Bird
Raised Fist0
Spring Bootframework~10 mins

JWT validation filter in Spring Boot - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to declare the filter class that extends the correct Spring Security filter.

Spring Boot
public class JwtValidationFilter extends [1] { }
Drag options to blanks, or click blank then click option'
AHttpServlet
BOncePerRequestFilter
CFilterChain
DWebSecurityConfigurerAdapter
Attempts:
3 left
💡 Hint
Common Mistakes
Extending HttpServlet instead of OncePerRequestFilter
Using FilterChain as a class to extend
Extending WebSecurityConfigurerAdapter which is for configuration
2fill in blank
medium

Complete the method signature to override the filter logic.

Spring Boot
@Override
protected void [1](HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { }
Drag options to blanks, or click blank then click option'
AdoFilter
BprocessFilter
CfilterRequest
DdoFilterInternal
Attempts:
3 left
💡 Hint
Common Mistakes
Using doFilter instead of doFilterInternal
Using incorrect method names like filterRequest or processFilter
3fill in blank
hard

Fix the error in extracting the JWT token from the Authorization header.

Spring Boot
String authHeader = request.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith([1])) {
    String token = authHeader.substring(7);
}
Drag options to blanks, or click blank then click option'
A"JWT "
B"Token "
C"Bearer "
D"Auth "
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'Token ' instead of 'Bearer '
Using 'JWT ' or 'Auth ' which are not standard prefixes
4fill in blank
hard

Fill both blanks to validate the token and set authentication in the security context.

Spring Boot
if (jwtUtil.validateToken([1])) {
    UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
        userDetails, null, userDetails.[2]());
    SecurityContextHolder.getContext().setAuthentication(authToken);
}
Drag options to blanks, or click blank then click option'
Atoken
BgetAuthorities
CgetCredentials
Duser
Attempts:
3 left
💡 Hint
Common Mistakes
Passing user instead of token to validateToken
Using getCredentials instead of getAuthorities
5fill in blank
hard

Fill all three blanks to complete the filter chain call and handle exceptions properly.

Spring Boot
try {
    [1].doFilter([2], [3]);
} catch (JwtException e) {
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
Drag options to blanks, or click blank then click option'
AfilterChain
Brequest
Cresponse
DauthToken
Attempts:
3 left
💡 Hint
Common Mistakes
Passing authToken instead of request or response
Calling doFilter on request or response instead of filterChain

Practice

(1/5)
1. What is the main purpose of a JWT validation filter in a Spring Boot application?
easy
A. To generate new JWT tokens for users
B. To check and verify JWT tokens on incoming HTTP requests
C. To log all incoming requests without validation
D. To encrypt the response data before sending

Solution

  1. Step 1: Understand JWT validation filter role

    A JWT validation filter is designed to intercept incoming requests and check the validity of JWT tokens.

  2. Step 2: Identify the correct purpose

    It does not generate tokens or encrypt data; its main job is to verify tokens to allow or deny access.

  3. Final Answer:

    To check and verify JWT tokens on incoming HTTP requests -> Option B

  4. Quick Check:

    JWT validation filter = Verify tokens [OK]
Hint: JWT filter checks tokens on requests, not generating or logging [OK]
Common Mistakes:
  • Confusing validation with token generation
  • Thinking filter encrypts data
  • Assuming it only logs requests
2. Which method in a Spring Boot filter is typically overridden to implement JWT validation logic?
easy
A. doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
B. init(FilterConfig filterConfig)
C. destroy()
D. handleRequest(HttpRequest request)

Solution

  1. Step 1: Identify filter method for request processing

    In Spring Boot, filters extend OncePerRequestFilter and override doFilterInternal to process requests.

  2. Step 2: Match method to JWT validation

    doFilterInternal is where JWT token extraction and validation happen before continuing the chain.

  3. Final Answer:

    doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) -> Option A

  4. Quick Check:

    JWT validation code goes in doFilterInternal [OK]
Hint: JWT validation logic goes in doFilterInternal method [OK]
Common Mistakes:
  • Using init() which is for filter setup only
  • Confusing destroy() with request handling
  • Inventing non-existent handleRequest() method
3. Given this snippet inside a JWT validation filter, what happens if the token is invalid? 
String token = request.getHeader("Authorization");
if (token == null || !jwtUtil.validateToken(token)) {
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    return;
}
chain.doFilter(request, response);
medium
A. The server throws a NullPointerException
B. The request proceeds without validation
C. The request is blocked with 401 Unauthorized status
D. The token is refreshed automatically

Solution

  1. Step 1: Analyze token check condition

    If token is missing or invalid, the code sets response status to 401 and returns immediately.

  2. Step 2: Understand filter chain behavior

    Because it returns before calling chain.doFilter, the request does not proceed further.

  3. Final Answer:

    The request is blocked with 401 Unauthorized status -> Option C

  4. Quick Check:

    Invalid token = 401 block [OK]
Hint: Invalid token triggers 401 and stops request chain [OK]
Common Mistakes:
  • Assuming request proceeds despite invalid token
  • Expecting automatic token refresh
  • Thinking NullPointerException occurs here
4. Identify the error in this JWT validation filter snippet: 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    String token = request.getHeader("Authorization");
    if (token != null && jwtUtil.validateToken(token)) {
        SecurityContextHolder.getContext().setAuthentication(jwtUtil.getAuthentication(token));
    }
    chain.doFilter(request, response);
}
medium
A. It does not handle the case when token is missing or invalid by blocking the request
B. It incorrectly sets authentication before validation
C. It calls chain.doFilter twice causing errors
D. It throws IOException without handling

Solution

  1. Step 1: Review token validation logic

    The code sets authentication only if token is valid, but does not block invalid or missing tokens.

  2. Step 2: Check filter chain continuation

    It always calls chain.doFilter, so invalid requests proceed without rejection.

  3. Final Answer:

    It does not handle the case when token is missing or invalid by blocking the request -> Option A

  4. Quick Check:

    Missing block on invalid token = security hole [OK]
Hint: Always block requests with missing or invalid tokens [OK]
Common Mistakes:
  • Allowing requests without token validation
  • Calling chain.doFilter twice (not here though)
  • Misunderstanding exception handling in filters
5. You want to create a JWT validation filter that extracts the token from the Authorization header, validates it, and sets the user authentication in the security context only if valid. Which sequence of actions is correct inside doFilterInternal?
hard
A. Continue filter chain -> Extract token -> Validate token -> Set authentication -> Else respond 401
B. Validate token -> Extract token -> Set authentication -> Continue filter chain -> Else respond 401
C. Set authentication -> Extract token -> Validate token -> Continue filter chain -> Else respond 401
D. Extract token -> Validate token -> Set authentication -> Continue filter chain -> Else respond 401

Solution

  1. Step 1: Determine correct order of JWT processing

    First, extract the token from the Authorization header, then validate it to ensure it's correct.

  2. Step 2: Set authentication and control flow

    If valid, set user authentication in the security context, then continue the filter chain; otherwise, respond with 401 Unauthorized.

  3. Final Answer:

    Extract token -> Validate token -> Set authentication -> Continue filter chain -> Else respond 401 -> Option D

  4. Quick Check:

    Correct JWT filter flow = Extract token -> Validate token -> Set authentication -> Continue filter chain -> Else respond 401 [OK]
Hint: Extract first, then validate, set auth, continue or block [OK]
Common Mistakes:
  • Validating before extracting token
  • Setting authentication before validation
  • Continuing filter chain before validation