Hi,
I have created a XData Server with a
Service which is supposed to check the given jwt for specific claims to
either return a result or to return an unauthorized message.
For this I added this to the server.pas file:
Added Sparkle.Security and Sparkle.Middleware.Jwt to uses
Added Module.AddMiddleware(TJwtMiddleware.Create('Test1234')); right after Module := TXDataServerModule.Create(...
In GetDataServiceImplementation.pas I added Sparkle.Security and XData.Sys.Exceptions to uses
Then I added these lines to function GetDataService.GetData(scrit1, scrit2: String): TList<String>;
// Prüfen ob der Benutzer authentifiziert ist
Benutzer := TXDataOperationContext.Current.Request.User;
if Benutzer = nil then
raise EXDataHttpUnauthorized.Create('User not authenticated');
// Prüfen ob der Benutzer die Berechtigung hat
if not (Benutzer.Claims['admin'].AsString = 'P') then
raise EXDataHttpForbidden.Create('Not enough privileges');
Benutzer := TXDataOperationContext.Current.Request.User;
if Benutzer = nil then
raise EXDataHttpUnauthorized.Create('User not authenticated');
// Prüfen ob der Benutzer die Berechtigung hat
if not (Benutzer.Claims['admin'].AsString = 'P') then
raise EXDataHttpForbidden.Create('Not enough privileges');
However when I debug this, Benutzer := TXDataOperationContext.Current.Request.User; returns nil for Benutzer.
I'm using the REST Debugger and added the token as a Header parameter with the name authorization and the value is Bearer jwt
The token is valid and the fact that the function is called shows that XData deenms the token properly signed.
What is going wrong here? I'm using the most recent version of Aurelius, Sparkle and XData