You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to reduce the (bot)attack surface of my endpoint, I want to tie down a JWT token to the user agent (HTTP request header) and session (an HTTP Cookie).
I want to validate if the HTTP request made with a JWT token (Authorization header) has the user_agent and session claims and it matches the user-agent header and session cookie in the HTTP request.
Since the above line of code is not very common in other places of the project, please advise if using the above code has any performance implications.
Close: #381
remove default from TokenValidator
revert as before
leave implementation in validate(String)
don't override request
don't override request
remove unused imports
remove unused imports
you have to opt-in to pass httprequest
make it configurable pass-http-request
add boolean value
remove ugly pass http request
In order to reduce the (bot)attack surface of my endpoint, I want to tie down a JWT token to the user agent (HTTP request header) and session (an HTTP Cookie).
I want to validate if the HTTP request made with a JWT token (Authorization header) has the user_agent and session claims and it matches the user-agent header and session cookie in the HTTP request.
As per the documentation, I have an easy way to create JWT token claims from HttpRequest headers or Cookie values
https://micronaut-projects.github.io/micronaut-security/latest/guide/#claimsGeneration
It would be nice, if the JwtClaimsValidator also supports HttpRequest object as a parameter, in order to perform claims validation.
The solution recommended to work around the limitation is to use
Since the above line of code is not very common in other places of the project, please advise if using the above code has any performance implications.
Example Application
I've created a sample application with the above feature and the recommended solution.
https://github.com/arunapi/micronaut-jwt-sec-app
I am reporting this issue as per the request from @jameskleeh in order to describe my use case.
https://gitter.im/micronautfw/questions?at=5f621df2a9c2c8511e9bb040
The text was updated successfully, but these errors were encountered: