'Validate Jwt signature
I have an app with React in the frontend and SpringBoot in the backend for the API, when I login with some user it saves the token in localStorage and you can modify it. So, if you modify it and change the values of the token (included the signature) the app doesn't say anything. The thing is, how can I validate in every request (POST, GET, PUT) that the user's token is valid (signature valid)?
Solution 1:[1]
To enable validation of a user's JWT token you'll have to configure Spring Security with OAuth2 in your project, specifically the Resource Server.
To do this you'll have to add this dependency to your project:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
Then add something like this to your application.yml:
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://localhost:8083/auth/realms/.../protocol/openid-connect/certs
JWTs include all the information within the Token, so the Resource Server needs to verify the Token’s signature to make sure the data has not been modified. The jwk-set-uri property contains the public key that the server can use for this purpose.
And then configure HTTP security itself, e.g.:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
...
.anyRequest()
.authenticated()
.and()
.oauth2ResourceServer()
.jwt();
}
}
References:
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | dekkard |