JWT Interceptor used to authorize requests.

JWTInterceptor.java

public class JWTInterceptor implements HandlerInterceptor {

    @Value("${jwt.key}")
    private String jwtKey;

    @Autowired
    private BlackListingService blackListingService;

    @Autowired
    private UserRequestScopedBean userRequestScopedBean;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {

        try {

            String token = request.getHeader("Authorization");
            token = token.substring(7);

            Jwts.parser()
                    .setSigningKey(Base64.encodeBase64String(jwtKey.getBytes()))
                    .parseClaimsJws(token);

            String blackListedToken = blackListingService.getJwtBlackList(token);
            if (blackListedToken != null) {
                log.error("JwtInterceptor: Token is blacklisted");
                response.sendError(401);
                return false;
            }

            userRequestScopedBean.setJwt(token);
            return true;

        } catch (Exception e) {
            log.error("JwtInterceptor - Exception : {} ",e.getMessage());
            response.sendError(401);
            return false;
        }
    }

} 

Related to medium article: https://blog.devgenius.io/fixing-jwt-insecure-session-termination-by-blacklisting-tokens-36d783adfd67