JWT Authentication with SpringBoot
So it gives me a successful token, but when I use it for authorized pages, I get a 403, Access denied on the backend
105 Replies
⌛ This post has been reserved for your question.
Hey @Rag...JN 🌌 🦡 👽 💰! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.
This is the tutorial I followed
I want to know where am I getting the Access Denied
enable TRACE logs for Spring Security
Can you show the full console output related to the request as text?
Full error message?
seems like you don't have the necessary authorities for the requests
and also other logs
in a codeblock preferably
This is the secruity filter
your
authFilter is probably relevant as well
is that one called for the request?the authFilter is JwtAuthFilter
Hmm this is unreadable
also it says
Pre-authenticated entry point called. Rejecting access
let me check about it
try debugging that filter
what happens?
Set SecurityContextHolder to AnonymousAuthenticationTokenCheck what
validateToken does
Does it return true?
and what does getAuthentication() return?I tried to put a Sout but it's not printing out
the filter is called according to the logs
Did you restart the application after adding the System.out.println?
Did you try using an actual debugger?
no let me try now I added a break point
make sure to run it in debug mode
yah it prints out the outputs
I am going to use debugger now
This is what the debugger environment currently look like
and when I make a request I see no changes
how do I step into?
Can you set a breakpoint at the beginning of doFilterInternal?
F5 step into, F6 step over, F8 resume
let me try
I did and made a request
still the step into is unclickable
you first need to be stepping through your code which happens when hitting a breakpoint
I set a breakpoint right
then I made a request in postman, and the doFilterInternal is being called. so that means it should be hitting the breakpoint
If the line doesn't turn green, it isn't hit
Also why are there these weird lines in your breakpoints?
Are they disabled?
which weird lines?
on the left bar at the breakpoint symbols
there are two diagonal lines over the symbol
try right-clicking on the breakpoint
what am I doing wrong
breakpoint properties
doesn't seem disabled
no trigger breakpoint is the issue?
it shouldn't be a trigger point
actually do you have other breakpoints?
or other trigger points?
no
Can you show the breakpoints view?
trigger point means "no breakpoints are active before I am hit"
where this can be found?
eiter on the top right in the debug perspective
or Window > Show View > Others > Breakpoints
or Ctrl+3 > Breakpoints
wow ok there are 3 break points the language is messed up for some reason
remove all
with the double x symbol for example
I think it's the font being weird
so now try again with the new break point on doFilterInternal?
now add the relevant breakpoint again
yes
oh
Stack Overflow
Meaning of crossed out breakpoint in Eclipse
what is the meaning of this break point icon? Why is it crossed out?
you enabled "Skip all breakpoints"
on the top right, there is a selected icon with a crossed out breakpoint symbol
Stack Overflow
What different breakpoint icons mean in Eclipse?
When working with breakpoints in Eclipse I sometimes notice that they have different icons / annotations (markers on left sidebar). Sometimes it's just a blue ball, sometimes it has a checkmark on ...
wow finally
Thank you so much
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.I got got the error before StandardHostValve
it breaks down here
What happens in the filter?
This is where it starts to go inside and breaks
in the getUsername?
or in validateToken?
line 46
Can you show the full line as text?
Which method fails?
oh wait this time it completed the full filter method
in what order? Did it enter the if?
but there are more chains
yes but I want to know about this filter
I mean what you see on the debug list
no I can't
I want to know what is executed after each other
and I want to know the value of
authTokenoh ok
let me see
btw this is the recording
look at my debug skills
So the problem is not in this JwtAuthFilter
The filter passes the request and response to the next Filter
.
it should be showing at variables section right?
I have to fix this font issue
Window>Preferences
type "font" in the search
I guess it's the dialog font
also you can hover over the variable
Can you move your filter after
AnonymousAuthenticationFilter?somewhere here right?
instead of addFilterBefore, you do addFilterAfter
and instead of UsernamePasswordAuthenticationFilter, you do AnonymousAuthenticationFilter
So no need to define the UsernamePasswordAutehticationFilter?
I just comment it out
What happens with that?
btw regarding debugging: You can press F8 to resume
you mean new results?
yah let me run
yep
It broke down at OncePerRequestFilter
it doesn't pass the filter it looks like it
and also it doesn't go inside the if statement
it's not going insde the line 41's if statement
ah right because getAuthentication isn't null any more
try changing iz to enter the if if getAuthentication().isAnonymous() is true
it doesn't have a isAnonymous method
SecurityContextHolder.getContext().getAuthentication()
check for isAuthenticated() being false
if it is, still enter the if
instead of isAnonymous being true
yah it is being true
As I said, just add that
|| ...isAnonymous()💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.ok do you know all of these?
all of what?
isAnonymous and stuff
Because I have no idea about it
I just used Spring a lot so I know what's there
but as you saw with isAuthenticated, I don't know all names by heart
how do I properly learn authentication and authorization I followed online articles
came up with errors here
In SpringBoot
I have done JWT authentication in Java Jersey framework before but this is complicated
GeeksforGeeks
Spring Boot 3.0 - JWT Authentication with Spring Security using MyS...
A Computer Science portal for geeks. It contains well written, well thought and well explained computer science and programming articles, quizzes and practice/competitive programming/company interview Questions.
Getting Started | Securing a Web Application
Getting Started | Securing a Web Application
Learn how to protect your web application with Spring Security.
yah this is easy it's form login inside the application
also e.g. https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html may be relevant
none of them talks about
API (React as a frontned) with JWT authentication
they are oauth 2.0
The OAuth2 thing has some jwt stuff in it
Also what I told you about isn't even that specific to JWTs
ok I'll try again
I am reading Java basic architecture rn 😆
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.