0

I cannot find the header that I set in the ajax get request that I send. IT doesn't happen always. Am I missing something here. The 'JWTAuthorizationFilter' is invoked and it doesn't; find the header. Only the Access-Control-Request-Headers has the name. Not sure why this is happening. Also, I see a Response for preflight is invalid (redirect) error in the console.

Ajax Request:

  $.ajax({
        url : 'http://localhost:8080/assessments/all',
        dataType : 'json',
        contentType : 'application/json',
        headers : {
            'authorization' : localStorage.getItem('authHeader')
        },
        success : function (response) {
            var assessmentTemplate, rating, url;
            var assessmentsContainer = $('.assessments-container');
            //set data
}

SecurityConfig

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/assessments/**").fullyAuthenticated()
                //.antMatchers("/").permitAll()
                .and()
                .addFilter(new JWTAuthorizationFilter(authenticationManager()))
                .formLogin()
                //.loginPage("http://htmlcode.s3-website.us-east-2.amazonaws.com")
                .loginPage("http://localhost:8000")
                .loginProcessingUrl("/login")
                .usernameParameter("username")
                .passwordParameter("password")
                .successHandler(new CustomAuthenticationSuccessHandler())
                //.successForwardUrl("/assessment/all")
                //.loginPage("/login")
                .failureUrl("/login?error")
                .permitAll()
                .and()
                .logout()
                .invalidateHttpSession(true)
                .deleteCookies("JSESSIONID")
                .permitAll();

    }

JWTAuthorizationFilter

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    String header = request.getHeader(HEADER_STRING);

    if (header == null || !header.startsWith(TOKEN_PREFIX)) {
        chain.doFilter(request, response);
        return;

    }

    UsernamePasswordAuthenticationToken authentication = getAuthentication(request);

    SecurityContextHolder.getContext().setAuthentication(authentication);
    chain.doFilter(request, response);
}

Network Image

user3310115
  • 1,050
  • 1
  • 11
  • 27

1 Answers1

-1

The issue was because, I was setting the response headers as *. When I changed it to the specific headers that I was looking for, it started to work. Below is the modified code.

HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, content-type");
response.setHeader("Access-Control-Expose-Headers", "authorization");
user3310115
  • 1,050
  • 1
  • 11
  • 27