Search code examples
javaspring-bootspring-securityjwtmicroservices

Getting null token when Override doFilterInternal Method in Filter class

I am using JWt token when securing my microservices and getting null token when override doFilterInternal method in the Filter class.

JwtRequestFilter.class

@Component
public class JwtRequestFilter extends OncePerRequestFilter{

    @Autowired
    private UserDetailsService userDetailsService;
    
    @Autowired
    private JwtUtil jwtUtil;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        
        final String authorizationHeader=request.getHeader("Authorization");
        
        String userName=null;
        String jwt=null;
        
        if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
        {
            jwt=authorizationHeader.substring(5);
            userName=jwtUtil.extractUserName(jwt);
            
            if(userName!=null && SecurityContextHolder.getContext().getAuthentication()==null)
            {
                UserDetails userDetails=(UserDetails) this.userDetailsService.loadUserByUsername(userName);
                
                if(jwtUtil.validateToken(jwt, userDetails))
                {
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken
                    =new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());
                    
                    usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                    
                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                    
                }
            }
            filterChain.doFilter(request, response);
        }
    }
}

enter image description here

Note - without override doFilterInternal method then token will be generated.

Solution

  • The problem here is that, in case you don't find the header for Authorization, you are not doing the chain and calling the other filters, you are missing a filterChain.doFilter(request, response); at the end

    Just add this:

    if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
  .... your current logic
} else {
  //missing part
  filterChain.doFilter(request, response);
}