Missing Authorization header in Angular 7 HTTP response
Accessing an API back-end from Angular client may result in missing response headers. A common scenario is a missing Authorization header, containing the JSON Web Token (JWT) which is returned from the back-end service when the user logs in successfully. The solution to the problem is to expose the desired header in the back-end code (notice that the Authorization header is not exposed by default). In the case of a Spring Boot back-end, we need to add the following line of code:
response.addHeader("Access-Control-Expose-Headers", "Authorization");
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
FilterChain chain, Authentication authResult) throws IOException, ServletException {
String token = JWT.create()
.withSubject(((User) authResult.getPrincipal()).getUsername())
.withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.sign(HMAC512(SECRET.getBytes()));
response.addHeader("Access-Control-Expose-Headers", "Authorization");
response.addHeader(HEADER_STRING, TOKEN_PREFIX + token);
}
Letzte Beiträge
Share :
Share :
Weitere Beiträge

Dependency Injection
Each Object-oriented application consists of many classes that work together in order to solve a problem. However, when writing a complex application, application classes should be as independent as possible.

Dependency Injection with Spring 5
As we learned in the previous chapter dependency injection is a very powerful technique. DI is provided by the Spring 5 Framework implementation of the Inversion of Control (IoC) principle.

View in the MVVM architecture
The View component in the MVVM architecture are the UI controllers – Activities and Fragments. They should be as free as possible from any business logic. Their role is to present the data, not to transform it.