0
0
Spring Bootframework~10 mins

JWT validation filter in Spring Boot - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - JWT validation filter
Incoming HTTP Request
JWT Validation Filter
JWT Valid?
Set User Auth
Continue Filter Chain
Controller
The filter intercepts each HTTP request, checks the JWT token, and either sets user authentication or rejects the request before passing control.
Execution Sample
Spring Boot
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
  String token = extractToken((HttpServletRequest) req);
  if (validateToken(token)) {
    setAuthentication(token);
    chain.doFilter(req, res);
  } else {
    rejectRequest((HttpServletResponse) res);
  }
}
This filter extracts a JWT token, validates it, sets authentication if valid, or rejects the request if invalid.
Execution Table
StepActionToken ExtractedToken Valid?Authentication SetFilter Chain CalledResponse Status
1Extract token from headereyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...N/ANoNoN/A
2Validate tokeneyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...YesNoNoN/A
3Set authentication in security contexteyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...YesYesNoN/A
4Call next filter in chaineyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...YesYesYesN/A
5Request proceeds to controllereyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...YesYesYes200 OK
6If token invalid, reject requestinvalid.token.valueNoNoNo401 Unauthorized
💡 Execution stops when token is invalid and request is rejected with 401, or continues if token is valid.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3Final
tokennulleyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
isValidfalsefalsetruetruetrue
authenticationSetfalsefalsefalsetruetrue
responseStatusnullnullnullnull200 OK or 401 Unauthorized
Key Moments - 2 Insights
Why does the filter reject the request immediately when the token is invalid?
Because the execution_table row 6 shows that when token validation fails, the filter does not call the next filter and sends a 401 response to stop unauthorized access.
When is the authentication set in the security context?
As shown in execution_table row 3, authentication is set only after the token is validated successfully, ensuring only valid users proceed.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the response status when the token is valid?
A401 Unauthorized
B200 OK
C500 Internal Server Error
DNo response sent yet
💡 Hint
Check the last row where token is valid and the response status column.
At which step does the filter call the next filter in the chain?
AStep 4
BStep 6
CStep 2
DStep 1
💡 Hint
Look at the 'Filter Chain Called' column in the execution_table.
If the token is invalid, what happens to the authenticationSet variable?
AIt becomes null
BIt becomes true
CIt remains false
DIt throws an error
💡 Hint
Refer to variable_tracker row for authenticationSet and execution_table row 6.
Concept Snapshot
JWT Validation Filter in Spring Boot:
- Intercepts HTTP requests
- Extracts JWT token from Authorization header
- Validates token signature and expiry
- If valid, sets user authentication in security context
- If invalid, rejects request with 401 Unauthorized
- Passes control to next filter or controller
- Ensures secure access to protected endpoints
Full Transcript
A JWT validation filter in Spring Boot intercepts incoming HTTP requests to check the JWT token in the Authorization header. It extracts the token, validates it for correctness and expiry, and if valid, sets the user authentication in the security context. This allows the request to continue to the next filter or controller. If the token is invalid, the filter immediately rejects the request by sending a 401 Unauthorized response, preventing access to protected resources. This process ensures only authenticated users can access secured endpoints.