2

I have completed my most of the project but now I am stuck with a new problem. I have to extract the access token from the request which will be in header in Authentication Basic. This is confusing as first I used a simple GET method and was sending the access token in the request itself and extracting that with the use of @RequestParam. I have asked a similar question before but that was for the simple request from the request itself and now I have to do that from the header.

 @GetMapping("/persons")
     public String loadPersons(@RequestParam("access_token") String access_token) throws  ParseException{
        String decode_token = pd.testDecodeJWT(access_token);
        String token = pd.jsondata(decode_token);
........................ More Code........................

I want to get that token from the request in Authentication Basic format.

I have tried some YouTube tutorials but as I have already done my project almost completely, I want to make minimum changes to it so that no further errors pop up.

Thanks in Advance

Sayanto Roy
  • 119
  • 1
  • 13
  • Why haven't you used a separate class to handle the authentication part which will serve all the http requests rather than accessing the token in your controller class. Try to use spring security in your project which will be helpful in using the jwt authentication.(Do not hesitate to change the code just because you have completed most of it. Try to go with the best practices and the best methods available). – m-2127 Jun 22 '19 at 05:30
  • @m-2127 This was my very first project of springboot and I didn't have any idea about the springboot functionalities. As I was given a deadline therefore I was unable to learn most of it and that includes spring security. Thanks for your help. – Sayanto Roy Jun 22 '19 at 05:37

1 Answers1

2

To get the value from the HTTP header , you can use @RequestHeader("headerValue") .

But what your question confuse me is that you are using Basic Authentication or JWT ? Basic Authentication is only about username and password and is nothing to do with the access token. It requires a HTTP header with the format :

Authorization: Basic <credentials>

where <credentials> is Base64Encode(username:password).

On the other hand , if you use access token formatted in JWT , the common practise is use Bearer in the "Authorization" header :

Authorization: Bearer <JWT>

So whatever you use , my advice is to use @RequestHeader("Authorization") to get value of the Authorization header first .Then decode the value according to your actual authentication mechanisms:

 @GetMapping("/persons")
 public String loadPersons(@RequestHeader("Authorization") String authHeader) throws  ParseException{
      //decode authHeader
}
Ken Chan
  • 84,777
  • 26
  • 143
  • 172
  • This worked but can't we use Authentication Basic for JWT? like my trainer is saying that they will be using Basic for sending the jwt token as a header. – Sayanto Roy Jun 22 '19 at 05:39
  • @Chaos go through [this](https://stackoverflow.com/questions/28918519/does-securing-a-rest-application-with-a-jwt-and-basic-authentication-make-sense) stackoverflow question and answer to clarify this. – m-2127 Jun 22 '19 at 06:05
  • You can still send JWT using `Authorization: Basic ` , it will still work but this is not Basic Authentication as basic authentication has certain requirements about the string after `Authorization: Basic` . Also , see [this](https://stackoverflow.com/questions/33265812/best-http-authorization-header-type-for-jwt) for the best authorization header type for JWT in common practise. – Ken Chan Jun 22 '19 at 06:52