I have a filter
package com.vs.security.filter;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class TokenFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpRequest = asHttp(servletRequest);
HttpServletResponse httpResponse = asHttp(servletResponse);
boolean explicitlyTrue = true;
if (explicitlyTrue) {
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Provided Information is Invalid");
httpResponse.addHeader("SC_UNAUTHORIZED", "Provided Information is Invalid");
return;
}
filterChain.doFilter(servletRequest, servletResponse);
}
private HttpServletRequest asHttp(ServletRequest request) {
return (HttpServletRequest) request;
}
private HttpServletResponse asHttp(ServletResponse response) {
return (HttpServletResponse) response;
}
}
My request on vuejs
form () {
debugger
this.$axios.get(this.$dbServer+this.endpoint+'form')
.then((res) => {
debugger
this.fd = res.data.fd;
}).catch(() => { this.notifyOnFailure(this.oopsMessage) })
}
As I have sending SC_UNAUTHORIZED = 401
, but on client side, I am unable to get this 401. I even see network tab on browser inspect (as follow). Further, I am also adding header. but unable to get this header value at client side.
Request URL: http://********:8081/*******/form
Referrer Policy: no-referrer-when-downgrade
Content-Type: application/json
Date: Sun, 15 Mar 2020 06:29:00 GMT
Transfer-Encoding: chunked
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Host: localhost:8081
Origin: http://*******:8080
Referer: http://*******:8080/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/80.0.3987.132 Safari/537.36
You have to swap order of sendError
and addHeader
calls
@Bean
GenericFilterBean genericFilterBean() {
return new GenericFilterBean() {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse resp = ((HttpServletResponse) response);
resp.addHeader("SC_UNAUTHORIZED", "Provided Information is Invalid");
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Provided Information is Invalid");
}
};
}
And result:
HTTP/1.1 401
SC_UNAUTHORIZED: Provided Information is Invalid
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 320
Date: Sun, 15 Mar 2020 06:47:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive