0

I have a web application like this:

Application Setup

An angular frontend for client and a spring MVC backend for admin panel.

  1. A angular web application requests a JWT token from tomcat/spring MVC.
  2. The angular application the uses the token as Bearer for HTTP requests.

But now a requirement has come up:

  1. The user will use that token to log in into the spring web application.
  2. The server will verify that token to create a session in the backend.

My question is, is the setup feasible, are there any security risks associated with using a JWT token to authenticate in spring mvc backend?

Improve this question
2
  • 1
    There is no issue if you are just using the token for authentication. Authorization is more complicated. Is an authenticated user restricted or is that sufficient to access your back-end? Commented Apr 12, 2021 at 19:26
  • I am using the token only for authentication. But, I am only authenticating the user using the token once (spring has already created the session). Commented Apr 12, 2021 at 19:38

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.