Challenge - 5 Problems

🎖️

JWT Validation Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when a JWT is missing in the request header?

Consider a Spring Boot JWT validation filter that checks the Authorization header for a JWT token. What is the typical behavior of the filter when the JWT token is missing?

AThe filter rejects the request and responds with HTTP 401 Unauthorized.

BThe filter allows the request to proceed without authentication.

CThe filter throws a NullPointerException and crashes the application.

DThe filter redirects the user to a login page.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which code snippet correctly extracts the JWT token from the Authorization header?

Given the Authorization header value 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...', which code correctly extracts the token string after 'Bearer '?

AString token = authorizationHeader.replace("Bearer", "");

BString token = authorizationHeader.split("Bearer")[1];

CString token = authorizationHeader.substring(6);

DString token = authorizationHeader.substring(7);

Attempts:

2 left

🔧 Debug

advanced

2:30remaining

Why does this JWT validation filter always reject valid tokens?

Review this filter code snippet that validates JWT tokens. It always rejects tokens even if they are valid. ```java String token = authorizationHeader.substring(7); Claims claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody(); if (claims.getExpiration().before(new Date())) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } chain.doFilter(request, response); ``` What is the likely cause?

Spring Boot

String token = authorizationHeader.substring(7);
Claims claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();
if (claims.getExpiration().before(new Date())) {
  response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  return;
}
chain.doFilter(request, response);

AThe filter uses 'before' instead of 'after' to check expiration, so it rejects tokens that are still valid.

BThe token substring is off by one character, causing parsing errors.

CThe secretKey is incorrect, causing all tokens to fail signature validation.

DThe filter does not call chain.doFilter() when the token is valid.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the value of SecurityContext after a valid JWT is processed?

In a Spring Boot JWT validation filter, after successfully validating a JWT token and extracting user details, the filter sets the authentication in the SecurityContext. What will SecurityContextHolder.getContext().getAuthentication() return?

ANull, because the filter does not set any authentication.

BAn Authentication object containing the user's username and granted authorities.

CA JWT token string representing the user's session.

DAn exception is thrown because SecurityContext is immutable.

Attempts:

2 left

🧠 Conceptual

expert

3:00remaining

Why should a JWT validation filter be stateless and not store session data?

In designing a JWT validation filter for a Spring Boot application, why is it important that the filter remains stateless and does not store session data on the server?

ABecause JWT tokens contain all necessary user info, so server-side sessions are redundant and reduce scalability.

BBecause storing session data causes JWT tokens to expire immediately.

CBecause stateless filters automatically refresh JWT tokens without client interaction.

DBecause Spring Boot does not support session management with JWT tokens.

Attempts:

2 left