I cannot find the header that I set in the ajax get request that I send. IT doesn't happen always. Am I missing something here. The 'JWTAuthorizationFilter' is invoked and it doesn't; find the header. Only the Access-Control-Request-Headers
has the name. Not sure why this is happening. Also, I see a Response for preflight is invalid (redirect)
error in the console.
Ajax Request:
$.ajax({
url : 'http://localhost:8080/assessments/all',
dataType : 'json',
contentType : 'application/json',
headers : {
'authorization' : localStorage.getItem('authHeader')
},
success : function (response) {
var assessmentTemplate, rating, url;
var assessmentsContainer = $('.assessments-container');
//set data
}
SecurityConfig
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/assessments/**").fullyAuthenticated()
//.antMatchers("/").permitAll()
.and()
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.formLogin()
//.loginPage("http://htmlcode.s3-website.us-east-2.amazonaws.com")
.loginPage("http://localhost:8000")
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(new CustomAuthenticationSuccessHandler())
//.successForwardUrl("/assessment/all")
//.loginPage("/login")
.failureUrl("/login?error")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll();
}
JWTAuthorizationFilter
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
String header = request.getHeader(HEADER_STRING);
if (header == null || !header.startsWith(TOKEN_PREFIX)) {
chain.doFilter(request, response);
return;
}
UsernamePasswordAuthenticationToken authentication = getAuthentication(request);
SecurityContextHolder.getContext().setAuthentication(authentication);
chain.doFilter(request, response);
}