giuseppe-trisciuoglio/developer-kit
Comprehensive developer toolkit providing reusable skills for Java/Spring Boot, TypeScript/NestJS/React/Next.js, Python, PHP, AWS CloudFormation, AI/RAG, DevOps, and more.
82
82%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
test-jwt-setup.shplugins/developer-kit-java/skills/spring-boot-security-jwt/scripts/
#!/bin/bash
# Spring Security JWT Testing Script
# This script sets up a test environment and validates JWT implementation
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Configuration
BASE_URL=${BASE_URL:-http://localhost:8080}
TEST_EMAIL=${TEST_EMAIL:-test@example.com}
TEST_PASSWORD=${TEST_PASSWORD:-TestPassword123!}
echo -e "${GREEN}=== Spring Security JWT Test Suite ===${NC}"
echo
# Function to print colored output
print_status() {
if [ $1 -eq 0 ]; then
echo -e "${GREEN}✅ $2${NC}"
else
echo -e "${RED}❌ $2${NC}"
fi
}
print_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
print_info() {
echo -e "${GREEN}ℹ️ $1${NC}"
}
# Function to check if service is running
check_service() {
curl -s -f "$BASE_URL/actuator/health" > /dev/null 2>&1
}
# Function to create test user
create_test_user() {
echo "Creating test user..."
response=$(curl -s -w "%{http_code}" -o /tmp/user_response.json \
-X POST "$BASE_URL/api/register" \
-H "Content-Type: application/json" \
-d "{
\"email\": \"$TEST_EMAIL\",
\"password\": \"$TEST_PASSWORD\",
\"firstName\": \"Test\",
\"lastName\": \"User\"
}")
http_code=${response: -3}
if [ "$http_code" = "201" ]; then
print_status 0 "Test user created successfully"
return 0
elif [ "$http_code" = "409" ]; then
print_status 0 "Test user already exists"
return 0
else
print_status 1 "Failed to create test user (HTTP $http_code)"
cat /tmp/user_response.json
return 1
fi
}
# Function to authenticate and get JWT
authenticate() {
echo "Authenticating user..."
response=$(curl -s -w "%{http_code}" -o /tmp/auth_response.json \
-X POST "$BASE_URL/api/auth/login" \
-H "Content-Type: application/json" \
-d "{
\"email\": \"$TEST_EMAIL\",
\"password\": \"$TEST_PASSWORD\"
}")
http_code=${response: -3}
if [ "$http_code" = "200" ]; then
ACCESS_TOKEN=$(jq -r '.accessToken' /tmp/auth_response.json)
REFRESH_TOKEN=$(jq -r '.refreshToken' /tmp/auth_response.json)
print_status 0 "Authentication successful"
print_info "Access token: ${ACCESS_TOKEN:0:20}..."
return 0
else
print_status 1 "Authentication failed (HTTP $http_code)"
cat /tmp/auth_response.json
return 1
fi
}
# Function to test protected endpoint
test_protected_endpoint() {
local endpoint=$1
local expected_status=$2
local description=$3
if [ -z "$ACCESS_TOKEN" ]; then
print_status 1 "No access token available"
return 1
fi
response=$(curl -s -w "%{http_code}" -o /tmp/endpoint_response.json \
-H "Authorization: Bearer $ACCESS_TOKEN" \
"$BASE_URL$endpoint")
http_code=${response: -3}
if [ "$http_code" = "$expected_status" ]; then
print_status 0 "$description"
return 0
else
print_status 1 "$description (Expected $expected_status, got $http_code)"
cat /tmp/endpoint_response.json
return 1
fi
}
# Function to test JWT validation
test_jwt_validation() {
echo "Testing JWT validation..."
# Test valid token
test_protected_endpoint "/api/users/me" 200 "Valid JWT access"
# Test expired token
expired_token="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjoxNjE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
response=$(curl -s -w "%{http_code}" -o /tmp/expired_response.json \
-H "Authorization: Bearer $expired_token" \
"$BASE_URL/api/users/me")
if [ "${response: -3}" = "401" ]; then
print_status 0 "Expired token rejected"
else
print_status 1 "Expired token accepted"
fi
# Test invalid token
invalid_token="invalid.token.format"
response=$(curl -s -w "%{http_code}" -o /tmp/invalid_response.json \
-H "Authorization: Bearer $invalid_token" \
"$BASE_URL/api/users/me")
if [ "${response: -3}" = "401" ]; then
print_status 0 "Invalid token rejected"
else
print_status 1 "Invalid token accepted"
fi
# Test no token
response=$(curl -s -w "%{http_code}" -o /tmp/no_token_response.json \
"$BASE_URL/api/users/me")
if [ "${response: -3}" = "401" ]; then
print_status 0 "No token rejected"
else
print_status 1 "No token accepted"
fi
}
# Function to test refresh token
test_refresh_token() {
echo "Testing refresh token..."
if [ -z "$REFRESH_TOKEN" ]; then
print_status 1 "No refresh token available"
return 1
fi
# Use refresh token to get new access token
response=$(curl -s -w "%{http_code}" -o /tmp/refresh_response.json \
-X POST "$BASE_URL/api/auth/refresh" \
-H "Content-Type: application/json" \
-d "{\"refreshToken\": \"$REFRESH_TOKEN\"}")
http_code=${response: -3}
if [ "$http_code" = "200" ]; then
NEW_ACCESS_TOKEN=$(jq -r '.accessToken' /tmp/refresh_response.json)
print_status 0 "Refresh token successful"
print_info "New access token: ${NEW_ACCESS_TOKEN:0:20}..."
