Challenges with JWT

Pragya Keshap answered on February 7, 2023 Popularity 3/10 Helpfulness 1/10

answer Challenges with JWT

Challenges with JWT

Comment

No way to log out or invalidate sessions for users.

Moreover, there is no way for a user to disable their sessions across multiple devices.

Since the tokens are generated and verified on the fly, we can't have access to the different logged-in clients which can pose problems when you need to identify the devices.

public class JwtAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {

    @Autowired
    private JwtUtil jwtUtil;

    @Override
    public boolean supports(Class<?> authentication) {
        return (JwtAuthenticationToken.class.isAssignableFrom(authentication));
    }

    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    }

    @Override
    protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        JwtAuthenticationToken jwtAuthenticationToken = (JwtAuthenticationToken) authentication;
        String token = jwtAuthenticationToken.getToken();

        User parsedUser = jwtUtil.parseToken(token);

        if (parsedUser == null) {
            throw new JwtTokenMalformedException("JWT token is not valid");
        }

        List<GrantedAuthority> authorityList = AuthorityUtils.commaSeparatedStringToAuthorityList(parsedUser.getRole());

        return new AuthenticatedUser(parsedUser.getId(), parsedUser.getUsername(), token, authorityList);
    }

}

https://42crunch.com/7-ways-to-avoid-jwt-pitfalls/

Popularity 3/10 Helpfulness 1/10 Language java

Source: Grepper

Tags: java jwt

Link to this answer
Share Copy Link

Contributed on Feb 07 2023

Pragya Keshap

0 Answers Avg Quality 2/10

Challenges with JWT

Contents

More Related Answers

Challenges with JWT

Grepper

Documentation

Social

Legal

Contact

Oops, You will need to install Grepper and log-in to perform this action.