Security Attacks possible on TokenBased Authentication?

Question

I have designed a web application which uses very simple implementation of JWT token's to provide Authentication/Authorization.

My Implementation :

1. There are two types of urls's public and secure.
2. Public urls are to generate token with username/password.

3. I have added filter on secure url to check for the Authorization Header and JWT Token.

   @Bean    
   public FilterRegistrationBean jwtFilter() 
   {
        final FilterRegistrationBean registrationBean = new 
        FilterRegistrationBean();
        registrationBean.setFilter(new JwtFilter());
        registrationBean.addUrlPatterns("/secure/*");
   
        return registrationBean;
   

   }

4. Filter will validate the token. I haven't added expiration date yet.

   final HttpServletRequest request = (HttpServletRequest) req;
   final HttpServletResponse response = (HttpServletResponse) res;
   final String authHeader = request.getHeader("authorization");
   
   if ("OPTIONS".equals(request.getMethod())) {
       response.setStatus(HttpServletResponse.SC_OK);
   
       chain.doFilter(req, res);
   } else {
   
       if (authHeader == null || !authHeader.startsWith("Bearer ")) {
           throw new ServletException("Missing or invalid Authorization header");
       }
   
       final String token = authHeader.substring(7);
   
       try {
           final Claims claims = Jwts.parser().setSigningKey(secretKey.toString).parseClaimsJws(token).getBody();
           request.setAttribute("claims", claims);
       } catch (final SignatureException e) {
           throw new ServletException("Invalid token");
       }
   
       chain.doFilter(req, res);
   }
   

This is providing authentication and also its is immune to CSRF.No one can create valid token without secret Key.

Are there other attacks possible on token base authentication service which i have missed?