springboot-security-jwt icon indicating copy to clipboard operation
springboot-security-jwt copied to clipboard

Published 20 hours ago verified publisher icon svlada

one of X-Authorization or Authorization is extra or they may mistakenly used

Open mhkarimi opened this issue 7 years ago • 3 comments

Actually I followed your blog, then when I was trying to execute the following command : curl -X GET -H "X-Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfQURNSU4iLCJST0xFX1BSRU1JVU1fTUVNQkVSIl0sImlzcyI6Imh0dHA6Ly9zdmxhZGEuY29tIiwiaWF0IjoxNTE1NTU4MDk1LCJleHAiOjE1MTU1NTg5OTV9.DyE3eZPlSgDeMBz9ggZ1GU-HVlyk80nTWfsMMG3z1COZeN7pS39LudXLufAZNLYkhbnQpDOGMvSwtri39jCULA" -H "Cache-Control: no-cache" "http://localhost:9966/api/me" I got this error : {"status":401,"message":"Authentication failed","errorCode":10,"timestamp":1515558348119}

Then I have just realized in WebSecurityConfig class, the variable AUTHENTICATION_HEADER_NAME was defined as below : "Authorization"; When I change the variable to "X-Authorization" in java code or when I a change the header in my curl request to "Authorization", then I can see the correct result successfully . So which side should be change?

mhkarimi avatar Jan 10 '18 04:01 mhkarimi

I think its a mistake! I have the same issue....I just change from X-Authorization to Authorization and it worked perfect!

henry-ajere avatar Jan 12 '18 15:01 henry-ajere

@henry-ajere @mhkarimi I haven't updated blog post with the code changes. Header name "X-Authorization" is non-standard way for Bearer token. "Authorization" header name should be used instead. I will update blog post with this changes.

svlada avatar Jan 16 '18 15:01 svlada

@svlada should changed!

mlick avatar Apr 10 '18 02:04 mlick