Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $.ajax({
- url: "/user",
- type: "GET",
- contentType: "application/json; charset=utf-8",
- dataType: "json",
- headers: "Authorization": token,
- success: function (data, textStatus, jqXHR) {
- var $userInfoBody = $userInfo.find("#userInfoBody");
- $userInfoBody.append($("<div>").text("Username: " + data.username));
- $userInfoBody.append($("<div>").text("Email: " + data.email));
- var $authorityList = $("<ul>");
- data.authorities.forEach(function (authorityItem) {
- $authorityList.append($("<li>").text(authorityItem.authority));
- });
- var $authorities = $("<div>").text("Authorities:");
- $authorities.append($authorityList);
- $userInfoBody.append($authorities);
- $userInfo.show();
- }
- });
- httpSecurity
- // we don't need CSRF because our token is invulnerable
- .csrf()
- .disable()
- .exceptionHandling()
- .authenticationEntryPoint(unauthorizedHandler)
- .and()
- // don't create session
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .authorizeRequests()
- // .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
- // allow anonymous resource requests
- .antMatchers(HttpMethod.GET, "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js")
- .permitAll().antMatchers("/auth/**").permitAll().antMatchers("/vendors/**").permitAll()
- .antMatchers("/production/images/**").permitAll().anyRequest().authenticated().and().formLogin()
- .loginPage("/login").loginProcessingUrl("/loginprocess").failureUrl("/?loginFailure=true").permitAll();
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
- ServletException {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- String authToken = httpRequest.getHeader(this.tokenHeader);
- // authToken.startsWith("Bearer ")
- // String authToken = header.substring(7);
- String username = jwtTokenUtil.getUsernameFromToken(authToken);
- System.out.println("Token is " + authToken);
- System.out.println("Username is " + username);
- System.out.println("Audience is from " + jwtTokenUtil.getAudienceFromToken(authToken));
- if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
- UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
- System.out.println(userDetails.getAuthorities());
- if (jwtTokenUtil.validateToken(authToken, userDetails)) {
- UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
- userDetails, null, userDetails.getAuthorities());
- authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
- SecurityContextHolder.getContext().setAuthentication(authentication);
- } else {
- System.out.println("Token is invalid ");
- }
- }
- chain.doFilter(request, response);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement