I want to create a jwt blacklist for everytime the user want to refresh the current one, (pratically there is also a fronted call to call this method every tot), My question is i want this blacklist is running for all the thread so for each user(I using wildfly).
My code is this:
This when a jwt is created:
@Component
public class JwtTokenUtil{
private List<String> blackList = new ArrayList<>();
public String getUsernameFromToken(String token) {
String username;
try {
if (token != null) {
String invalidToken;
synchronized (blackList) {
blackList.removeIf(tokn -> isTokenExpired(tokn));
invalidToken = blackList.stream().filter(blackList -> blackList.equals(token)).collect(Collectors.joining());
if (!StringUtils.isEmpty(invalidToken)) {
throw new RuntimeException("JWT is invalid");
}
}
final Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} .....
this when it refresh (I get nullpointerException on blackList)
public Boolean canTokenBeRefreshed(String token) {
if (!isTokenExpired(token)) {
synchronized (blackList) { <-NullPointerException
blackList.removeIf(tokn -> isTokenExpired(tokn));
blackList.add(token);
}
}
return (!isTokenExpired(token));
}
Both method are in the same class, but i don't know if this is a right way to do it and why i keep getting nullPointerException
