0
package com.dxc.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.GenericFilterBean;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;

public class JWTValidationFilter extends GenericFilterBean{

    public static final String BEARER = "Bearer";
    public static final String AUTHORIZATION = "Authorization";

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
            throws IOException, ServletException {
    
        HttpServletRequest request = (HttpServletRequest)servletRequest;
        HttpServletResponse response = (HttpServletResponse)servletResponse;
        final String authorization = request.getHeader(AUTHORIZATION);
        if(authorization == null || !authorization.startsWith(BEARER)) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            response.getWriter().println("Auth Header is missing");
        }
        
        else {
        // Bearer tokenValue
        String token = authorization.substring(7);
        
        
        try {
            final Claims claims = Jwts.parser().setSigningKey("testsecretkey")
                    .parseClaimsJws(token)
                    .getBody();
            request.setAttribute("claims", claims);
            String role=(String) claims.get("role");
            System.out.println(claims.getSubject());
            System.out.println(role);
            if(role=="seller") {
                    chain.doFilter(request, response);
            }else {
                System.out.println("wrong token");
                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                response.getWriter().println("Invalid Token");
            }   
            
        }
        catch(Exception e) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            response.getWriter().println("Invalid Token");
        }
        }
        
    }
}

in the try block I'm trying check the role i fetched from the token is seller, if I'm not using the if condition it is working but not applies the condition but if i try to use if condition there it directly jumps to else block, and I even tried without try catch even though the same problems occur

Thava Bruntha Kovaruthkumar
  • 1

1 Answers1

0

To compare Strings in Java, since String are Objects and not primitive Types, you should use the .equals() method (which checks value equality )instead of the == operator (which checks reference equality).

Here's some more general information about comparing Strings in Java: How do I compare strings in Java?

af_hl
  • 26
  • 2