Here is the security configuration, JWT authentication filter and the controller classes, I want to test the filter by providing the jwtlogindto in the body of the request /api/signin, but it does not recognize it and the credentials are not checked and no tiken is returned. Can you help me to figure out the bugs that causing this error?
@Configuration
@AllArgsConstructor
public class SecurityConfig {
private final UserService userService;
private final AuthenticationConfiguration authenticationConfiguration;
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.authorizeHttpRequests()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/api/signin").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
return httpSecurity.build();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(userService);
return daoAuthenticationProvider;
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
@Service
@AllArgsConstructor
public class JWTAuthentication {
private static final Logger logger = LoggerFactory.getLogger(JWTAuthentication.class);
private AuthenticationManager authenticationManager;
private String generateToken(Authentication authentication) {
UserPrincipal principal = (UserPrincipal) authentication.getPrincipal();
logger.info("Generating token for user: {}", principal.getUsername());
String token = JWT.create()
.withSubject(principal.getUsername())
.withExpiresAt(new Date(System.currentTimeMillis() + JWTProperties.EXPIRATION_TIME))
.sign(Algorithm.HMAC512(JWTProperties.SECRET.getBytes()));
logger.info("Generated token: {}", token);
return token;
}
public String login(JWTLoginDto jwtLoginDto) {
try {
logger.info("Authenticating user: {}", jwtLoginDto.getUsername());
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(jwtLoginDto.getUsername(), jwtLoginDto.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = generateToken(authentication);
System.out.println("Generated Token inside login : " + token);
logger.info("Authentication successful, returning token");
return token;
} catch (Exception e) {
logger.error("Authentication failed for user: {}", jwtLoginDto.getUsername(), e);
throw new RuntimeException("Authentication failed", e);
}
}
}
@RestController
@RequestMapping("/api")
public class UserController {
private final JWTAuthentication jwtAuthenticationFilter;
@Autowired
public UserController(JWTAuthentication jwtAuthenticationFilter) {
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
}
@PostMapping("/signin")
public ResponseEntity<?> login(@RequestBody JWTLoginDto jwtLoginDto) {
try {
String token = jwtAuthenticationFilter.login(jwtLoginDto);
return ResponseEntity.ok(token);
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Authentication failed");
}
}
}```
I expect the token to be returned but the response returned nothing, even if the body request credentials are incorrect, indicating the user controller not listening to the request, only basic auth in postman is checking correctly the credentials
1