Menu
I send the token of JWT in Header, but the client need it in the body of the response, how can I put it in the response :
@Override
protected void successfulAuthentication(
HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
User springUser = (User) authResult.getPrincipal();
String jwt = Jwts.builder()
.setSubject(springUser.getUsername())
.setExpiration(new Date(System.currentTimeMillis()+SecurityConstants.EXPIRATION_TIME))
.signWith(SignatureAlgorithm.HS256, SecurityConstants.SECRET)
.claim("roles",springUser.getAuthorities())
.compact();
response.addHeader(SecurityConstants.HEADER_STRING, SecurityConstants.TOKEN_PREFIX+jwt);
}
I need to put the token in the response
387
In most cases, however, it is passed in HTTP headers. You need to carefully analyse your scenario and determine the best way to implement JWT's in your project. Yes you have to. if you send token through body or as a query then the attacker will see through your URL and go inside your database.
If I understand you properly you just need to create a response body
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
response.getWriter().write(
"{\"" + SecurityConstants.HEADER_STRING + "\":\"" + SecurityConstants.TOKEN_PREFIX+jwt + "\"}"
);
Take a look at How do you return a JSON object from a Java Servlet
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
