1

Hi Stackoverflow team,

I am facing an issue in my REST Call which I am clueless about after trying to dig into the HTTP errors. Somehow the authorization isn't working , eventhough the generation and fetch of the JWT token is successful.

Short Description of what I have in my Springboot App : (Available for analysis of the problem at) https://github.com/vivdso/SpringAuthentication

  1. A DbRepository call that talks to a backend MongoDb collection named UserAccounts which has roles and credential details stored including the passwords (Ciphertexts).

  2. A JWT token generation mechanism that returns a token which has to be attached to the HTTP Headers for the subsequent API Calls.

The flow in short.

".....:8080/auth" method post Content-Type appliction/json body:{"username":"user","password":"sample"} Response should be a jwt token

and then

Try the autheticated url .....:8080/order.

****EXPECTED RESULT : Header" Authorization:{$jwtToken from step 6} Actual Result: :( Error : 403 forbidden, this should be fully authenticated and should let the user access this api. Expected Result: "Hello here is my order"****

This is just a simple application with not too many details to worry about. Any help will be appreciated.

Thanks in advance.

Gulzar Nazim
  • 51,744
  • 26
  • 128
  • 170
Suryadeep
  • 39
  • 4

2 Answers2

1

in your code I couldn't find the filter registration.

Try to add it in the WebSecurityConfig.java

@Bean
public CustomAuthenticationTokenFilter  authenticationTokenFilterBean() throws Exception {
    CustomAuthenticationTokenFilter  authenticationTokenFilter = new CustomAuthenticationTokenFilter ();
    authenticationTokenFilter.setAuthenticationManager(authenticationManagerBean());
    return authenticationTokenFilter;
}

and then register it with

http
        .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

inside the configuration method

et me know

rick
  • 1,869
  • 13
  • 22
  • Hi Rick, Appreciate your help, – Suryadeep Feb 20 '17 at 12:41
  • I made the suggested code changes and yet I receive the following – Suryadeep Feb 20 '17 at 12:42
  • { "timestamp": 1487594450789, "status": 403, "error": "Forbidden", "message": "Access is denied", "path": "/order" } – Suryadeep Feb 20 '17 at 12:42
  • Another Advice take a look at this project https://github.com/rixlabs/springboot-sandbox is a little sandbox that does exactly what you need. Maybe it can help. If you still have problems let me know – rick Feb 20 '17 at 12:49
0

This was a role mismatch issue. Was not matching with the role in jwt. Changed the code to correct the role and it worked fine -

public CustomDbRepository(){

    List<String> roles = new ArrayList<>(1);
    //roles.add("ROLE_USER");
    roles.add("USER");
Gulzar Nazim
  • 51,744
  • 26
  • 128
  • 170