spring-boot-security-jwt

# Spring Boot JWT Security JWT authentication and authorization patterns for Spring Boot 3.5.x using Spring Security 6.x and JJWT. Covers token generation, validation, refresh strategies, RBAC/ABAC, and OAuth2 integration. ## Overview This skill provides implementation patterns for stateless JWT authentication in Spring Boot applications. It covers the complete authentication flow including token generation with JJWT 0.12.6, Bearer/cookie-based authentication, refresh token rotation, and method-level authorization with `@PreAuthorize` expressions. Key capabilities: - Access and refresh token generation with configurable expiration - Bearer token and HttpOnly cookie authentication strategies - Integration with Spring Data JPA and OAuth2 providers - RBAC with role/permission-based `@PreAuthorize` rules - Token revocation and blacklisting for logout/rotation ## When to Use Activate when user requests involve: - "Implement JWT authentication", "secure REST API with tokens" - "Spring Security 6.x configuration", "SecurityFilterChain setup" - "Role-based access control", "RBAC", `` `@PreAuthorize` `` - "Refresh token", "token rotation", "token revocation" - "OAuth2 integration", "social login", "Google/GitHub auth" - "Stateless authentication", "SPA backend security" - "JWT filter", "OncePerRequestFilter", "Bearer token" - "Cookie-based JWT", "HttpOnly cookie" - "Permission-based access control", "custom PermissionEvaluator" ## Quick Reference ### Dependencies (JJWT 0.12.6)...