How to avoid token processing when request is of type OPTIONS?
akapit opened this issue · 6 comments
I see in my logs:
c.b.a.s.JwtAuthenticationTokenFilter : couldn't find bearer string, will ignore the header
c.b.a.s.JwtAuthenticationTokenFilter : checking authentication for user null
c.b.a.s.JwtAuthenticationTokenFilter : couldn't find bearer string, will ignore the header
c.b.a.s.JwtAuthenticationTokenFilter : checking authentication for user null
And it looks like it's going through also at the OPTIONS type of a request.
How can that be avoided?
Thanks
I suggest your forgot to set the prefix "Bearer " in your Authorization header field.
This doesn't work:
"Authorization": "my-token-hash"
This should work:
"Authorization": "Bearer my-token-hash"
@akapit Is this helping you?
Sorry @szerhusenBC but it still doesn't work.
I also add same thing but still it not work.
I put debug point on JwtAuthorizationTokenFilter class but My call doesn't map it.
Same issue. Any fixes?
@akapit @rocobiz Sorry for answering that late, I had a lot of work in the last months (not that bad for me ;) ). I think I misunderstood your question before. If I understand you correctly, you do not want OPTION requests to be processed?
If that is the case, you have to exclude this kind of requests in the WebSecurityConfig like that:
.authorizeRequests() .antMatchers(HttpMethod.OPTIONS,"/path/to/allow").permitAll()
Is that helping you?
Got that from here:
https://stackoverflow.com/questions/21696592/disable-spring-security-for-options-http-method
not resolved yet