1

I have a question that might be really simple but I have been stuck at it for a while now. I have a program that receives requests and then forwards them in the correct instance of an third party application.

I keep on getting 401/Unauthorized and I have been told that all I need to do to make it work is that "I will get a request from the client with an authentication header and that all I need to do to get rid of the 401 response and get 200 is to add that authentication header to my request. I dont understand how I can get this header in the first place, or add it to my request.

Any pointer, link, or answer would be greatly appreciated. Thank you

@RestController @Slf4j
@RequestMapping(Endpoints.PROVIDER.ROOT)
@PreAuthorize("@permissions.checkIfAdmin()")
public class AdminController {

@PostMapping(Endpoints.ADMIN.ACTIONS)
public ResponseEntity<ActionResponse> actions(@RequestBody ActionRequest actionsRequest) {
C96
  • 477
  • 8
  • 33
  • 1
    Depends on if you're using any framework or library, but the client header can be accessed from the low level incoming HttpServletRequest by: `Header authHeader = request.getHeader(HttpHeaders.AUTHORIZATION);` Then add `authHeader` to the outgoing request to the third party. – Andrew S Aug 29 '20 at 15:53
  • Thank you. I use spring framework and my controller class looks like the code I posted in the updated post – C96 Aug 29 '20 at 15:58
  • 1
    This might help you https://stackoverflow.com/questions/8504258/spring-3-mvc-accessing-httprequest-from-controller – Toerktumlare Aug 29 '20 at 16:18
  • 1
    The header is directly available - add this as a controller parameter: `@RequestHeader(HttpHeaders.AUTHENTICATION) String authHeader` (if the header will always be sent by the client). – Andrew S Aug 29 '20 at 16:23
  • Have a look at this: https://en.m.wikipedia.org/wiki/Basic_access_authentication –  Aug 29 '20 at 16:49

1 Answers1

2

Autowire HttpServletRequest

@Autowired
    HttpServletRequest request;

And fetch header through method request.getHeader("Authorization")

Note - Authorization is the name of the header I am trying to fetch.

Below is an example of similar issue. I am reading authorization header from my current request and passing it as header parameter to another request

public class UserDetailsService 
{
    @Autowired
    WebClient.Builder webClientBuilder;
    
    @Autowired
    HttpServletRequest request;
    
    @Value("${common.serverurl}")
    private String reqUrl;
    
    Logger log = LoggerFactory.getLogger(UserDetailsService.class);
    
    public UserReturnData getCurrentUser()
    {
        log.info("Making API Call to fetch current user");
        try
        {
            UserReturnData userDetails = webClientBuilder.build()
                            .get()
                            .uri(reqUrl+"user/me")
                            .header("Authorization", request.getHeader("Authorization"))
                            .retrieve()
                            .bodyToMono(UserReturnData.class)
                            .block();
            return userDetails;
        }
        catch(Exception e)
        {
            log.info("Error API Call to fetch current user " + e);
            return null;
        }
    }
Sridhar Patnaik
  • 970
  • 1
  • 13
  • 24