Java EE notebook
  • Introduction
  • /web-customer-tracker
  • Web Service
  • AOP
  • Web Server2(Spring REST)
  • Security
  • Json
  • Web Server VS Application Server VS Web Containers
  • different between Servlet & JSP2
  • DI
  • 0
  • 1annotation inversion of control, bean scope
  • 2 annotation dependency injection
  • 3 annotation bean scope, java code config
  • 4 Spring MVC
  • rest web services
  • Spring-Hibernate0
  • Spring-Hibernate1
  • @ManyToMany
  • spring mvc work flow
  • Spring Security
  • JWT
  • @Autowired
  • Jersey REST Service
  • Spring Bean
Powered by GitBook
On this page

Was this helpful?

JWT

PreviousSpring SecurityNext@Autowired

Last updated 5 years ago

Was this helpful?

5 Easy Steps to Understanding JSON Web Tokens (JWT)

a JWT is just a String with the following format:

header.payload.signature

It should also be noted that JWT should be sent over HTTPS connections(not HTTP). Having HTTPS helps prevents unauthorized users from stealing the sent JWT by making it so that the communication between the servers and the user cannot be intercepted.

Also, having an expiration in your JWT payload, a short one in particular, is important so that if old JWT ever get compromised, they will be considered invalid and can no longer be used.

https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec