szerhusenBC/jwt-spring-security-demo

How to avoid token processing when request is of type OPTIONS?

akapit opened this issue · 6 comments

I see in my logs:

c.b.a.s.JwtAuthenticationTokenFilter     : couldn't find bearer string, will ignore the header
c.b.a.s.JwtAuthenticationTokenFilter     : checking authentication for user null
c.b.a.s.JwtAuthenticationTokenFilter     : couldn't find bearer string, will ignore the header
c.b.a.s.JwtAuthenticationTokenFilter     : checking authentication for user null

And it looks like it's going through also at the OPTIONS type of a request.
How can that be avoided?

Thanks

I suggest your forgot to set the prefix "Bearer " in your Authorization header field.

This doesn't work:

"Authorization": "my-token-hash"

This should work:

"Authorization": "Bearer my-token-hash"

@akapit Is this helping you?

Sorry @szerhusenBC but it still doesn't work.
I also add same thing but still it not work.
I put debug point on JwtAuthorizationTokenFilter class but My call doesn't map it.

Same issue. Any fixes?

@akapit @rocobiz Sorry for answering that late, I had a lot of work in the last months (not that bad for me ;) ). I think I misunderstood your question before. If I understand you correctly, you do not want OPTION requests to be processed?

If that is the case, you have to exclude this kind of requests in the WebSecurityConfig like that:

.authorizeRequests() .antMatchers(HttpMethod.OPTIONS,"/path/to/allow").permitAll()

Is that helping you?