I am using JWt token when securing my microservices and getting null token when override doFilterInternal method in the Filter class.
JwtRequestFilter.class
@Component
public class JwtRequestFilter extends OncePerRequestFilter{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtUtil jwtUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
final String authorizationHeader=request.getHeader("Authorization");
String userName=null;
String jwt=null;
if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
jwt=authorizationHeader.substring(5);
userName=jwtUtil.extractUserName(jwt);
if(userName!=null && SecurityContextHolder.getContext().getAuthentication()==null)
{
UserDetails userDetails=(UserDetails) this.userDetailsService.loadUserByUsername(userName);
if(jwtUtil.validateToken(jwt, userDetails))
{
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken
=new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(request, response);
}
}
}
Note - without override doFilterInternal method then token will be generated.
The problem here is that, in case you don't find the header for Authorization, you are not doing the chain and calling the other filters, you are missing a filterChain.doFilter(request, response);
at the end
Just add this:
if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
.... your current logic
} else {
//missing part
filterChain.doFilter(request, response);
}