Improve token handling

webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java

@@ -30,8 +30,6 @@ import static org.springframework.util.StringUtils.hasText;
 @Builder(toBuilder = true)
 public class JWTToken {
 
-    private static final Pattern jwtPattern = Pattern.compile("(.*)\\.(.*)\\.(.*)");
-
     private String encoded = "";
     private String secretKey;
     private String header;
@@ -100,12 +98,12 @@ public class JWTToken {
     }
 
     private static JWTToken parseToken(String jwt) {
-        var matcher = jwtPattern.matcher(jwt);
+        var token = jwt.split("\\.");
         var builder = JWTToken.builder().encoded(jwt);
 
-        if (matcher.matches()) {
+        if (token.length >= 2) {
-            var header = new String(decodeFromUrlSafeString(matcher.group(1)), UTF_8);
+            var header = new String(decodeFromUrlSafeString(token[0]), UTF_8);
-            var payloadAsString = new String(decodeFromUrlSafeString(matcher.group(2)), UTF_8);
+            var payloadAsString = new String(decodeFromUrlSafeString(token[1]), UTF_8);
             var headers = parse(header);
             var payload = parse(payloadAsString);
             builder.header(write(header, headers));

webwolf/src/main/resources/templates/jwt.html

@@ -54,7 +54,7 @@
         <br/>
         <div class="input-group">
             <span class="input-group-addon">Secret key</span>
-            <input type="text" value="webgoat" class="form-control" id="secretKey">
+            <input type="text" placeholder="Enter your secret key" class="form-control" id="secretKey">
         </div>
 
         <div class="input-group">