I'm using: javalin: 5.6.3 javalin-pac4j 7.0.0-SNAPSHOT pac4j-http, pac4j-jwt, pac4j-core: 6.0.0-RC10
and I want to authenticate a JWT from cookie. I have this configuration:
// First I generate JWT token in /form0 and store it to browser cookies ==>
app.before("/form0", new SecurityHandler(fbpconfig, "CustomFormClient"));
app.get("/form0", ctx -> protectedPage0(ctx, config));
private static void protectedPage0(Context ctx, Config config) {
// Generate and return a JWT
ProfileManager manager = new ProfileManager(new JEEContext(ctx.req(), ctx.res()), new JEESessionStore());
Optional<CommonProfile> profile = manager.getProfile(CommonProfile.class);
String token = "";
if (profile.isPresent()) {
JwtGenerator generator = new JwtGenerator();
token = generator.generate(profile.get());
}
Map<String, Object> model = new HashMap<>();
model.put("jwtToken", token);
ctx.render("html/pages/welcome0", model);
}
// Setting up a CookieClient, specifying the cookie name and binding default authenticator to validate the token
CookieClient cookieClient = new CookieClient("jwtToken", new JwtAuthenticator());
Clients clients = new Clients("http://localhost:7070/welcome",
cookieClient
);
Config config = new Config(clients);
// Setting up the CookieClient to protected /form1 url
app.before("/form1", new SecurityHandler(config, "CookieClient"));
app.get("/form1", ctx -> protectedPage1(ctx, config));
This doesn't trigger the JWTAuthenticator, so the JWT isn't validated.
What am I doing wrong here?
Note: Using HeaderClient and calling /form1 from PostMan with setup Authorization/Bearer/token, works fine. HeaderClient is triggered and token is validated (validateToken() is called)
This looks good. What do you see when debugging in the
CookieExtractor
component?