA using P-521 and SHA-512

The created token will be looks like below

 

eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJqc29uIHdlYiB0b2tlbiIsImdlbmRlciI6Ik1hbGUiLCJuYW1lIjoiTWFyayIsImFnZSI6MjV9.LGEFHrytCcxAUv-w8oMfKl81velQ4H8JXmXO4tLIaa1nDMOU3w01B1ejrWsVMY37iTCZGRp4_TFCSN36YjU_Pw

For Decoding the JWT Token below is the code

 

Jws<Claims> jws = Jwts.parser().setSigningKey(key).parseClaimsJws(Jwstoken);

Jwstoken is the token generated and sent to the client.

below is the complete class for encoding and decoding of JWT

 

import java.security.Key;
import java.util.HashMap;
import java.util.Map;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.crypto.MacProvider;

public class CreatingJWT {

	public static void main(String[] args) {
		// TODO Auto-generated method stub

		Key key = MacProvider.generateKey();
		Map<String,Object> map=new HashMap<String,Object>();
		map.put("name","Mark");
		map.put("age",25);
		map.put("gender","Male");
		String Jwstoken = Jwts.builder()
		  .setSubject("json web token").addClaims(map)
		  .signWith(SignatureAlgorithm.HS512, key)
		  .compact();
		
		
		
		System.out.println("JWT Token:"+Jwstoken);
		
		Jws<Claims> jws = Jwts.parser()
				.setSigningKey(key)
				.parseClaimsJws(Jwstoken);
		System.out.println(jws);
		
	}

}

Note: For decoding, JWT Token setSigningKey should be the same as the Key used for encoding

Happy Coding.

Also Read: Creating Entity Classes From Database Schema using Eclipse