diff --git a/changelog/0.7.0.yaml b/changelog/0.7.0.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ebbc24822290518325fb57626e4a7799cf2049a3
--- /dev/null
+++ b/changelog/0.7.0.yaml
@@ -0,0 +1,6 @@
+author: tgsiegel
+change_type: Feature
+commit: add jwt interceptor
+date: '2023-04-06'
+merge_request: https://gitlab.cs.umd.edu/dawn/java/dawn-java-common/-/merge_requests/6
+version: 0.7.0
diff --git a/src/main/java/edu/umd/dawn/common/interceptor/JWTInterceptor.java b/src/main/java/edu/umd/dawn/common/interceptor/JWTInterceptor.java
new file mode 100644
index 0000000000000000000000000000000000000000..828d814e808a22fb87eef2f671e9acd2036596c9
--- /dev/null
+++ b/src/main/java/edu/umd/dawn/common/interceptor/JWTInterceptor.java
@@ -0,0 +1,56 @@
+package edu.umd.dawn.common.interceptor;
+
+import edu.umd.dawn.common.jwt.Claims;
+import edu.umd.dawn.common.jwt.JWTUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.log4j.Log4j2;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+
+/**
+ * interceptor to pull the claims and token for a jwt
+ * @implNote This does NOT throw any error if a jwt is not provided
+ */
+@Log4j2
+public class JWTInterceptor implements HandlerInterceptor {
+
+    private boolean local;
+    private boolean warn;
+    private String accessSecret;
+
+    /**
+     * 
+     * @param accessSecret JWT Access Secret from configuration
+     * @param local is the environment a local env or not
+     * @param warn should a warning be thrown if no jwt is provided
+     */
+    public JWTInterceptor(String accessSecret, boolean local, boolean warn) {
+        this.local = local;
+        this.accessSecret = accessSecret;
+        this.warn = warn;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
+        if (!local) {
+            String token = request.getHeader("Authorization");
+            if (token != null && !token.equals("")) {
+                if (token.startsWith("Bearer ")) {
+                    token = token.replace("Bearer ", "");
+                }
+
+                Claims claims = JWTUtil.parse(accessSecret, token).getClaims();
+                request.setAttribute("claims", claims);
+                request.setAttribute("token", token);
+            } else if (warn) {
+                log.warn("No jwt provided");
+            }
+        } else {
+            log.warn("JWT interceptor has been disabled - if this is a production environment, consider this a"
+                    + " critical security error");
+        }
+        return true;
+    }
+}