Use Case
The root endpoint of an API should deliver different links depending on the presence of a valid JWT token.
If a valid JWT exists, the links for the private sector should be delivered. If JWT doesn't exists, the links for the public sector should be delivered.
To implement this, we added the root endpoint as addAnonymousPaths. Unfortunately, a JWTPrincipal.fromContext() will result afterwards in a NPE as spring-security will be ignored for unauthenticated paths (configured here).
Behavior after this pull request:
An AnonymousAuthenticationToken is returned, if no JWT is used for an anonymous path. If a JWT is used for an anonymous path, the old behavior should still to be used (e.g. JWT is expired).
Mortinke
commented
5 years ago
Use Case The root endpoint of an API should deliver different links depending on the presence of a valid JWT token. If a valid JWT exists, the links for the private sector should be delivered. If JWT doesn't exists, the links for the public sector should be delivered. To implement this, we added the root endpoint as
addAnonymousPaths. Unfortunately, aJWTPrincipal.fromContext()will result afterwards in a NPE as spring-security will be ignored for unauthenticated paths (configured here).Behavior after this pull request: An
AnonymousAuthenticationTokenis returned, if no JWT is used for an anonymous path. If a JWT is used for an anonymous path, the old behavior should still to be used (e.g. JWT is expired).