I have been given a spring boot web api project. There is a flutter application that will send a jwt token as a request and the api has to get the "ticket" value out of the payload and then check the database and send the required data. I am totally a newbie in this field but I have no choice rather than complete it.
I wanted to make the matter easy by just accepting the token and try to decode that and get the "ticket" value out. But I was unable to do so as I am unable to get the token in the very first place. The authentication is being done by some other api and that is providing the jwt token to the flutter application. Then the flutter application will send that token in any request to my api. I have a sample database with the data required and will have to resolve the request using "ticket" (which is acting as a username) from the database and will provide the data. I don't have to perform any authentication part - I just have to extract the token from the request - decode that and get the "ticket" value and have to search the database and provide the data.
token : eyJhbGciOiJIUzUxMiJ9.eyJ0aWNrZXQiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfQURNSU4iLCJST0xFX1BSRU1JVU1fTUVNQkVSIl0sImlzcyI6Imh0dHA6Ly9zdmxhZGEuY29tIiwiaWF0IjoxNDcyMzkwMDY1LCJleHAiOjE0NzIzOTA5NjV9.uaHqDrTNnn5TAljcWRYac9ifJJv5NR5cdn7id2xVCAKLD37_pY62jPlk70XtwqgSar03n2qEgzWyTdWXRcnsgQ
reuest : localhost:8080/persons?access_token=eyJhbGciOiJIUzUxMiJ9.eyJ0aWNrZXQiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfQURNSU4iLCJST0xFX1BSRU1JVU1fTUVNQkVSIl0sImlzcyI6Imh0dHA6Ly9zdmxhZGEuY29tIiwiaWF0IjoxNDcyMzkwMDY1LCJleHAiOjE0NzIzOTA5NjV9.uaHqDrTNnn5TAljcWRYac9ifJJv5NR5cdn7id2xVCAKLD37_pY62jPlk70XtwqgSar03n2qEgzWyTdWXRcnsgQ
The code is not necessary I just want to learn how it works. There are many videos in YouTube but they all are concentrated on the authentication which I don't have to perform and none is showing how the request from the application is to be handled. Any resources will also be a great help. Thank You.
reuest : localhost:8080/persons?access_token=eyJhbGciOiJIUzUxMiJ9.eyJ0aWNrZXQiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfQURNSU4iLCJST0xFX1BSRU1JVU1fTUVNQkVSIl0sImlzcyI6Imh0dHA6Ly9zdmxhZGEuY29tIiwiaWF0IjoxNDcyMzkwMDY1LCJleHAiOjE0NzIzOTA5NjV9.uaHqDrTNnn5TAljcWRYac9ifJJv5NR5cdn7id2xVCAKLD37_pY62jPlk70XtwqgSar03n2qEgzWyTdWXRcnsgQ
From the above request, you can design the controller like as follows :
@GetMapping("/persons")
public ResponseEntity loadPersons(@RequestParam("access_token") String access_token,HttpServletRequest request){
//Here you can play with the token now
//you can also get the token if it is coming with request header as follows :
String token =request.getHeader("access_token");//replace with the specific key
}
e.g.
public boolean isValidJWTToken(String jwtToken){
boolean isValid = true;
try {
Jwts.parser().setSigningKey(generateKey()).parseClaimsJws(jwtToken);
} catch (Exception e) {
isValid = false;
}
return isValid;
}
private Key generateKey() {
byte[] keyBytes=environment.getProperty("auth.jwt.secret.key").getBytes();
return new SecretKeySpec(keyBytes, 0,keyBytes.length,environment.getProperty("auth.jwt.secret.algo"));
}
TheJWT Token has 3 parts .
1. HEADER:ALGORITHM & TOKEN TYPE
2. PAYLOAD:DATA
3. SIGNATURE
All the above 3 parts are your business driven. So you can better know which is the algo used for encode . Accordingly, you can do decode.