0
Jump into concepts and practice - no test required
Recommended
POST /login -> verify user -> create JWT -> send JWT Client stores JWT Client sends API request with JWT Server verifies JWT -> allow or reject
| Step | Action | Input | Output | Result |
|---|---|---|---|---|
| 1 | Client sends login request | username/password | Request received | Server ready to verify |
| 2 | Server verifies credentials | username/password | Valid user | Proceed to create JWT |
| 3 | Server creates JWT token | User info | JWT token string | Token ready to send |
| 4 | Server sends JWT to client | JWT token | HTTP response with token | Client receives token |
| 5 | Client stores JWT | JWT token | Stored in memory/local storage | Ready for API calls |
| 6 | Client sends API request with JWT | API request + JWT | Request received with token | Server verifies token |
| 7 | Server verifies JWT | JWT token | Valid or invalid | Decision to allow or reject |
| 8 | If valid | Valid token | Process API request | Respond with data |
| 9 | If invalid | Invalid token | Reject request | Respond with error |
| 10 | End | N/A | N/A | Request cycle complete |
| Variable | Start | After Step 3 | After Step 5 | After Step 7 | Final |
|---|---|---|---|---|---|
| username/password | User input | Verified | N/A | N/A | N/A |
| JWT token | None | Created | Stored on client | Verified | Used or rejected |
| API request | None | None | Sent with JWT | Processed or rejected | Response sent |
JWT (JSON Web Token) is a secure token created after login. It proves user identity for API requests without resending passwords. Client stores JWT and sends it with each API call. Server verifies JWT to allow or reject access. This keeps APIs secure and stateless.
@GetMapping("/profile")
public ResponseEntity<String> getProfile(@RequestHeader("Authorization") String authHeader) {
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
return ResponseEntity.status(401).body("Unauthorized");
}
String token = authHeader.substring(7);
// Assume validateToken returns false if token invalid
if (!jwtService.validateToken(token)) {
return ResponseEntity.status(401).body("Unauthorized");
}
return ResponseEntity.ok("User profile data");
}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String authHeader = req.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Bearer ")) {
String token = authHeader.substring(7);
if (jwtService.validateToken(token)) {
SecurityContextHolder.getContext().setAuthentication(null);
}
}
chain.doFilter(request, response);
}