Thanks for your instructions. I created a custom valve in Ivy 7.1 to validate the bearer token. Inside the method, I get the Authorization token in the header and check if it is valid or not, if not, could I stop the request and throw an error unauthorized exception?exception back to the client?
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
String token = request.getHeader("Authorization");
if(StringUtils.isEmpty(token)){
getNext().invoke(request, response);
return;
}
if(TokenValidator.isValidToken(token)){
String userName = extractUserNameFromToken(token);
request.setUserPrincipal(createUserPrincipal(userName));
getNext().invoke(request, response);
} else {
// How to reject the request and throw unauthorized exception back to the client?
}
}
Thanks
