Himai Minh

Bartender
+ Follow
since Jul 29, 2012
Merit badge: grant badges
Forum Moderator
Himai Minh currently moderates these forums:
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Himai Minh

I heard we are not recommended to use milestone versions because those versions are not stable.
Have you try those stable versions without the milestone?

Do you put @Autowired to UserRepository?
2 days ago
Does this package org.springframework.transaction.annotation exist in your classpath in your project?
If not, try to reimport the dependencies from your POM.
1 month ago
Does this help: ?
Does add this help ? Try to put any available version for the mongodb driver core.
<dependency>
       <groupId>org.mongodb</groupId>
       <artifactId>mongodb-driver-core</artifactId>
       <version> ... </version>
   </dependency>
1 month ago
Your username should be root. I don't know your password.
How about trying any different Spring Boot version?
2 months ago
Also, my next test is to use  @PreAuthorize("hasAuthority('USER')") for the get endpoint instead of @RolesAllowed.
It now works.
7 months ago
So far, I made some changes to your code:




In application.properties, use this property instead of create-drop to recreate the table every time I start the application:

I use port 8080 instead of 6666
I use Postman to do the following:
1. I first send a POST request at  localhost:8080/auth/register.
I submit these info in JSON
{
       
        "firstname" : "John",
         "lastname": "Smith",
         "username" : "jsmith3",
         "password": "smith3",
         "email" : "[email protected]"
       
   }
2. I then send a POST request at localhost:8080/auth/login
{       "username" : "jsmith3",
         "password": "smith3"
}
I got the access token
3. I create another GET request at localhost:8080/endpoints/user
Under the Authorization panel, copy and paste the token in the Bearer Token field.
4. So far, I get access to the endpoint
7 months ago
Does this article help:
https://www.baeldung.com/security-none-filters-none-access-permitAll ?

Section 5 of the article says this:

Also note that, if an <http> element doesn’t specify a pattern, then by default, that maps to the universal match pattern – “/**” – so again, this element
needs to be last. If the order of the elements is not correct, the creation of the security filter chain will fail:

7 months ago
One more additional note to my previous post.
Can you try to create a second user , maybe called John and a password for John?
Then, you, as Obert user,  log in and log out.
Then, you log in as John. See if John can be authenticated.
7 months ago
As I check your CustomLogoutHandler, it simply deletes the token, which was once used by the user and no longer needed.
It should not affect the authorities of the user.
So, when you log back in, you are denied again.
Maybe, put some debuggers in the JwtAuthenticationFilter and see.

I don't understand why you need to use the refreshToken like this:

7 months ago
Also, one more additional note to my above comment. I found a public free educational example Github https://github.com/springframeworkguru/ssc-brewery/blob/mtc-secure-read-beer-order/src/main/java/guru/sfg/brewery/security/JpaUserDetailsService.java
This example shows:



So, in your code, you can do this:
 

7 months ago
First of all, where is this error coming from : ((User)userDetails).password = Cannot find local variable 'userDetails'   ?

In the AuthService class,  can you put some debuggers in the login method  to see how it goes?
Especially inside the generateNewAccessToken method, put a debugger in this line:  UserDetails userDetails = ourUserDetailsService.loadUserByUsername(username);

Also, in the JwtAuthenticationFilter class, can you put some debuggers in this piece of code:


That way, you can see if your token is valid or invalid.
7 months ago