I am trying to implement the jwt login example
while configuring configure method for security class I am facing some issue
here is the method for the controller
@PostMapping("api/user/login")
public ResponseEntity<?> login(Principal principal)
{
if (principal == null)
{
return ResponseEntity.ok(principal);
}
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) principal;
User user = userService.findByUsername(token.getName());
user.setToken(jwtTokenProvider.generateToken(token));
return new ResponseEntity<>(user, HttpStatus.OK);
}
Here I have the http configure version
@Override
protected void configure(HttpSecurity http)
throws Exception
{
http.cors().and().authorizeRequests().antMatchers("/resources/**", "/error", "/api/user/**")
.permitAll().antMatchers("/api/admin/**").hasRole("ADMIN").anyRequest()
.fullyAuthenticated().and().logout().permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/api/user/logout", "POST")).and()
.formLogin().loginPage("/api/user/login/").permitAll().and().httpBasic().and().csrf()
.disable();
http.addFilter(new JwtAuthorizationFilter(authenticationManager(), jwtTokenProvider));
}
Clearly I have allowed the login api as permitall, but still it going for the filter, could anyone explain what exactly going on
filter code
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain chain)
throws IOException,
ServletException
{
Authentication authentication = jwtTokenProvider.getAuthentication(request);
if (authentication != null && jwtTokenProvider.validateToken(request))
{
SecurityContextHolder.getContext().setAuthentication(authentication);
}
chain.doFilter(request, response);
}
as per my learning it should not go in filter code, if I have allowed as permitall in http configure. Please correct me if I am wrong.
