Challenge - 5 Problems

🎖️

Stateless Authentication Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Understanding Stateless Authentication Tokens

In a stateless authentication system using JWTs (JSON Web Tokens), what happens when a user logs out?

AThe server deletes the token from its session store to invalidate it.

BThe server sends a new token with a logout flag to the client.

CThe server marks the token as expired in a centralized database.

DThe client deletes the token locally, and the server does not store any session data.

Attempts:

2 left

❓ component_behavior

intermediate

2:00remaining

Token Validation in Stateless Authentication

Given a Spring Boot REST API using stateless JWT authentication, what is the server's behavior when it receives a request with an expired token?

AThe server rejects the request with an unauthorized error without checking any session.

BThe server refreshes the token automatically and processes the request.

CThe server looks up the token in a session store to verify expiration.

DThe server ignores the token and allows the request to proceed.

Attempts:

2 left

📝 Syntax

advanced

2:30remaining

Correct JWT Filter Configuration in Spring Boot

Which of the following Spring Boot filter configurations correctly implements stateless JWT authentication by validating tokens on each request?

Spring Boot

public class JwtAuthenticationFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        String token = extractToken(request);
        if (token != null && validateToken(token)) {
            UsernamePasswordAuthenticationToken auth = getAuthentication(token);
            SecurityContextHolder.getContext().setAuthentication(auth);
        }
        filterChain.doFilter(request, response);
    }
}

AAdd the filter with session management set to IF_REQUIRED and enable CSRF.

BAdd the filter with session management set to ALWAYS and disable CSRF.

CAdd the filter with session management set to STATELESS and disable CSRF.

DAdd the filter without configuring session management or CSRF.

Attempts:

2 left

🔧 Debug

advanced

2:30remaining

Identifying the Cause of Token Rejection

A Spring Boot app using stateless JWT authentication rejects all valid tokens with an unauthorized error. Which code snippet is the most likely cause?

Spring Boot

public boolean validateToken(String token) {
    try {
        Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
        return true;
    } catch (ExpiredJwtException e) {
        return false;
    } catch (JwtException e) {
        return false;
    }
}

AThe filter does not call filterChain.doFilter after validation.

BThe secretKey used to parse tokens is different from the one used to sign them.

CThe token is not extracted from the Authorization header correctly.

DThe validateToken method does not catch all exceptions and crashes.

Attempts:

2 left

❓ lifecycle

expert

3:00remaining

Stateless Authentication Token Expiry and Refresh Flow

In a stateless JWT authentication system, which sequence correctly describes the lifecycle of token expiry and refresh to maintain user access without server session storage?

A1, 2, 3, 4

B1, 3, 2, 4

C2, 1, 3, 4

D1, 2, 4, 3

Attempts:

2 left