JWT & Stateless Security

Stateless security with JWT, token generation and validation, security filters, refresh tokens

20 питань зі співбесід·

Senior

What is the structure of a JWT (JSON Web Token)?

Відповідь

A JWT consists of three parts separated by dots: Header (algorithm and type), Payload (claims/data), and Signature (integrity verification). Each part is Base64URL encoded. This structure allows secure and verifiable information transmission between two parties.

Which JWT claim represents the subject (user) of the token?

Відповідь

The 'sub' (subject) claim identifies the JWT's subject, typically the authenticated user (e.g., user ID or username). It's a standard claim defined in RFC 7519. Other standard claims include 'iss' (issuer), 'exp' (expiration), 'iat' (issued at), 'aud' (audience), and 'jti' (JWT ID).

What is the main difference between HMAC and RSA signing algorithms for JWT?

Відповідь

HMAC (e.g., HS256) uses a shared symmetric secret key to sign and verify, while RSA (e.g., RS256) uses an asymmetric key pair (private to sign, public to verify). RSA is preferable when multiple services need to verify tokens without accessing the signing key, as in microservices architectures.

Which JWT claim defines the token expiration date?

How should a client send a JWT in an HTTP REST request?

+17 питань зі співбесід

Інші теми співбесід Spring Boot

JWT & Stateless Security

What is the structure of a JWT (JSON Web Token)?

Відповідь

Which JWT claim represents the subject (user) of the token?

Відповідь

What is the main difference between HMAC and RSA signing algorithms for JWT?

Відповідь

Which JWT claim defines the token expiration date?

How should a client send a JWT in an HTTP REST request?

Інші теми співбесід Spring Boot

Spring Core - IoC & DI

Spring Boot Auto-Configuration

Spring Boot Starters

Application Properties & YAML

Logging with SLF4J & Logback

Spring Boot DevTools

Spring MVC Basics

Spring REST Controllers

Request & Response Handling

Exception Handling

Bean Validation

Spring Data JPA Basics

JPA Entities & Relationships

JPA Queries

Spring Data Repositories

Spring Security Basics

Spring Boot Actuator

Unit Testing with JUnit & Mockito

Spring Boot Testing

Profiles & Environment

RestTemplate & WebClient

Async & Scheduling

Caching with Spring

Spring WebFlux (Reactive)

Spring Transactions

Advanced Authentication & Authorization

OAuth2 & Authorization Server

Spring Boot & Docker

Microservices with Spring

Spring Cloud Config

Performance Optimization

GraalVM Native Images

Опануй Spring Boot для наступної співбесіди