stackoom
  简体   繁体   中英

Role based Rest-API using JWT

 原文  2016-08-08 20:35:20       java/ rest/ java-ee/ jax-rs/ jwt

Question

I'm implementing a simple Rest-API in java with jax-rs. I use JWT and a ContainerRequestFilter to verify that the user is logged-in.

Now I want to be able to handle different roles. Is it ok to store the user roles in the JWT (claim) and fully trust it to give access or not to an endpoint ?

If not what's the best way to achieve this ?

Thanks for the help

1 answers

solution1
 3 ACCPTED  2016-08-09 01:12:36

Is it ok to store the user roles in the JWT (claim) and fully trust it to give access or not to an endpoint ?

Yes, that should be fine. As long as you make sure the JWT token is properly signed , you can be assured that no one can make changes to the token and assign themselves high-privilege roles.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using JWT with role based authorization Paypal Rest-API Account how to put wait time between rest-api calls based on condition Throwing exception for missing id in REST-API Add elements to existing REST-api How to properly structure REST-API endpoints REST-API documentation generation from unittests How to handle multiple entities passed from a REST-API in a saga using event-sourcing (axon framework)? Rest-Api Call Other Rest-Api In Spring boot Not Working for (Multipart-File) Unwanted chars written from java REST-API to HadoopDFS using FSDataOutputStream
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM