It's the code repository of the OWASP cheatsheet JSON Web Token (JWT) Cheat Sheet for Java.
A web page propose the creation, validation and revocation of the token, see the image below:
Get a token:
Token stored in browser session storage:
Associated user fingerprint hardened cookie issued to tackle token sidejacking:
Verification of the token:
Revocation of the token (logout):
Verification of the token indicating that the token has been revoked and is not valid anymore:
All classes are fully documented.
The project was developed with JAX-RS + Maven under IntelliJ IDEA Community Edition.
Build or Run
You can also use the Run Application running configuration from Intellij project.
Run the following command to create a WAR archive:
mvn clean package
Run the following command to run the prototype (application will be available on https://localhost:8443):