Recently i have introduced JWT authentication to my Springboot and Angualr2 based App.
In There i tried to do a POST request by passing the JWT token as below in my Angualr code
save(jobId: number, taskId: number, note: Note) {
return this.http.post(environment.APIENDPOINT + '/jobs/' + jobId + '/tasks/' + taskId + '/notes', note, this.setHeaders()).map((response: Response) => response.json());
}
private setHeaders() {
// create authorization header with jwt token
let currentUser = JSON.parse(localStorage.getItem('currentUser'));
console.log(Current token---+ currentUser.token);
if (currentUser && currentUser.token) {
let headers = new Headers();
headers.append('Content-Type', 'application/json');
headers.append('authorization','Bearer '+ currentUser.token);
let r = new RequestOptions({ headers: headers })
return r;
}
}
However in the server side it returns status code 401. The issue is in the Springboot side it checks the authorization header as below and it returns null
String authToken = request.getHeader(authorization );
Then i had a look at the request header and it has the authorization header under Access-Control-Request-Headers as below. But it is not visible to the server side.
Then i read further and found that this could be an issue with CORS configuration. So i have modified my CORS configuration filter to have addExposedHeader as below
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin(*);
config.addAllowedHeader(*);
config.addExposedHeader(authorization);
config.addAllowedMethod(OPTIONS);
config.addAllowedMethod(GET);
config.addAllowedMethod(POST);
config.addAllowedMethod(PUT);
config.addAllowedMethod(DELETE);
//config.addExposedHeader(Content-Type);
source.registerCorsConfiguration(/**, config);
return new CorsFilter(source);
}
Still the server complains that it can not find the Authorization header. Did i miss any thing here? Appreciate your help
Solution
After reading the sideshowbarker's comment below, i was able to understand the basics behind the issue.
In My Project I have a JWT token filter and inside that it always checks the Authorization header. Then i have modified it as below and now it works as expected
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
try {
if (OPTIONS.equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
}else{
String authToken = request.getHeader(this.tokenHeader);
jWTTokenAuthenticationService.parseClaimsFromToken(authToken);
--
}
chain.doFilter(request, response);
}Catch(AuthenticationException authEx){
SecurityContextHolder.clearContext();
if (entryPoint != null) {
entryPoint.commence(request, response, authEx);
}
}
}