Authenticate Endpoint Part 1

Watch Code

Building on our user loading functionality from the previous lesson, we'll now create the authentication endpoint that clients will use to obtain JWT tokens.

This endpoint will validate user credentials and return a token for subsequent authenticated requests.

This foundation enables secure access to protected resources in our blog platform.

Creating the Request and Response DTOs

The authentication process requires dedicated DTOs to handle login requests and responses securely:

package com.devtiro.blog.domain.dtos;

import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class LoginRequest {
    private String email;
    private String password;
}

The response DTO includes the JWT token and its expiration time:

package com.devtiro.blog.domain.dtos;

import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class AuthResponse {
    private String token;
    private long expiresIn;
}

Defining the Authentication Service

The authentication service interface defines our core authentication operations:

package com.devtiro.blog.services;

import org.springframework.security.core.userdetails.UserDetails;

public interface AuthenticationService {
    UserDetails authenticate(String email, String password);
    String generateToken(UserDetails userDetails);
}

Implementing the Authentication Controller

The controller handles incoming authentication requests and produces JWT tokens:

package com.devtiro.blog.controllers;

import com.devtiro.blog.domain.dtos.AuthResponse;
import com.devtiro.blog.domain.dtos.LoginRequest;
import com.devtiro.blog.services.AuthenticationService;
import lombok.AllArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api/v1/auth")
@AllArgsConstructor
public class AuthController {
    private final AuthenticationService authenticationService;

    @PostMapping("/login")
    public ResponseEntity<AuthResponse> login(@RequestBody LoginRequest loginRequest) {
        UserDetails user = authenticationService.authenticate(
            loginRequest.getEmail(),
            loginRequest.getPassword()
        );

        AuthResponse authResponse = AuthResponse.builder()
                .token(authenticationService.generateToken(user))
                .expiresIn(86400) // 24 hours in seconds
                .build();

        return ResponseEntity.ok(authResponse);
    }
}

Summary

Created DTOs for handling login requests and responses
Defined the authentication service interface with core operations
Implemented the authentication controller with login endpoint
Set up token generation workflow
Established 24-hour token expiration time