Menu
I have implemented JWT Authentication using Spring security. Since the Authorization header is visible in the browser an attacker can manipulate the data using token that which is present in the Authorization header. Is there any way to restrict this. I am using Spring boot and Angular 8. Any help is appreciated.
Example for data manipulation
801
asked Jan 31 '26 10:01
In principle you can never trust a client. You have to deal with manipulated data.
This means you always have to validate the clients requests, no matter what.
On a high level, there are many solutions to this kind of problem.
1) In case of created-by, for me this is a typical not-updatable field, because who created something never changes.
1a) in JPA a column can be annotated with updatable=false so this will always be disregarded for a merge operation.
1b) another option would be first to load the item from memory and only use attributes from the request that you allow to be saved for this business case, copy the allowed values over to the loaded item and merge the loaded item to the database.
2.) in other cases, for example for an updated-by field you need to cross check if the authenticated user matches the updated-by id. if not raise an exception/401 whatever.
3.) This one is going more to your solution I guess. I also suggest to not transfer your whole data that is stored for an item, rather use Transfer Objects or Use Case Objects. Using transfer objects or use case objects it virtually hides data, because you only transfer dedicated data. This is also a security recommendation because some data you just don't want to show to anyone, so if you hide them on the client-side but if it is already sent to the client an experienced user can always make data visible by inspection or manipulation. Just imagine you send salary information about a person every time you display a person ... A broadly used solution to map data objects to transfer objects and back is the mapstruct library.
Hope this helps to find a good solution.
173
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