# Test new token
response=$(curl -s -w "%{http_code}" -o /tmp/new_token_test.json \
-H "Authorization: Bearer $NEW_ACCESS_TOKEN" \
"$BASE_URL/api/users/me")
if [ "${response: -3}" = "200" ]; then
print_status 0 "New access token works"
else
print_status 1 "New access token failed"
fi
else
print_status 1 "Refresh token failed (HTTP $http_code)"
cat /tmp/refresh_response.json
fi
}
# Function to test logout
test_logout() {
echo "Testing logout..."
if [ -z "$ACCESS_TOKEN" ]; then
print_status 1 "No access token available"
return 1
fi
# Logout
response=$(curl -s -w "%{http_code}" -o /tmp/logout_response.json \
-X POST "$BASE_URL/api/auth/logout" \
-H "Authorization: Bearer $ACCESS_TOKEN")
http_code=${response: -3}
if [ "$http_code" = "200" ]; then
print_status 0 "Logout successful"
# Test token is no longer valid
response=$(curl -s -w "%{http_code}" -o /tmp/post_logout.json \
-H "Authorization: Bearer $ACCESS_TOKEN" \
"$BASE_URL/api/users/me")
if [ "${response: -3}" = "401" ]; then
print_status 0 "Token invalidated after logout"
else
print_status 1 "Token still valid after logout"
fi
else
print_status 1 "Logout failed (HTTP $http_code)"
cat /tmp/logout_response.json
fi
}
# Main test execution
main() {
echo "Starting JWT security tests..."
echo "Base URL: $BASE_URL"
echo "Test Email: $TEST_EMAIL"
echo
# Check if service is running
if ! check_service; then
print_status 1 "Service is not running at $BASE_URL"
print_info "Please start the application before running tests"
exit 1
fi
print_status 0 "Service is running"
# Run tests
echo
echo "=== Setup Phase ==="
create_test_user
authenticate
echo
echo "=== Authentication Tests ==="
test_jwt_validation
test_refresh_token
test_logout
echo
echo "=== Test Summary ==="
echo "All tests completed. Review the output above for any issues."
echo
echo "For detailed debugging:"
echo "1. Check application logs: tail -f logs/application.log"
echo "2. Use debug endpoint: curl -H \"X-Auth-Debug: true\" $BASE_URL/api/users/me"
echo "3. Verify JWT content at: https://jwt.io/"
}
# Cleanup function
cleanup() {
rm -f /tmp/*.json
}
# Set up cleanup
trap cleanup EXIT
# Run main function
main "$@"plugins
developer-kit-ai
skills
chunking-strategy
prompt-engineering
developer-kit-aws
skills
aws
aws-cli-beast
aws-cost-optimization
aws-drawio-architecture-diagrams
aws-sam-bootstrap
aws-cloudformation
aws-cloudformation-auto-scaling
references
aws-cloudformation-bedrock
references
aws-cloudformation-cloudfront
references
aws-cloudformation-cloudwatch
references
aws-cloudformation-dynamodb
references
aws-cloudformation-ec2
aws-cloudformation-ecs
references
aws-cloudformation-elasticache
aws-cloudformation-iam
references
aws-cloudformation-lambda
references
aws-cloudformation-rds
aws-cloudformation-s3
references
aws-cloudformation-security
references
aws-cloudformation-task-ecs-deploy-gh
aws-cloudformation-vpc
developer-kit-core
skills
developer-kit-java
skills
aws-lambda-java-integration
aws-rds-spring-boot-integration
aws-sdk-java-v2-bedrock
aws-sdk-java-v2-core
aws-sdk-java-v2-dynamodb
aws-sdk-java-v2-kms
aws-sdk-java-v2-lambda
aws-sdk-java-v2-messaging
aws-sdk-java-v2-rds
aws-sdk-java-v2-s3
aws-sdk-java-v2-secrets-manager
graalvm-native-image
langchain4j
langchain4j-mcp-server-patterns
langchain4j-ai-services-patterns
references
langchain4j-mcp-server-patterns
references
langchain4j-rag-implementation-patterns
references
langchain4j-spring-boot-integration
langchain4j-testing-strategies
langchain4j-tool-function-calling-patterns
langchain4j-vector-stores-configuration
references
qdrant
references
spring-ai-mcp-server-patterns
references
spring-boot-actuator
spring-boot-cache
spring-boot-crud-patterns
spring-boot-dependency-injection
spring-boot-event-driven-patterns
spring-boot-openapi-documentation
spring-boot-project-creator
spring-boot-resilience4j
spring-boot-rest-api-standards
spring-boot-saga-pattern
spring-boot-security-jwt
assets
references
scripts
spring-boot-test-patterns
spring-data-jpa
references
spring-data-neo4j
references
unit-test-application-events
unit-test-bean-validation
unit-test-boundary-conditions
unit-test-caching
unit-test-config-properties
unit-test-controller-layer
unit-test-exception-handler
unit-test-json-serialization
unit-test-mapper-converter
unit-test-parameterized
unit-test-scheduled-async
unit-test-service-layer
unit-test-utility-methods
unit-test-wiremock-rest-api
developer-kit-php
skills
aws-lambda-php-integration
developer-kit-python
skills
aws-lambda-python-integration
developer-kit-tools
developer-kit-typescript
skills
aws-lambda-typescript-integration
better-auth
drizzle-orm-patterns
dynamodb-toolbox-patterns
references
nestjs
nestjs-best-practices
nestjs-code-review
nestjs-drizzle-crud-generator
scripts
nextjs-app-router
nextjs-authentication
nextjs-code-review
nextjs-data-fetching
references
nextjs-deployment
nextjs-performance
nx-monorepo
react-code-review
react-patterns
references
shadcn-ui
tailwind-css-patterns
references
tailwind-design-system
references
turborepo-monorepo
typescript-docs
typescript-security-review
zod-validation-utilities