JWT (JSON Web Token) Authentication & Stateless Sessions Mock Test

Question 1: SPRING SECURITY - JWT Basics

What is the primary purpose of a JWT in authentication?

Question 2: SPRING SECURITY - Stateless Sessions with JWT

In a stateless authentication system using JWTs, how is user state managed?

Question 3: SPRING SECURITY - Code Snippet (JWT Validation Filter)

What is the purpose of the following filter snippet?

String token = request.getHeader("Authorization").substring(7);
Claims claims = Jwts.parser()
        .setSigningKey(secretKey)
        .parseClaimsJws(token)
        .getBody();

Question 4: SPRING SECURITY - JWT Signature

Why is a signature part of a JWT important?

Question 5: SPRING SECURITY - Code Snippet (JWT Creation)

What does this code do?

String token = Jwts.builder()
        .setSubject("user123")
        .setExpiration(new Date(System.currentTimeMillis() + 3600000))
        .signWith(SignatureAlgorithm.HS256, secretKey)
        .compact();

Question 6: SPRING SECURITY - Stateless vs Stateful Sessions

What is the key difference between JWT-based stateless authentication and session-based authentication?

Question 7: SPRING SECURITY - Code Snippet (Filter Registration)

Why is a JWT filter typically placed before UsernamePasswordAuthenticationFilter?

http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);

Question 8: SPRING SECURITY - JWT Expiration

What happens when a JWT is expired?

Question 9: SPRING SECURITY - Refresh Tokens

Why are refresh tokens commonly used with JWT authentication?

Question 10: SPRING SECURITY - Stateless REST APIs with JWT

What does the following configuration imply?

http
    .sessionManagement()
    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
    .authorizeHttpRequests()
    .anyRequest().authenticated();