Fixed JWT Role assignment and method access

2023-10-05 22:25:05 +03:00
parent a6ed3794fe
commit 7f6a0c1f92
5 changed files with 6 additions and 7 deletions
--- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
@@ -24,7 +24,7 @@ public class SecurityConfiguration {
                .csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/v1/auth/**").permitAll()
-                        .requestMatchers("/encomes").hasRole("ADMIN")
+                        .requestMatchers("/expenses").hasRole("ADMIN")
                        .anyRequest().authenticated()
                )
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
--- a/src/main/java/com/faf223/expensetrackerfaf/model/Credential.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/model/Credential.java
@@ -29,7 +29,7 @@
            this.email = email;
            this.password = password;

-            this.role = Role.USER;
+            this.role = Role.ROLE_USER;
        }
    }

--- a/src/main/java/com/faf223/expensetrackerfaf/model/Role.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/model/Role.java
@@ -2,5 +2,5 @@
 package com.faf223.expensetrackerfaf.model;

 public enum Role {
-    USER, ADMIN
+    ROLE_USER, ROLE_ADMIN
 }
--- a/src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java
@@ -10,7 +10,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;

 import java.util.Collection;
-import java.util.List;
+import java.util.Collections;

@Data
@Builder
@@ -22,7 +22,7 @@ public class PersonDetails implements UserDetails {

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
-        return List.of(new SimpleGrantedAuthority(credential.getRole().name()));
+        return Collections.singletonList(new SimpleGrantedAuthority(credential.getRole().toString()));
    }

    @Override
--- a/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java
@@ -31,10 +31,9 @@ public class AuthenticationService {
        User user = User.builder()
                .firstName(request.getFirstname())
                .lastName(request.getLastname())
-                .password(passwordEncoder.encode(request.getPassword()))
                .username(request.getUsername())
                .build();
-//        System.out.println(user);
+
        userRepository.save(user);
        Credential credential = new Credential(user, request.getEmail(), passwordEncoder.encode(request.getPassword()));
        credentialRepository.save(credential);