Merge pull request #3593 from Thushani-Jayasekera/websocket-mgw

[choreo] set the value for auth header from sec-protocol header
wso2 · Sep 30, 2024 · faaf4ac · faaf4ac
2 parents 5eb62b5 + 3baf956
commit faaf4ac
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/...nforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java b/...nforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java
@@ -159,6 +159,14 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws
             }
             String jwtToken = retrieveAuthHeaderValue(requestContext);
 
+            if (jwtToken == null
+                    && requestContext.getMatchedAPI().getApiType().equalsIgnoreCase(APIConstants.ApiType.WEB_SOCKET)) {
+                String tokenValue = extractJWTInWSProtocolHeader(requestContext);
+                if (StringUtils.isNotEmpty(tokenValue)) {
+                    jwtToken = JWTConstants.BEARER + " " + tokenValue;
+                }
+            }
+
             if (jwtToken == null || !jwtToken.toLowerCase().contains(JWTConstants.BEARER)) {
                 throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
                         APISecurityConstants.API_AUTH_MISSING_CREDENTIALS, "Missing Credentials");