POC about usage of JSON Web Tokens (JWT) in a secure way.
Java JavaScript HTML
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.idea
src/main
.gitignore
.travis.yml
README.md
article.wiki
demo1.png
demo2.png
demo3.png
demo4.png
demo5.png
demo6.png
poc-jwt.iml
pom.xml

README.md

Introduction

It's the code repository of the OWASP cheatsheet JSON Web Token (JWT) Cheat Sheet for Java.

A web page propose the creation, validation and revocation of the token, see the image below:

Get a token:

Demo1

Token stored in browser session storage:

Demo2

Associated user fingerprint hardened cookie issued to tackle token sidejacking:

Demo3

Verification of the token:

Demo4

Revocation of the token (logout):

Demo5

Verification of the token indicating that the token has been revoked and is not valid anymore:

Demo5

All classes are fully documented.

The project was developed with JAX-RS + Maven under IntelliJ IDEA Community Edition.

Build status

Build Status

Build or Run

You can also use the Run Application running configuration from Intellij project.

Run the following command to create a WAR archive:

mvn clean package

Run the following command to run the prototype (application will be available on https://localhost:8443):

mvn tomcat7:run-war