Spring Security 403 Запрещено в системе входа через ролиJAVA

Программисты JAVA общаются здесь
Anonymous
Spring Security 403 Запрещено в системе входа через роли

Сообщение Anonymous »

Я довольно новый весной JWT, я получаю 403 запрещен, когда я вхожу в систему, я успешно зарегистрирую всех своих пользователей. это < /p>
package org.example.gestionrendezvousmedic.configs;

import jakarta.servlet.Filter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.example.gestionrendezvousmedic.security.JwtAuthFilter;
@EnableMethodSecurity
@Configuration
@EnableWebSecurity
public class SecurityConfig {

private final UserDetailsService userDetailsService;
private final JwtAuthFilter jwtAuthFilter;

public SecurityConfig(UserDetailsService userDetailsService, JwtAuthFilter jwtAuthFilter) {
this.userDetailsService = userDetailsService;
this.jwtAuthFilter = jwtAuthFilter;
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/signup/**").permitAll()
.requestMatchers("/api/auth/login").permitAll()
.requestMatchers("/api/auth/**").permitAll()
// .requestMatchers("/admin/**").hasRole("ADMIN")
// .requestMatchers("/medecin/**").hasRole("MEDECIN")
// .requestMatchers("/patient/**").hasRole("PATIENT")
.anyRequest().authenticated()

)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);

return http.build();
}

}
< /code>
И это мое logindto: < /p>
package org.example.gestionrendezvousmedic.dtos;

import lombok.Data;
import org.example.gestionrendezvousmedic.models.Role;

@Data
public class LoginUserDto {
private String email;

private String password;
private Role role;

}

< /code>
И это моя служба JWT < /p>
package org.example.gestionrendezvousmedic.services;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

@Service
public class JwtService {
@Value("${security.jwt.secret-key}")
private String secretKey;

@Value("${security.jwt.expiration-time}")
private long jwtExpiration;

public String extractUsername(String token) {
return extractClaim(token, Claims::getSubject);
}

public T extractClaim(String token, Function claimsResolver) {
final Claims claims = extractAllClaims(token);
return claimsResolver.apply(claims);
}

public String generateToken(UserDetails userDetails) {
Map claims = new HashMap();
claims.put("role", userDetails.getAuthorities().stream()
.map(auth -> auth.getAuthority())
.toList()
);
return generateToken(claims, userDetails);
}

public String generateToken(Map extraClaims, UserDetails userDetails) {
return buildToken(extraClaims, userDetails, jwtExpiration);
}

public long getExpirationTime() {
return jwtExpiration;
}

private String buildToken(
Map extraClaims,
UserDetails userDetails,
long expiration
) {
return Jwts
.builder()
.setClaims(extraClaims)
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000*60*24))
.signWith(getSignInKey(), SignatureAlgorithm.HS256)
.compact();
}

public boolean isTokenValid(String token, UserDetails userDetails) {
final String username = extractUsername(token);
return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
}

private boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date());
}

private Date extractExpiration(String token) {
return extractClaim(token, Claims::getExpiration);
}

private Claims extractAllClaims(String token) {
return Jwts
.parserBuilder()
.setSigningKey(getSignInKey())
.build()
.parseClaimsJws(token)
.getBody();
}

private Key getSignInKey() {
byte[] keyBytes = Decoders.BASE64.decode(secretKey);
return Keys.hmacShaKeyFor(keyBytes);
}
}
< /code>
И это мой пользовательский класс: < /p>
package org.example.gestionrendezvousmedic.models;

import jakarta.persistence.*;
import lombok.Builder;
import lombok.Data;
import org.hibernate.annotations.CreationTimestamp;
import org.hibernate.annotations.UpdateTimestamp;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;
import java.util.Date;
import java.util.List;

@Inheritance(strategy = InheritanceType.JOINED)
@Data
@Entity

public class User implements UserDetails {

@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;

private String name;

private String email;

private String password;

@Enumerated(EnumType.STRING)
@Column(updatable = false, name ="ROLE_")
private Role role;

@CreationTimestamp
@Column(updatable = false, name = "created_at")
private Date createdAt;

@UpdateTimestamp
@Column(name = "updated_at")
private Date updatedAt;

public User() {}

public User(String name, String email, Role role) {
this.name = name;
this.email = email;
this.role = role;
}

public User(Role role) {
this.role = role;
}

@Override
public Collection

Подробнее здесь: https://stackoverflow.com/questions/796 ... -via-roles

Вернуться в «JAVA»