Best of JWTOctober 2024

  1. 1
    Article
    Avatar of faunFaun·2y

    Java 23, SpringBoot 3.3.4, Jakarta 10

    A rapid-start template optimized for microservices and cloud-native architectures using Java 23, SpringBoot 3.3.4, and Jakarta 10. It features a packaging structure based on Hexagonal Architecture, cross-cutting concerns handled via AOP, JWT for authentication and authorization, robust web security, and Docker containerization. The Hexagonal Architecture ensures a clear separation of concerns, maintaining flexibility and adaptability. Comprehensive logging, multiple Spring profiles, and extensive use of Swagger and OpenAPI for API documentation are also highlighted.

  2. 2
    Article
    Avatar of systemweaknessSystem Weakness·2y

    JSON WEB TOKEN (JWT)

    JSON Web Tokens (JWT) are a standard mechanism for transferring cryptographically signed JSON data, commonly used for access control, session handling, and authentication. Unlike traditional session tokens, JWTs store all necessary data client-side, making them ideal for distributed systems. JWTs consist of a payload, a signature, and a header. They are often used with JSON Web Signature (JWS) and JSON Web Encryption (JWE) extensions. JWT vulnerabilities include flawed signature verification, secret key brute-forcing, header parameter injections, and algorithm confusion attacks. To mitigate these risks, it's crucial to perform robust signature verification, use up-to-date libraries, and apply best practices such as setting token expiration dates and avoiding tokens in URL parameters.

See all JWT archives