szerhusenBC/jwt-spring-security-demo

Authenticate in login controller

HoangVyDuong opened this issue · 1 comments

Hello Stephan. Thank you for your project. It's really helpful for me.
But I got something not understand. Why you need to perform the authentication and set authentication for SpringContextHolder? It's seem that the login controller do nothing else but generate token. So why don't you just authenticate at JWTAuthenticationTokenFilter?

@HoangVyDuong You're right, setting the security context in the authentication endpoint doesn't make sense. It's task is only to authenticate the user and generate the token for him. The filter does the authorization and sets the security context so Spring Security knows, what the (previously authenticated) user is allowed to do. So I renamed the filter to "JwtAuthorizationTokenFilter".

As you can see theses classes have different aspects.