0
0
Spring Bootframework~20 mins

JWT vs session-based decision in Spring Boot - Practice Questions

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
JWT vs Session Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
When to prefer JWT over session-based authentication?
Which scenario best justifies using JWT instead of session-based authentication in a Spring Boot application?
AYou want to store user data only on the server and keep tokens minimal.
BYou want to maintain server-side session state for each user to easily revoke access.
CYou want to rely on server memory to track user sessions for quick invalidation.
DYou need a stateless authentication mechanism that works well with multiple microservices.
Attempts:
2 left
💡 Hint
Think about whether the authentication needs to be stateless or stateful.
component_behavior
intermediate
2:00remaining
Effect of token expiration in JWT vs session
In a Spring Boot app using JWT, what happens when the JWT token expires compared to session expiration in session-based authentication?
AJWT tokens never expire; session expiration depends on client-side cookie settings.
BJWT token expiration forces client to get a new token; session expiration requires server to clear session data.
CJWT token expiration automatically refreshes the token; session expiration logs out the user immediately.
DJWT token expiration clears server session; session expiration invalidates JWT tokens.
Attempts:
2 left
💡 Hint
Consider where the expiration is checked and who manages it.
🔧 Debug
advanced
2:30remaining
Why does a Spring Boot app reject a valid JWT token?
Given a Spring Boot app using JWT authentication, which option explains why a valid JWT token might be rejected during request processing?
AThe token is expired but the server ignores expiration checks.
BThe token's signature algorithm does not match the server's expected algorithm.
CThe token is signed with the correct key but the server's clock is ahead causing premature expiration.
DThe token payload is missing the 'sub' claim but the server does not require it.
Attempts:
2 left
💡 Hint
Think about time synchronization between client and server.
state_output
advanced
2:30remaining
Session state behavior after server restart
What happens to user sessions in a Spring Boot app using session-based authentication if the server restarts without session persistence?
AAll user sessions are lost and users must log in again.
BSessions remain active because they are stored in client cookies.
CSessions are automatically restored from JWT tokens stored on the client.
DOnly sessions with 'remember me' enabled are preserved.
Attempts:
2 left
💡 Hint
Consider where session data is stored and what happens on server restart.
📝 Syntax
expert
3:00remaining
Correct JWT filter configuration in Spring Boot
Which code snippet correctly configures a JWT authentication filter in a Spring Boot security filter chain?
Spring Boot
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    return http
        .csrf(csrf -> csrf.disable())
        .authorizeHttpRequests(auth -> auth
            .requestMatchers("/public/**").permitAll()
            .anyRequest().authenticated()
        )
        .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
        .build();
}
AAdd the JWT filter before UsernamePasswordAuthenticationFilter to process token before username/password checks.
BAdd the JWT filter replacing UsernamePasswordAuthenticationFilter to avoid duplicate authentication.
CAdd the JWT filter as the last filter in the chain to catch all requests after authentication.
DAdd the JWT filter after UsernamePasswordAuthenticationFilter to ensure authentication happens first.
Attempts:
2 left
💡 Hint
Think about when the JWT token should be checked relative to username/password authentication.