Authorization token expected in Login and Signup Request
mithunadhikari40 opened this issue · comments
Hi, I was following your tutorial and everything was working fine and I was enjoying your tutorial quite a much. But now, I got stuck in one problem, I am at this time. Currently, all requests are to be validated by the JSON web token. But for login requests, there will be no token, so for such reasons, the app is not working. My SecurityConfig class looks like this.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/api/auth/**")
.permitAll()
.antMatchers(HttpMethod.GET, "/api/subreddit")
.permitAll()
.anyRequest()
.authenticated();
http.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
And I think that the main solution would be to exclude the requests like /api/auth/**
from the JSON web token validation.
I did try to override the configure method and exclude those paths, but I could not make it work. I did something like this inside the SecurityConfig class.
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/api/auth/**");
}
But no luck. If you could assist me here, I could move forward with the tutorial. Right now, since I am facing this issue, I cannot watch your tutorial forward.
And the error thrown by the compiler is
java.lang.IllegalArgumentException: JWT String argument cannot be null or empty.
at io.jsonwebtoken.lang.Assert.hasText(Assert.java:132) ~[jjwt-api-0.11.2.jar:0.11.2]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:548) ~[jjwt-impl-0.11.2.jar:0.11.2]
at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:610) ~[jjwt-impl-0.11.2.jar:0.11.2]
at np.com.mithunadhikari.springdemo.security.JWTProvider.validateToken(JWTProvider.java:70) ~[classes/:na]
at np.com.mithunadhikari.springdemo.security.JWTAuthenticationFilter.doFilterInternal(JWTAuthenticationFilter.java:38)
And the error causing piece of code is inside JwtProvider class
public boolean validateToken(String token) {
parser().setSigningKey(getPublicKey()).parseClaimsJws(token);
return true;
}
My respository for this project is here .
Hi
Please upload your code to github and provide me the link, I can check out and see what may be the issue.
Sai
Hi, its here.
https://github.com/mithunadhikari40/redditclone/tree/master/backend
Thank you.
@mithunadhikari40 You need to re-arrange the logic inside the JWTAuthenticationFilter, you are checking the token is valid or not even if the incoming JWT is null or empty.
Refer to this
Replace this logic:
boolean validToken = jwtProvider.validateToken(token);
if (StringUtils.hasText(token) && validToken) {
with this:
if (StringUtils.hasText(token) && jwtProvider.validateToken(token)) {
String username = jwtProvider.getUsernameFromToken(token);
The first statement evaluates if the token is not null and not empty and then only it tries to validate the token.