Giters

SaiUpadhyayula / spring-reddit-clone

Reddit clone built using Spring Boot, Spring Security with JWT Authentication, Spring Data JPA with MySQL, Spring MVC. The frontend is built using Angular - You can find the frontend source code here - https://github.com/SaiUpadhyayula/angular-reddit-clone

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Authorization token expected in Login and Signup Request

mithunadhikari40 opened this issue · comments

commented

Hi, I was following your tutorial and everything was working fine and I was enjoying your tutorial quite a much. But now, I got stuck in one problem, I am at this time. Currently, all requests are to be validated by the JSON web token. But for login requests, there will be no token, so for such reasons, the app is not working. My SecurityConfig class looks like this.

@Override
   protected void configure(HttpSecurity http) throws Exception {
       http.csrf().disable()
               .authorizeRequests()
               .antMatchers("/api/auth/**")
               .permitAll()
               .antMatchers(HttpMethod.GET, "/api/subreddit")
               .permitAll()
               .anyRequest()
               .authenticated();
       http.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
   }

And I think that the main solution would be to exclude the requests like /api/auth/** from the JSON web token validation.
I did try to override the configure method and exclude those paths, but I could not make it work. I did something like this inside the SecurityConfig class.

 @Override
   public void configure(WebSecurity web) throws Exception {
       web.ignoring().antMatchers("/api/auth/**");
   }

But no luck. If you could assist me here, I could move forward with the tutorial. Right now, since I am facing this issue, I cannot watch your tutorial forward.

And the error thrown by the compiler is

java.lang.IllegalArgumentException: JWT String argument cannot be null or empty.
	at io.jsonwebtoken.lang.Assert.hasText(Assert.java:132) ~[jjwt-api-0.11.2.jar:0.11.2]
	at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:548) ~[jjwt-impl-0.11.2.jar:0.11.2]
	at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:610) ~[jjwt-impl-0.11.2.jar:0.11.2]
	at np.com.mithunadhikari.springdemo.security.JWTProvider.validateToken(JWTProvider.java:70) ~[classes/:na]
	at np.com.mithunadhikari.springdemo.security.JWTAuthenticationFilter.doFilterInternal(JWTAuthenticationFilter.java:38)

And the error causing piece of code is inside JwtProvider class

public boolean validateToken(String token) {
       parser().setSigningKey(getPublicKey()).parseClaimsJws(token);
       return  true;
   }

My respository for this project is here .

commented

Hi

Please upload your code to github and provide me the link, I can check out and see what may be the issue.

Sai

commented

@mithunadhikari40 You need to re-arrange the logic inside the JWTAuthenticationFilter, you are checking the token is valid or not even if the incoming JWT is null or empty.
Refer to this

Replace this logic:
boolean validToken = jwtProvider.validateToken(token);

    if (StringUtils.hasText(token) && validToken) {

with this:

if (StringUtils.hasText(token) && jwtProvider.validateToken(token)) {
String username = jwtProvider.getUsernameFromToken(token);

The first statement evaluates if the token is not null and not empty and then only it tries to validate the token.