Tag: jwt

JAVA uses JWT to generate token

Definition JWT (JSON Web Token) In short, JWT is an encrypted string. The information transmitted by JWT is digitally signed, so the transmitted information can be verified and trusted. It is generally used to transfer the identity information of the authenticated user between the identity provider and the service provider in order to obtain resources […]

40 JAVA security-JWT security and precompiled CASE injection, etc.

Directory SQL Injection(mitigation) Demonstration case: Javaweb-SQL injection attack-precompilation mechanism bypass Javaweb-Authentication Attack-JWT Modification Forgery Attack jwt encryption and decryption: https://jwt.io/#debugger-io Through the early study of WEB vulnerabilities, I have mastered the principles and utilization of most security vulnerabilities. However, due to the differences in various scripting language development environments, new security issues will exist. Among […]

[springboot+jwt] Implement more complex token verification (with source code)

JWT official website: jwt official website link Source code address: springboot-token What is 1.jwt Json web token (JWT), is a JSON-based open standard (RFC 7519) for conveying claims between web application environments. It defines a concise, self-contained method Used to securely transfer information in the form of JSON objects between communicating parties. Because of the […]

XSS types || Defense methods || Bypass || Principle || Miscellaneous knowledge || mxss || uxss || cookie || session || jwt

XSS types || Defense methods || Bypass || Principle || Miscellaneous knowledge || mxss || uxss || cookie || session || jwt Three types of XS attacks **Reflective XSS: **Not persistent. It is a type that needs to trick users into clicking on a specific link to trigger. Usually, it is necessary to trick users […]

JWT unauthorized access vulnerability

JWT unauthorized access vulnerability Article directory JWT unauthorized access vulnerability Original reference: [xiu](http://www.xiusafe.com/2023/02/08/JWT/) 1 Shooting range setup: 2 Header composition of JWT 2.1 Head 2.1.1 alg: 2.1.2 type: 2.2 payload 2.3 Signature 3 Vulnerability recurrence 3.1 Attack point token (third level) 3.2 Parse and encrypt the token value base64 encryption method, which can only be […]

SpringBoot-jwt framework

Today I saw a jwt framework written by a big guy which is quite interesting. I tried it myself and I have to say that it looked easy but it was really not easy to do it. Fortunately, I succeeded in the end. . . (The getUserList interface is what I use to test the […]

Get user id in springboot–threadLocal && jwt

threadLocal # 1. Create a threadLocal tool class # 1. Create a threadLocal tool class public class BaseContext { public static ThreadLocal<Long> threadLocal = new ThreadLocal<>(); //Get the current id from the jwt interceptor public static void setCurrentId(Long id) { threadLocal.set(id); } //After obtaining it, bring it to the place where you want to use […]