A forward does not change the URL in browser address bar

A forward basically tells the server to use the given JSP to present the results. It does not tell the client to send a new HTTP request on the given JSP. If you expect a change in the address bar of the client, then you have to tell the client to send a new HTTP request. You can do that by sending a redirect instead of a forward.

So, instead of

RequestDispatcher d=request.getRequestDispatcher("/index.jsp");
System.out.println("z");
d.forward(request, response);

do

response.sendRedirect(request.getContextPath() + "/index.jsp");

An alternative is to get rid of the /index.jsp URL altogether and use /Hai URL all the time. You can achieve this by hiding the JSP away in /WEB-INF folder (so that the enduser can never open it directly and is forced to use the servlet's URL for this) and implement the doGet() of the servlet as well to display the JSP:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    request.getRequestDispatcher("/WEB-INF/index.jsp").forward(request, response);
}

This way, you can just open http://localhost:8080/Project/Hai and see the output of the JSP page and the form will just submit to the very same URL, so the URL in browser address bar will basically not change. I would maybe only change the /Hai to something more sensible, such as /login.

https://stackoverflow.com/questions/9221650/a-forward-does-not-change-the-url-in-browser-address-bar

Decrypt jwt token Authorization bearer

uppose that I response an encrypted access token to the user in web api response, which the user use it to access api in Authorization: Bearer header. Lets Assume that the user now has access token "abc". And JwtAuthorizationBearer now accepts token unencrypted token "def". But i would like it to accept the authorization bearer validation when user post the encrypted access token "abc" back. How could it be done?

I have seen a function name OnRequestToken but not sure whether it is used for this case.

app.UseJwtBearerAuthentication(
    new JwtBearerAuthenticationOptions
    {
        AuthenticationMode = AuthenticationMode.Active,
        AllowedAudiences = new[] { audience },
        IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
        {
            new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
        },
        Provider = new OAuthBearerAuthenticationProvider
        {
            OnValidateIdentity = context =>
            {
                if (!string.IsNullOrEmpty(token))
                {
                    var notPadded = token.Split('.')[1];
                    var padded = notPadded.PadRight(notPadded.Length + (4 - notPadded.Length % 4) % 4, '=');
                    var urlUnescaped = padded.Replace('-', '+').Replace('_', '/');
                    var claimsPart = Convert.FromBase64String(urlUnescaped);

                    var obj = JObject.Parse(Encoding.UTF8.GetString(claimsPart, 0, claimsPart.Length));

                    // simple, not handling specific types, arrays, etc.
                    foreach (var prop in obj.Properties().AsJEnumerable())
                    {
                        if (!context.Ticket.Identity.HasClaim(prop.Name, prop.Value.Value()))
                        {
                            context.Ticket.Identity.AddClaim(new Claim(prop.Name, prop.Value.Value()));
                        }
                    }
                }

                return Task.FromResult(null);
            }
        }
    });

https://stackoverflow.com/questions/34197323/decrypt-jwt-token-authorization-bearer