Current scenario
The Spring project has a REST API protected by Spring Security and JWT. These APIs give a JSON response. A UsernamePasswordAuthenticationFilteris implemented to validate the JWT sent in the header Authorization. Both the authenticated and unauthenticated APIs work as intended.
Demand
Now I need to send the image in the HTTP response for the registered user.
Solution1
Sent by a byte[], representing the image as the value for the image key along with other information. But for a full JSON response, this may take some time if the image is large.
Solution2
I sent the link as a value to the "image" along with other information. The client can designate <img src=the_link>which should display a large image in a separate request. Then create a query with @RequestMappingthat matches the link that it creates byte[].
My problem
I prefer the solution2. But it will throw an exception UNAUTHORIZEDbecause there is no valid token Authorization. In addition, this API must be authenticated.
After some searching, find out this one that matches my requirement. The accepted answer says:
The OAuth Token Token Specification supports sending a token as a request parameter.
Is that what I have to do?
- In my Spring filter, get JWT from the header
Authorization, if it is empty, get it fromrequest.getParameter() - JSON
API,
"image":"http://ip/getImage?token=dbscsbCXV" - API
@GetMapping("getImage") byte[] getImage()
?
, .