Authenticate generated JWT with CookieClient

102 views Asked by At

I'm using: javalin: 5.6.3 javalin-pac4j 7.0.0-SNAPSHOT pac4j-http, pac4j-jwt, pac4j-core: 6.0.0-RC10

and I want to authenticate a JWT from cookie. I have this configuration:

// First I generate JWT token in /form0 and store it to browser cookies ==>

    app.before("/form0", new SecurityHandler(fbpconfig, "CustomFormClient"));
    app.get("/form0", ctx -> protectedPage0(ctx, config));


    private static void protectedPage0(Context ctx, Config config) {

       // Generate and return a JWT
       ProfileManager manager = new ProfileManager(new JEEContext(ctx.req(), ctx.res()), new JEESessionStore());
       Optional<CommonProfile> profile = manager.getProfile(CommonProfile.class);
       String token = "";
       if (profile.isPresent()) {
         JwtGenerator generator = new JwtGenerator();
         token = generator.generate(profile.get());
       }

       Map<String, Object> model = new HashMap<>();
       model.put("jwtToken", token);

       ctx.render("html/pages/welcome0", model);
   }


    // Setting up a CookieClient, specifying the cookie name and binding default authenticator to validate the token
    CookieClient cookieClient = new CookieClient("jwtToken", new JwtAuthenticator());

    Clients clients = new Clients("http://localhost:7070/welcome",
      cookieClient
    );

    Config config = new Config(clients);


    // Setting up the CookieClient to protected /form1 url
    app.before("/form1", new SecurityHandler(config, "CookieClient"));
    app.get("/form1", ctx -> protectedPage1(ctx, config));

This doesn't trigger the JWTAuthenticator, so the JWT isn't validated.

What am I doing wrong here?

Note: Using HeaderClient and calling /form1 from PostMan with setup Authorization/Bearer/token, works fine. HeaderClient is triggered and token is validated (validateToken() is called)

1

There are 1 answers

5
jleleu On

This looks good. What do you see when debugging in the CookieExtractor component?