I am creating rest API with JWT token base security using spring boot and spring security. I want to throw custom exception when token is invalid. So that I have create custom exception class and whenever I throw that exception, I get blank response in postman every time.
I want throw this one
if (header == null || !header.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}
because I am sending token without Bearer keyword. It print in console but not throw in postman.
blank response in postman every time
JwtAuthenticationEntryPoint class
@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint, Serializable[!
private static final long serialVersionUID = 1L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}
WebSecurityConfig class
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
}
@Bean
public JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception {
return new JwtAuthenticationFilter();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/login").permitAll().anyRequest()
.authenticated().and().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public BCryptPasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
}
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Value("${jwtTokenPrefix}")
private String tokenPrefix;
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain)
throws IOException, ServletException {
String header = req.getHeader("Authorization");
String username = null;
String authToken = null;
if (header == null || !header.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}
authToken = header.replace(tokenPrefix, "");
jwtTokenUtil.validateJwtToken(authToken);
username = jwtTokenUtil.getUserNameFromJwtToken(authToken);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails,
null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(req));
logger.info("authenticated user " + username + ", setting security context");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
chain.doFilter(req, res);
}
}
@Component
public class JwtTokenUtil implements Serializable {
private static final long serialVersionUID = 1L;
@Value("${jwtSecret}")
private String jwtSecret;
@Value("${jwtExpirationInMs}")
private int jwtExpirationMs;
public String generateJwtToken(String username) {
return Jwts.builder()
.setSubject((username))
.setIssuedAt(new Date())
.setExpiration(new Date((new Date()).getTime() + jwtExpirationMs))
.signWith(SignatureAlgorithm.HS512, jwtSecret)
.compact();
}
public String getUserNameFromJwtToken(String token) {
return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
}
public void validateJwtToken(String authToken) throws JwtTokenMalformedException, JwtTokenMissingException {
try {
Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken);
} catch (SignatureException e) {
throw new JwtTokenMalformedException("Invalid JWT signature");
} catch (MalformedJwtException e) {
throw new JwtTokenMalformedException("Invalid JWT token");
} catch (ExpiredJwtException e) {
throw new JwtTokenMalformedException("Expired JWT token");
} catch (UnsupportedJwtException e) {
throw new JwtTokenMalformedException("Unsupported JWT token");
} catch (IllegalArgumentException e) {
throw new JwtTokenMissingException("JWT claims string is empty.");
}
}
}
public class JwtTokenMalformedException extends AuthenticationException {
private static final long serialVersionUID = 1L;
public JwtTokenMalformedException(String msg) {
super(msg);
}
}
public class JwtTokenMissingException extends AuthenticationException {
private static final long serialVersionUID = 1L;
public JwtTokenMissingException(String msg) {
super(msg);
}
}
Try below code:
String jwtToken = null;
if(headers.containKey("Authorization")){
jwtToken = headers.get("Authorization");
}
if (jwtToken == null || !jwtToken.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.