javaspringspring-bootvue.jsspring-filter

spring boot GenericFilterBean , filter return error code & response header at client side


I have a filter

package com.vs.security.filter;

import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class TokenFilter extends GenericFilterBean {

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

    HttpServletRequest httpRequest = asHttp(servletRequest);
    HttpServletResponse httpResponse = asHttp(servletResponse);
    boolean explicitlyTrue = true;

    if (explicitlyTrue) {
        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Provided Information is Invalid");
        httpResponse.addHeader("SC_UNAUTHORIZED", "Provided Information is Invalid");

        return;
    }


    filterChain.doFilter(servletRequest, servletResponse);

}

private HttpServletRequest asHttp(ServletRequest request) {
    return (HttpServletRequest) request;
}

private HttpServletResponse asHttp(ServletResponse response) {
    return (HttpServletResponse) response;
}
}

My request on vuejs

form () {
    debugger
    this.$axios.get(this.$dbServer+this.endpoint+'form')
      .then((res) => {
        debugger
        this.fd = res.data.fd;
      }).catch(() => { this.notifyOnFailure(this.oopsMessage) })
  }

As I have sending SC_UNAUTHORIZED = 401, but on client side, I am unable to get this 401. I even see network tab on browser inspect (as follow). Further, I am also adding header. but unable to get this header value at client side.

Request URL: http://********:8081/*******/form
Referrer Policy: no-referrer-when-downgrade
Content-Type: application/json
Date: Sun, 15 Mar 2020 06:29:00 GMT
Transfer-Encoding: chunked
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Host: localhost:8081
Origin: http://*******:8080
Referer: http://*******:8080/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/80.0.3987.132 Safari/537.36

Solution

  • You have to swap order of sendError and addHeader calls

     @Bean
        GenericFilterBean genericFilterBean() {
            return new GenericFilterBean() {
                @Override
                public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
                    HttpServletResponse resp = ((HttpServletResponse) response);
                    resp.addHeader("SC_UNAUTHORIZED", "Provided Information is Invalid");
                    resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Provided Information is Invalid");
                }
            };
        }
    

    And result:

    HTTP/1.1 401
    SC_UNAUTHORIZED: Provided Information is Invalid
    Content-Type: text/html;charset=UTF-8
    Content-Language: en-US
    Content-Length: 320
    Date: Sun, 15 Mar 2020 06:47:10 GMT
    Keep-Alive: timeout=60
    Connection: keep-alive