From 7f6a0c1f92954c4b8531c42cc3c2f001cc10e7e8 Mon Sep 17 00:00:00 2001 From: DmitriiCravcenco Date: Thu, 5 Oct 2023 22:25:05 +0300 Subject: [PATCH] Fixed JWT Role assignment and method access --- .../expensetrackerfaf/config/SecurityConfiguration.java | 2 +- .../java/com/faf223/expensetrackerfaf/model/Credential.java | 2 +- src/main/java/com/faf223/expensetrackerfaf/model/Role.java | 2 +- .../com/faf223/expensetrackerfaf/security/PersonDetails.java | 4 ++-- .../expensetrackerfaf/service/AuthenticationService.java | 3 +-- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java index 4e5d318..ea7f8b9 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java +++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java @@ -24,7 +24,7 @@ public class SecurityConfiguration { .csrf(csrf -> csrf.disable()) .authorizeHttpRequests(auth -> auth .requestMatchers("/api/v1/auth/**").permitAll() - .requestMatchers("/encomes").hasRole("ADMIN") + .requestMatchers("/expenses").hasRole("ADMIN") .anyRequest().authenticated() ) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) diff --git a/src/main/java/com/faf223/expensetrackerfaf/model/Credential.java b/src/main/java/com/faf223/expensetrackerfaf/model/Credential.java index bc477c0..f993e9f 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/model/Credential.java +++ b/src/main/java/com/faf223/expensetrackerfaf/model/Credential.java @@ -29,7 +29,7 @@ this.email = email; this.password = password; - this.role = Role.USER; + this.role = Role.ROLE_USER; } } diff --git a/src/main/java/com/faf223/expensetrackerfaf/model/Role.java b/src/main/java/com/faf223/expensetrackerfaf/model/Role.java index cb47b04..ea04328 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/model/Role.java +++ b/src/main/java/com/faf223/expensetrackerfaf/model/Role.java @@ -2,5 +2,5 @@ package com.faf223.expensetrackerfaf.model; public enum Role { - USER, ADMIN + ROLE_USER, ROLE_ADMIN } diff --git a/src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java b/src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java index 97aa9ca..f805e79 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java +++ b/src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java @@ -10,7 +10,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import java.util.Collection; -import java.util.List; +import java.util.Collections; @Data @Builder @@ -22,7 +22,7 @@ public class PersonDetails implements UserDetails { @Override public Collection getAuthorities() { - return List.of(new SimpleGrantedAuthority(credential.getRole().name())); + return Collections.singletonList(new SimpleGrantedAuthority(credential.getRole().toString())); } @Override diff --git a/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java b/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java index 0fdb7fe..96cb4a4 100644 --- a/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java +++ b/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java @@ -31,10 +31,9 @@ public class AuthenticationService { User user = User.builder() .firstName(request.getFirstname()) .lastName(request.getLastname()) - .password(passwordEncoder.encode(request.getPassword())) .username(request.getUsername()) .build(); -// System.out.println(user); + userRepository.save(user); Credential credential = new Credential(user, request.getEmail(), passwordEncoder.encode(request.getPassword())); credentialRepository.save(credential);