Professional Documents
Culture Documents
JWT and Spring Security Presentation
JWT and Spring Security Presentation
MySQL / MongoDB,
HTML, CSS, JS Java / C# / NodeJS
Oracle DB / DB2
Front End
Front End
MySQL /
MongoD
Cloud Java /
HTML, B,
C# /
CSS, JS Oracle
NodeJS
DB /
DB2
Application Security
MySQL / MongoDB,
HTML, CSS, JS Java / C# / NodeJS
Oracle DB / DB2
Application Design
Security Threats
Cross-site scripting
SQL injection
Denial-of-service attack
Cross-site request forgery
Authentication & Authorization
Authentication Authorization
{ {
"alg": "HS256", "sub": “johnd24", 256-bit-secret
"typ": "JWT" "name": "John Doe",
} "iat": 1516239022
"claims": "create, edit"
}
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI
xMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwia
WF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4f
wpMeJf36POk6yJV_adQssw5c
Security with Json Web Token (JWT)
POST/login, username/password
Client Application
POST /login
User
Service JPA
GET /users MySQL
Exception Handling
Exception
an attacker submitting
many passwords or passphrases with the hope
of eventually guessing correctly
https://en.wikipedia.org/wiki/Brute-force_attack
JPA Repository
POST /login
User
Service JPA
GET /users MySQL
Front End Design