// the find
Snailclimb/spring-security-jwt-guide
Spring Security With JWT(含权限验证) 示例,基于 Spring Boot 3.5.0 + Java 21。
A teaching project showing how to wire Spring Security 6 with JWT and Redis-backed token invalidation on Spring Boot 3.5 / Java 21. It covers the full auth loop: register, login, role-based access, and logout with immediate token revocation. Aimed squarely at developers who find the official Spring Security docs too abstract to turn into working code.
Redis-based token blacklisting on logout is the right call — it actually solves the stateless JWT invalidation problem that most tutorials hand-wave past. The project runs out of the box with H2, so you don't need a running database to explore it. Spring Boot 3.5 / Spring Security 6 means the code uses the current lambda DSL and not the deprecated WebSecurityConfigurerAdapter pattern that half the internet still copies. Exception handling is structured with typed error codes and a global handler rather than letting Spring's defaults leak stack traces.
Redis is a runtime requirement just for logout — fine for production, but it makes local development and testing heavier than necessary for what is otherwise a teaching repo. New registrations are hardcoded to receive both USER and MANAGER roles, which defeats the purpose of having roles at all for anyone trying to learn multi-role access control. There are no refresh tokens; the JWT just expires and the user must log in again, which means the 'rememberMe' field in the login request doesn't actually do anything meaningful. Test coverage is thin — the test classes exist but don't cover the filter chain or role-based denial paths, which are exactly the parts beginners get wrong.