Whenever i try to authenticate postman sends me 403 status
My security config
i think this part of code is correct
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true)
@RequiredArgsConstructor
public class SecurityConfig {
private final JWTAuthFilter jwtAuthFilter;
private final UserDetailServiceImpl userDetailService;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/auth/**").permitAll()
.anyRequest().authenticated()
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authenticationProvider(authenticationProvider())
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager();
}
}
Problem occurs in here
when i put debug debug in authenticate method it starts throws error
@RestController
@RequestMapping("/auth")
@RequiredArgsConstructor
@Slf4j
public class IAMController {
private final JWTService jwtService;
private final UserService userService;
private final AuthenticationManager authenticationManager;
@PostMapping("/register")
public String saveUser(@RequestBody UserDto userRequest) {
jwtService.generateToken(userRequest.getUsername());
log.info(jwtService.generateToken(userRequest.getUsername()));
return userService.createUser(userRequest);
}
@PostMapping("/login")
public String authenticateAndGetToken(@RequestBody AuthRequestDto request) {
Authentication authentication = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken(request.getUsername(),request.getPassword()));
if (authentication.isAuthenticated()) {
return jwtService.generateToken(request.getUsername());
}
log.info("invalid username " + request.getUsername());
throw new UsernameNotFoundException("invalid username {} " + request.getUsername());
}}
My model
i created my models in liquibase
@Entity
@Getter
@Setter
@Table(name = "users_beta")
@Builder
@AllArgsConstructor
public class User {
public User() {
}
@Id
@Column(name = "id")
@GeneratedValue(strategy = GenerationType.IDENTITY)
private long userId;
@Column(name = "username",length = 100)
private String username;
@Column(length = 100)
private String email;
@Column(name = "Password",length = 100)
private String password;
@OneToOne(mappedBy = "user")
private Post post;
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL, mappedBy = "user")
private List<Role> userRoles;
}
**My roles
**
roles are also created by liquibase
@Entity
@Table(name = "user_role")
@AllArgsConstructor
@NoArgsConstructor
@Builder
@Getter
@Setter
public class Role {
@Id
@Column(name = "id", nullable = false)
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Size(max = 50)
@NotNull
@Column(name = "role", nullable = false, length = 50)
private String role;
@ManyToOne(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
@JoinColumn(name = "USER_ID", referencedColumnName = "ID")
private User user;
}
i dont think repository is wrong
@Repository
public interface UserRepository extends JpaRepository<User,Long> {
Optional<User> findByUsername(String userName);
}
My Service
@Service
@RequiredArgsConstructor
public class UserService {
private final UserRepository userRepository;
private final PasswordEncoder bCryptPasswordEncoder;
public String createUser(UserDto userRequest) {
var userinfo = User.builder()
.email(userRequest.getEmail())
.username(userRequest.getUsername())
.password(bCryptPasswordEncoder.encode(userRequest.getPassword()))
.build();
userinfo.setUserRoles(userRequest.getRoles().stream()
.map(string -> Role.builder()
.user(userinfo)
.role(string).build()).toList());
userRepository.save(userinfo);
return "success";
}
@Service
@RequiredArgsConstructor
@Slf4j
public class UserDetailServiceImpl implements UserDetailsService {
private final UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
log.info("user");
User user = userRepository.findByUsername(username).orElseThrow();
log.info(user.getUsername()+" loaded");
return new UserDetailDto(user);
}
}
I cannot authenticate to my account, it loads user but there is no authentication, my user exists in database
New contributor
Ilyas Azizzade is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.