io.undertow.servlet.util.IteratorEnumeration cannot be cast to java.lang.String

Question

I'm trying to authenticate a user from the API key sent in the header without any user details through login. I then get a casting exception because I try to get the principal cast into a String.

I have tried to get the header within the SecurityConfig class but that hasn't worked. I've also tried getting it within the custom filter which is how the current solution sits anyway.

@Bean
    public APIKeyAuthFilter authFilter() {
        APIKeyAuthFilter filter = new APIKeyAuthFilter(principalRequestHeader);
        filter.setAuthenticationManager(authentication -> {
            String principal = (String) authentication.getPrincipal();
            if (!principalRequestValue.equals(principal)){
                throw new BadCredentialsException("The API key was not found or not the expected value.");
            }
            authentication.setAuthenticated(true);
            return authentication;
        });
        return filter;
    }

I expect to be able to get the header and inspect the value to compare with existing key but, I get this exception "message": "io.undertow.servlet.util.IteratorEnumeration cannot be cast to java.lang.String", "trace": "java.lang.ClassCastException: io.undertow.servlet.util.IteratorEnumeration cannot be cast to java.lang.String\n\tat uk.co.nesistec.contractpicturechallenge.config.APISecurityConfig.lambda$authFilter$0(APISecurityConfig.java:46)

I got the example code from this other question. Securing Spring Boot API with API key and secret

Answer 1

I have discovered all I needed was another class to register the security filter.

import org.springframework.security.web.context
            .AbstractSecurityWebApplicationInitializer;
public class SpringSecurityInitializer
            extends AbstractSecurityWebApplicationInitializer {
    //no code needed
}

This is the full example for this scenario for anyone that'll need this. Spring