Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JWT (JSON Web Token) library for Java [closed]

Tags:

java

json

token

web

jwt

I am working on a web application developed using Java and AngularJS and chose to implement token authentication and authorization. For the exercise purpose, I've come to the point where I send the credentials to the server, generate a random token store it and send it back to the client. At every request to the server I'm attaching the token in the header and it works perfectly. For the authentication point of view is perfect and wouldn't need more.

However, I now want to keep track of the user type (admin, regular user...), as well as it's id, or any other unique field; as I understood I have to encrypt that in the token that I'm sending back to the client during the log in action. Is that correct?

Is there any JWT library that you used and can generate, encrypt and decrypt such tokens? A link to the library's API and Maven dependency would be much appreciated.

Thanks

like image 884
Marius Manastireanu Avatar asked May 22 '14 13:05

Marius Manastireanu

People also ask

Can we use JWT in Java?

Java support for JWT (JSON Web Tokens) used to require a lot of work: extensive customization, hours lost resolving dependencies, and pages of code just to assemble a simple JWT. Not anymore! This tutorial will show you how to use an existing JWT library to do two things: Generate a JWT.

What is JWT token Java?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Where is JSON Web Token stored?

A JWT needs to be stored in a safe place inside the user's browser. If you store it inside localStorage, it's accessible by any script inside your page.

Why is JWT not safe?

Although JWT does eliminate the database lookup, it introduces security issues and other complexities while doing so. Security is binary—either it's secure or it's not. Thus making it dangerous to use JWT for user sessions.

2 Answers

JJWT aims to be the easiest to use and understand JWT library for the JVM and Android:

https://github.com/jwtk/jjwt

like image 61
Les Hazlewood Avatar answered Sep 22 '22 17:09

Les Hazlewood

If anyone in the need for an answer,

I used this library: http://connect2id.com/products/nimbus-jose-jwt Maven here: http://mvnrepository.com/artifact/com.nimbusds/nimbus-jose-jwt/2.10.1

like image 35
Marius Manastireanu Avatar answered Sep 24 '22 17:09

Marius Manastireanu
Sign in to Comment

Related questions

How to solve circular reference in json serializer caused by hibernate bidirectional mapping?
In Java when does a URL connection close?
Large difference in speed of equivalent static and non static methods
Why has it failed to load main-class manifest attribute from a JAR file?
How does Java makes use of multiple cores?
What operations in Java are considered atomic?
Capturing image from webcam in java?
java how expensive is a method call
Using a custom truststore in java as well as the default one
When to use a Constructor and when to use getInstance() method (static factory methods)?
Explain JMX URL
Does assigning objects to null in Java impact garbage collection?
How can I prevent java.lang.NumberFormatException: For input string: "N/A"? [closed]
Why is processing a sorted array *slower* than an unsorted array? (Java's ArrayList.indexOf)
CollectionAssert in jUnit?
Is it possible to do computation before super() in the constructor?
Migrations for Java [closed]
Java synchronized block vs. Collections.synchronizedMap
Static block vs. initializer block in Java? [duplicate]
Guava: Why is there no Lists.filter() function?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!