Scribd Logo
Upload

Welcome to Scribd!

  • JWT and Spring Security Presentation

    Uploaded by

    kaouthar
    334 views19 pages
    The document provides an overview of a web application architecture including front end, back end, and data store components. It discusses technologies like HTML, CSS, JavaScript, Java, and databases. It also covers topics like application security with JSON web tokens, Spring Security, Angular integration, exception handling, and defending against brute force attacks.

    Original Description:

    Original Title

    Jwt+And+Spring+Security+Presentation

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides an overview of a web application architecture including front end, back end, and data store components. It discusses technologies like HTML, CSS, JavaScript, Java, and databases. It also covers topics like application security with JSON web tokens, Spring Security, Angular integration, exception handling, and defending against brute force attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    334 views19 pages

    JWT and Spring Security Presentation

    Uploaded by

    kaouthar
    The document provides an overview of a web application architecture including front end, back end, and data store components. It discusses technologies like HTML, CSS, JavaScript, Java, and databases. It also covers topics like application security with JSON web tokens, Spring Security, Angular integration, exception handling, and defending against brute force attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 19

    JWT Spring Security Angular

    Web Application Overview

    Front End Back End Data Store

    MySQL / MongoDB,
    HTML, CSS, JS Java / C# / NodeJS
    Oracle DB / DB2
    Front End
    Front End

    HTML, CSS, JS Server


    Back End
    Back End

    Java / C# / NodeJs Server


    Data Store

    Open Database Connectivity


    (Driver)
    (TCP / IP ~ SSL)
    Oracle DB / MySQL
    / Microsoft SQL Server
    Server
    The Cloud

    Server Front Server Back Server Data


    End End Store

    MySQL /
    MongoD
    Cloud Java /
    HTML, B,
    C# /
    CSS, JS Oracle
    NodeJS
    DB /
    DB2
    Application Security

    Front End Back End Data Store

    MySQL / MongoDB,
    HTML, CSS, JS Java / C# / NodeJS
    Oracle DB / DB2
    Application Design

    Front End Back End Data Store

    Angular Java MySQL


    Environment Setup

    Java (JDK) Intellij IDE

    NodeJs Eclipse IDE

    Angular CLI VS Code

    MySQL Google Chrome


    Web Application Security

    Web Services Web Apps Websites

    Security Threats
    Cross-site scripting
    SQL injection
    Denial-of-service attack
    Cross-site request forgery
    Authentication & Authorization

    Authentication Authorization

    Verifies you are Decides if you have


    who you say you permission to
    are access a resource
    Method: Method:
    • Login form • Access control URLs
    • HTTP authentication • Access control lists(ACLs)
    • Custom auth. method
    Json Web Token (JWT)

    Header Payload Signature

    { {
    "alg": "HS256", "sub": “johnd24", 256-bit-secret
    "typ": "JWT" "name": "John Doe",
    } "iat": 1516239022
    "claims": "create, edit"
    }
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI
    xMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwia
    WF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4f
    wpMeJf36POk6yJV_adQssw5c
    Security with Json Web Token (JWT)

    POST/login, username/password
    Client Application

    Json Web Token (JWT)


    Client Application

    GET /users, JWT


    Client Application
    JWT
    JPA Repository

    User Controller API Service Implementation Data Store

    POST /login
    User
    Service JPA
    GET /users MySQL
    Exception Handling

    Exception

    an error event that can happen during the


    execution of a program and disrupts its
    normal flow
    Exception Handling

    public User getUser(String username) {


    try {
    User user = userRepository.getUser(username);
    } catch (UserNotFoundException exception) {
    // handle exception here
    exception.printStackTrace();
    }
    return user;
    }
    Brute Force Attack

    Brute Force Attack

    an attacker submitting
    many passwords or passphrases with the hope
    of eventually guessing correctly

    https://en.wikipedia.org/wiki/Brute-force_attack
    JPA Repository

    User Controller API Service Implementation Data Store

    POST /login
    User
    Service JPA
    GET /users MySQL
    Front End Design

    Front End Back End

    HTML Component Service Java


    (UI / Template) (Class / Intermediary) (HTTP Calls) (API)

    You might also like