Sending a test JWT:

image.png

Enable a JwtLogging Filter, that will print all logs related to JWT to the console:

package com.fepatex.offermodule.security;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

public class JwtLoggingFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        // Log the Authorization header
        String authHeader = request.getHeader("Authorization");
        if (authHeader != null && authHeader.startsWith("Bearer ")) {
            String jwtToken = authHeader.substring(7); // Extract JWT token
            System.out.println("JWT Token Received: " + jwtToken);
        } else {
            System.out.println("No JWT Token Found in Authorization Header.");
        }

        // Proceed with the filter chain
        filterChain.doFilter(request, response);
    }
}


package com.fepatex.offermodule.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
            .cors(cors -> cors.configurationSource(corsConfigurationSource())) // Enable CORS
            .addFilterBefore(new JwtLoggingFilter(), org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.class) // Add logging filter
            .authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll()); // Permit all requests for now
        return http.build();
    }

    // Define the CORS configuration source
    private UrlBasedCorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedOriginPattern("*"); // Allow all origins
        config.addAllowedMethod("*"); // Allow all methods
        config.addAllowedHeader("*"); // Allow all headers
        config.setAllowCredentials(true); // Allow credentials

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        return source;
    }
}

File Structure:

security/SecurityConfig.ajva security/JwtLoggingFilter

Output Console:

.contact_phone,o1_0.created_at,o1_0.delivery_costs,o1_0.employee_approved_by_id,o1_0.employee_id,o1_0.employee_name,o1_0.expiry_date,o1_0.installation_costs,o1_0.message,o1_0.modified_at,o1_0.offer_estimation_amount,o1_0.offer_link,o1_0.offer_title,o1_0.organization_id,o1_0.organization_name,o1_0.pdf_path,o1_0.send_date,o1_0.stalk_date,o1_0.status,o1_0.total_costs from offers o1_0 order by o1_0.id desc offset ? rows fetch first ? rows only
Hibernate: select op1_0.offer_id,op1_0.id,op1_0.delivery_time,op1_0.product_code,op1_0.product_id,op1_0.product_name,op1_0.product_price,op1_0.quantity from offer_products op1_0 where op1_0.offer_id=?
2025-01-29T18:42:56.179+01:00  WARN 20868 --- [nio-8080-exec-3] ration$PageModule$WarningLoggingModifier : Serializing PageImpl instances as-is is not supported, meaning that there is no guarantee about the stability of the resulting JSON structure!
        For a stable JSON structure, please use Spring Data's PagedModel (globally via @EnableSpringDataWebSupport(pageSerializationMode = VIA_DTO))
        or Spring HATEOAS and Spring Data's PagedResourcesAssembler as documented in <https://docs.spring.io/spring-data/commons/reference/repositories/core-extensions.html#core.web.pageables>.

JWT Token Received: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkYjhmOTliMS00OGI3LTQ3ODktYWUwZi0yYWY5MGVjZmViOTIiLCJuYW1lIjoiSm9obiBEb2UiLCJyb2xlIjoiQURNSU4iLCJpYXQiOjE2NzQ5MjE2MDAsImV4cCI6MTY3NTAwODAwMH0.D-tu2nEEg8WsBaiw3CgHmecoGMxMHHAnkYQMi--ZRWU
Hibernate: insert into offers (account_manager_id,account_manager_name,contact_mail,contact_person_id,contact_person_name,contact_phone,created_at,delivery_costs,employee_approved_by_id,employee_id,employee_name,expiry_date,installation_costs,message,modified_at,offer_estimation_amount,offer_link,offer_title,organization_id,organization_name,pdf_path,send_date,stalk_date,status,total_costs,id) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)

Decoding the printed JWT Token:

image.png

Result: Without explaining much, we have shown how you can assure that your client sends JWT information in the authorization header of your HTTP request.