Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Optional
Fix Version/s: None
Affects Version/s: None
Component/s: HTTP
Labels:
None

Currently org.wildfly.security.http.bearer.BearerTokenAuthenticationMechanism does not support reading the jwt token from cookies. Is it possible to add (maybe as a fallback?) in case there doesn't exist an authorization header?

 
@Override
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
    // Read token from authorization header
    List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION);
    // Fallback: read token from cookies, if no authorization-header present
    if (authorizationValues == null || authorizationValues.isEmpty()) {
        List<HttpServerCookie> cookies = request.getCookies(); // Cookie handling
        if (cookies != null) {
            for (HttpServerCookie cookie : cookies) {
                if (HttpConstants.AUTHORIZATION.equals(cookie.getName())) {
                    authorizationValues = Collections.singletonList("Bearer " + cookie.getValue());
                    break;
                }
            }
        }
    }

Thanks.

account is impacted by

ELY-2884 Update the BearerTokenAuthenticationMechanism so that the name of the header containing the token can be configured.

Open

duplicates

ELY-2885 Update the BearerTokenAuthenticationMechanism so that it can be configured to obtain the token from a Cookie

Open

Assignee:: Darran Lofthouse

Reporter:: Robert Palm

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/04/11 9:37 AM

Updated:: 2025/05/28 12:17 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates