angular - JWT Token was removed from header when page refreshed -


i'm using jwt token based authentication,its working fine until page refreshed. if press f5 page reloading token missing

host "localhost:9090" user-agent "mozilla/5.0 (windows nt 10.0;… gecko/20100101 firefox/54.0" accept "application/json, text/plain, */*" accept-language "en-us,en;q=0.5" accept-encoding "gzip, deflate" **authorization "bearer eyjhbgcioijiuzi1niisin…sd-zdipmzibmk4gq_ddmguwbizsi"** referer "http://localhost:9090/fg.html" connection "keep-alive" 

after refresh of page

host "localhost:9090"     user-agent "mozilla/5.0 (windows nt 10.0;… gecko/20100101 firefox/54.0"     accept "application/json, text/plain, */*"     accept-language "en-us,en;q=0.5"     accept-encoding "gzip, deflate"     **authorization "null"**     referer "http://localhost:9090/fg.html"     connection "keep-alive" 

which creating authentication problem token missing header

in login check controller

responsemap.put("loginname",adminuser1.getadminid()); responsemap.put("isuserexist",boolean.tostring(true)); responsemap.put("role",adminuser1.getpermissiongroup()); responsemap.put("session",session); responsemap.put("balance",adminuser1.getbalance().tostring()); responsemap.put("phase",phase.getprefix()); responsemap.put("token",gettoken(adminuser1.getadminid())); return objectmapper.writevalueasstring(responsemap);   public string gettoken(string loginname){          string jwttoken = "";         final string uuid = uuid.randomuuid().tostring().replaceall("-", "");         map<string, object> headerclaims = new hashmap<>();         headerclaims.put("typ", "jwt");          jwttoken = jwts.builder()                 .setsubject(loginname)                 .setissuedat(new date())                 .setaudience(uuid)                 .setheader(headerclaims)                 .setexpiration(new date(system.currenttimemillis() + 120000l))                 .signwith(signaturealgorithm.hs256, constants.key)                 .compact();          return jwttoken;     } 

jwtfilter

public class jwtfilter extends genericfilterbean {      public void dofilter(final servletrequest req, final servletresponse res, final filterchain chain)             throws ioexception, servletexception {          final httpservletrequest request = (httpservletrequest) req;         final httpservletresponse response = (httpservletresponse) res;         final string authheader = request.getheader("authorization");           if ("options".equals(request.getmethod())) {             response.setstatus(httpservletresponse.sc_ok);              chain.dofilter(req, res);         } else {              if (authheader == null || !authheader.startswith("bearer ")) {                 throw new servletexception("missing or invalid authorization header");             }              final string token = authheader.substring(7);              final claims claims;             try {                 claims = parseclaims(constants.key,token);                 request.setattribute("claims", claims);             } catch (badcredentialsexception e) {                 e.printstacktrace();             } catch (jwtexpiredtokenexception e) {                 e.printstacktrace();             }          }           chain.dofilter(req, res);     }      public claims parseclaims(string signingkey, string token) throws badcredentialsexception, jwtexpiredtokenexception {         try {             return jwts.parser().setsigningkey(signingkey).parseclaimsjws(token).getbody();         } catch (unsupportedjwtexception | malformedjwtexception | illegalargumentexception | io.jsonwebtoken.signatureexception ex) {             throw new badcredentialsexception("invalid jwt token: ");         } catch (expiredjwtexception expiredex) {             throw new jwtexpiredtokenexception("jwt token expired");         }     } 

how on come problem, storing token in localstorage might create more security problem..?


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -