Acesso a endpoint com spring e roles
Bom dia, estou estudando spring no java e em uma dos meus estudos para um get (endpont) preciso que somente usuario com a role ADMIN tenha acesso ao endpoint, porem, ao adicionar o .antMatchers(HttpMethod.GET,"/usuarios").hasRole("ADMIN") o retorno e 403, tentei algumas coisas mas não deu certo, gostaria da ajuda caso alguem tenha mais conhecimento no assunto.
WebSecurityConfigurerAdapter
Classe modelo do usuario:
userDatails
Classe reposiory
WebSecurityConfigurerAdapter
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { final UserDetailsServiceImpl userDetailsService; public WebSecurityConfig(UserDetailsServiceImpl userDetailsService) { this.userDetailsService = userDetailsService; } @Override protected void configure(HttpSecurity http) throws Exception { http .httpBasic() .and() .authorizeRequests() .antMatchers(HttpMethod.GET, "/").permitAll() .antMatchers(HttpMethod.GET, "/novoevento").permitAll() .antMatchers(HttpMethod.GET, "/setores").permitAll() .antMatchers(HttpMethod.POST, "/novoevento").permitAll() .antMatchers(HttpMethod.GET,"/usuarios").hasRole("ADMIN") .anyRequest().authenticated() .and() .csrf().disable(); }
Classe modelo do usuario:
package br.org.spb.iead.model; import org.springframework.context.annotation.Role; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import javax.persistence.*; import java.io.Serializable; import java.util.Collection; import java.util.List; import java.util.UUID; @Entity @Table(name = "TB_USER") public class UserModel implements UserDetails, Serializable { private static final long serialVersionUID=1L; @Id @GeneratedValue(strategy = GenerationType.AUTO) private long userId; @Column(nullable = false, unique = true) private String username; @Column(nullable = false) private String password; @ManyToMany @JoinTable(name = "TB_USERS_ROLES", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id")) private List<RoleModel> roles; @Override public Collection<? extends GrantedAuthority> getAuthorities() { return this.roles; } @Override public String getPassword() { return this.password; } @Override public String getUsername() { return this.username; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } public long getUserId() { return userId; } public void setUserId(long userId) { this.userId = userId; } public void setUsername(String username) { this.username = username; } public void setPassword(String password) { this.password = password; } public List<RoleModel> getRoles() { return roles; } public void setRoles(List<RoleModel> roles) { this.roles = roles; } }
userDatails
package br.org.spb.iead.configs.security; import br.org.spb.iead.model.UserModel; import br.org.spb.iead.repository.UserRepository; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import javax.transaction.Transactional; @Service @Transactional public class UserDetailsServiceImpl implements UserDetailsService { final UserRepository userRepository; public UserDetailsServiceImpl(UserRepository userRepository) { this.userRepository = userRepository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserModel userModel = userRepository.findByUsername(username) .orElseThrow(() -> new UsernameNotFoundException("User Not Found with username: " + username)); return new User(userModel.getUsername(), userModel.getPassword(), true, true, true,true, userModel.getAuthorities()); } }
Classe reposiory
@Repository public interface UserRepository extends JpaRepository<UserModel, Long> { Optional<UserModel> findByUsername(String username); }
Gustavo Nascimento
Curtidas 0
Respostas
Gustavo Nascimento
24/07/2023
Corrigido!
GOSTEI 0