I just added WebSecurityConfigurerAdapter to my project to try and make an user logic (login - password - what which user could do to my application) for the first time ever but something is really wrong.
Whenever I try to make a request, to any path or any kind of method, it returns me as 403 Forbidden! I don't know what to do since this is the first time I'm dealing with any kind of security logic.
this is my code:
@Configuration
@EnableWebSecurity
@ComponentScan
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService userDetailsService;
@Bean
AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider provider
= new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(new BCryptPasswordEncoder());
return provider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/**")
.hasAuthority("ADMIN")
.antMatchers(HttpMethod.DELETE, "/**")
.hasAuthority("ADMIN")
.antMatchers(HttpMethod.PUT, "/**")
.hasAuthority("ADMIN")
.antMatchers(HttpMethod.GET, "/**")
.hasAuthority("ADMIN")
.antMatchers(HttpMethod.GET, "/tools")
.hasAuthority("USER")
.anyRequest()
.authenticated()
.and()
.cors()
.and()
.exceptionHandling()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
}
}
I also have these two classes (I'm following a tutorial and the guy made these two):
public class CustomUserDetails implements UserDetails {
/**
*
*/
private static final long serialVersionUID = 1L;
private Users user;
public CustomUserDetails(Users user) {
super();
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority(user.getRole()));
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getLogin();
}
public String getEmail() {
return user.getEmail();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
and
public class CustomUserDetails implements UserDetails {
/**
*
*/
private static final long serialVersionUID = 1L;
private Users user;
public CustomUserDetails(Users user) {
super();
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority(user.getRole()));
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getLogin();
}
public String getEmail() {
return user.getEmail();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
if I left anything out and you really wanna help, this is the entire code: https://github.com/vitoriaacarvalho/backend-challenge-very-useful-tools-to-remember-
I'm already thanking (so much) anyone who responds and tries to help!
CodePudding user response:
@Autowire
CustomUserDetails userDetailsService;
CodePudding user response:
First you have to assign role in REST API. Then login to correct user role.