byte/expensetracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed JWT Role assignment and method access

Browse Source
This commit is contained in:
DmitriiCravcenco
2023-10-05 22:25:05 +03:00
parent a6ed3794fe
commit 7f6a0c1f92
5 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
View File

@@ -24,7 +24,7 @@ public class SecurityConfiguration {
.csrf(csrf -> csrf.disable()) .csrf(csrf -> csrf.disable())
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers("/api/v1/auth/**").permitAll() .requestMatchers("/api/v1/auth/**").permitAll()
.requestMatchers("/encomes").hasRole("ADMIN") .requestMatchers("/expenses").hasRole("ADMIN")
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))

2
src/main/java/com/faf223/expensetrackerfaf/model/Credential.java
View File

@@ -29,7 +29,7 @@
this.email = email; this.email = email;
this.password = password; this.password = password;
this.role = Role.USER; this.role = Role.ROLE_USER;
} }
} }

2
src/main/java/com/faf223/expensetrackerfaf/model/Role.java
View File

@@ -2,5 +2,5 @@
package com.faf223.expensetrackerfaf.model; package com.faf223.expensetrackerfaf.model;
public enum Role { public enum Role {
USER, ADMIN ROLE_USER, ROLE_ADMIN
} }

4
src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java
View File

@@ -10,7 +10,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.Collections;
@Data @Data
@Builder @Builder
@@ -22,7 +22,7 @@ public class PersonDetails implements UserDetails {
@Override @Override
public Collection<? extends GrantedAuthority> getAuthorities() { public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of(new SimpleGrantedAuthority(credential.getRole().name())); return Collections.singletonList(new SimpleGrantedAuthority(credential.getRole().toString()));
} }
@Override @Override

3
src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java
View File

@@ -31,10 +31,9 @@ public class AuthenticationService {
User user = User.builder() User user = User.builder()
.firstName(request.getFirstname()) .firstName(request.getFirstname())
.lastName(request.getLastname()) .lastName(request.getLastname())
.password(passwordEncoder.encode(request.getPassword()))
.username(request.getUsername()) .username(request.getUsername())
.build(); .build();
// System.out.println(user);
userRepository.save(user); userRepository.save(user);
Credential credential = new Credential(user, request.getEmail(), passwordEncoder.encode(request.getPassword())); Credential credential = new Credential(user, request.getEmail(), passwordEncoder.encode(request.getPassword()));
credentialRepository.save(credential); credentialRepository.save(credential);