Sending Authorization Token Bearer through Javascript
56,883
You can use headers
key to add headers
$.ajax({
url: 'http://localhost:8080/resourceserver/protected-no-scope',
type: 'GET',
contentType: 'application/json'
headers: {
'Authorization': 'Bearer <token>'
},
success: function (result) {
// CallBack(result);
},
error: function (error) {
}
});
You need to enable CORS on backend
https://stackoverflow.com/a/32320294/5567387
![Ronaldo Lanhellas](https://i.stack.imgur.com/aQyFx.jpg?s=256&g=1)
Author by
Ronaldo Lanhellas
Updated on July 09, 2022Comments
-
Ronaldo Lanhellas almost 2 years
I'm trying to send a Authorization Token Bearer through Javascript to a REST Endpoint, so i doing in this way:
$.ajax( { url: 'http://localhost:8080/resourceserver/protected-no-scope', type: 'GET', beforeSend : function( xhr ) { xhr.setRequestHeader( "Authorization", "Bearer " + token ); }, success: function( response ) { console.log(response); }
My endpoint is running under a SpringBoot container, so i'm getting the HttpServletRequest and trying to get AUthorization Header but is always null:
static Authentication getAuthentication(HttpServletRequest request) { String token = request.getHeader(HEADER_STRING); //token is always null ...
Edit 1 This is the error in Client-Side (Browser
OPTIONS http://localhost:8080/resourceserver/protected-no-scope 403 () Failed to load http://localhost:8080/resourceserver/protected-no-scope: Response for preflight has invalid HTTP status code 403.
Edit 2 To enable CORS in backend i'm using the following annotation with spring:
@RestController @CrossOrigin(origins = "*", maxAge = 3600, allowCredentials = "true", allowedHeaders = "Authorization", methods = {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.POST}) public class MyResource {
Edit 3 I tried added the CORS in my Filter but no success:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin")); httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true"); httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); httpServletResponse.setHeader("Access-Control-Max-Age", "3600"); httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me"); Authentication authentication = TokenAuthenticationService .getAuthentication(httpServletRequest); SecurityContextHolder.getContext().setAuthentication(authentication); filterChain.doFilter(request, response); }
-
Ronaldo Lanhellas almost 6 yearsI tried but continue returning null in my java endpoint. I know that problem is not in java server because if i use postman and send a request with Authorization Bearer Token everything works.
-
Zohaib Ijaz almost 6 yearsYou can also copy code generated by POSTMAN and try that getpostman.com/docs/v6/postman/sending_api_requests/…
-
Ronaldo Lanhellas almost 6 yearsI edited my post with error in client-side (browser)
-
Zohaib Ijaz almost 6 yearswhich means there is CORS issue. Fix on server side
-
Ronaldo Lanhellas almost 6 yearsdebugging my server-side i need this token to validate the request but as i said, this token is always null.
-
Zohaib Ijaz almost 6 yearsBecause browsers don't allow cross origin ajaz calls, copy code generated by POSTMAN and if you still face same issue then it's sure it's CORS issue. Allow your host and required headers on backend.
-
Zohaib Ijaz almost 6 years@RonaldoLanhellas Have a look at this, stackoverflow.com/a/32320294/5567387 also you have not shared your backend code, how are you handling CORS issue
-
Ronaldo Lanhellas almost 6 yearsI tried with code generated by POSTMAN and i have same issue. So i can understand thaet is a CORS issue, do you have any tip how can i allow this i spring-boot ?
-
Zohaib Ijaz almost 6 yearsI added a link in my answer but google is your friend.
-
Ronaldo Lanhellas almost 6 yearsI already added a CORS Config in backend, saw my editied post please
-
Zohaib Ijaz almost 6 years
-
Ronaldo Lanhellas almost 6 yearsLet us continue this discussion in chat.
-
Ronaldo Lanhellas almost 6 yearsThis link spring.io/blog/2015/06/08/cors-support-in-spring-framework resolved my problem
-
Cyril about 4 yearsFor the comment 'You can also copy code generated by POSTMAN and try that', the resource has moved to another location: learning.postman.com/docs/postman/sending-api-requests/…