My main goal is to authenticate certain APIs differently in a JHipster application.
Right now I am using JHipster's stateless JWT authentication mechanism which works fine. I would like to create a subset of APIs where an API key is needed to authenticate the tenant (not the user) instead of the JWT.
I tried to add multiple instances of HttpSecurity with this approach (order (1) is my user configuration, order (2) is jwt) My own authorization method AuthorizationProvider starts and returns a token, but I still have a JWT error message.
Although my authentication was successful, the JWTFilter is called while it should not.
What am I missing?
My journal:
[nio-8080-exec-3] csbsiIntegrationAuthFilter : Request is to process authentication [nio-8080-exec-3] csbsiIntegrationAuthFilter : Authentication success. Updating SecurityContextHolder to contain: com.example.app.security.integration.IntegrationAuthToken@ffffff c4: Principal: asd; Credentials: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities [nio-8080-exec-4] oaccC[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 0 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:223) at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:458) at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:518) at com.example.app.security.jwt.TokenProvider.validateToken(TokenProvider.java:98) at com.example.app.security.jwt.JWTFilter.doFilter(JWTFilter.java:40)
source share