JWT & Stateless Security
Stateless security with JWT, token generation and validation, security filters, refresh tokens
1What is the structure of a JWT (JSON Web Token)?
What is the structure of a JWT (JSON Web Token)?
Answer
A JWT consists of three parts separated by dots: Header (algorithm and type), Payload (claims/data), and Signature (integrity verification). Each part is Base64URL encoded. This structure allows secure and verifiable information transmission between two parties.
2Which JWT claim represents the subject (user) of the token?
Which JWT claim represents the subject (user) of the token?
Answer
The 'sub' (subject) claim identifies the JWT's subject, typically the authenticated user (e.g., user ID or username). It's a standard claim defined in RFC 7519. Other standard claims include 'iss' (issuer), 'exp' (expiration), 'iat' (issued at), 'aud' (audience), and 'jti' (JWT ID).
3What is the main difference between HMAC and RSA signing algorithms for JWT?
What is the main difference between HMAC and RSA signing algorithms for JWT?
Answer
HMAC (e.g., HS256) uses a shared symmetric secret key to sign and verify, while RSA (e.g., RS256) uses an asymmetric key pair (private to sign, public to verify). RSA is preferable when multiple services need to verify tokens without accessing the signing key, as in microservices architectures.
Which JWT claim defines the token expiration date?
How should a client send a JWT in an HTTP REST request?
+17 interview questions
Other Spring Boot interview topics
Spring Core - IoC & DI
Spring Boot Auto-Configuration
Spring Boot Starters
Application Properties & YAML
Logging with SLF4J & Logback
Spring Boot DevTools
Spring MVC Basics
Spring REST Controllers
Request & Response Handling
Exception Handling
Bean Validation
Spring Data JPA Basics
JPA Entities & Relationships
JPA Queries
Spring Data Repositories
Spring Security Basics
Spring Boot Actuator
Unit Testing with JUnit & Mockito
Spring Boot Testing
Profiles & Environment
RestTemplate & WebClient
Async & Scheduling
Caching with Spring
Spring WebFlux (Reactive)
Spring Transactions
Advanced Authentication & Authorization
OAuth2 & Authorization Server
Spring Boot & Docker
Microservices with Spring
Spring Cloud Config
Performance Optimization
GraalVM Native Images
Master Spring Boot for your next interview
Access all questions, flashcards, technical tests, code review exercises and interview simulators.
Start for free