Acesso a endpoint com spring e roles
24/07/2023
0
Bom dia, estou estudando spring no java e em uma dos meus estudos para um get (endpont) preciso que somente usuario com a role ADMIN tenha acesso ao endpoint, porem, ao adicionar o .antMatchers(HttpMethod.GET,"/usuarios").hasRole("ADMIN") o retorno e 403, tentei algumas coisas mas não deu certo, gostaria da ajuda caso alguem tenha mais conhecimento no assunto.
WebSecurityConfigurerAdapter
Classe modelo do usuario:
userDatails
Classe reposiory
WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
final UserDetailsServiceImpl userDetailsService;
public WebSecurityConfig(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/").permitAll()
.antMatchers(HttpMethod.GET, "/novoevento").permitAll()
.antMatchers(HttpMethod.GET, "/setores").permitAll()
.antMatchers(HttpMethod.POST, "/novoevento").permitAll()
.antMatchers(HttpMethod.GET,"/usuarios").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.csrf().disable();
}
Classe modelo do usuario:
package br.org.spb.iead.model;
import org.springframework.context.annotation.Role;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import javax.persistence.*;
import java.io.Serializable;
import java.util.Collection;
import java.util.List;
import java.util.UUID;
@Entity
@Table(name = "TB_USER")
public class UserModel implements UserDetails, Serializable {
private static final long serialVersionUID=1L;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private long userId;
@Column(nullable = false, unique = true)
private String username;
@Column(nullable = false)
private String password;
@ManyToMany
@JoinTable(name = "TB_USERS_ROLES",
joinColumns = @JoinColumn(name = "user_id"),
inverseJoinColumns = @JoinColumn(name = "role_id"))
private List<RoleModel> roles;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return this.roles;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
public long getUserId() {
return userId;
}
public void setUserId(long userId) {
this.userId = userId;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public List<RoleModel> getRoles() {
return roles;
}
public void setRoles(List<RoleModel> roles) {
this.roles = roles;
}
}
userDatails
package br.org.spb.iead.configs.security;
import br.org.spb.iead.model.UserModel;
import br.org.spb.iead.repository.UserRepository;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import javax.transaction.Transactional;
@Service
@Transactional
public class UserDetailsServiceImpl implements UserDetailsService {
final UserRepository userRepository;
public UserDetailsServiceImpl(UserRepository userRepository) {
this.userRepository = userRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserModel userModel = userRepository.findByUsername(username)
.orElseThrow(() -> new UsernameNotFoundException("User Not Found with username: " + username));
return new User(userModel.getUsername(), userModel.getPassword(), true, true, true,true, userModel.getAuthorities());
}
}
Classe reposiory
@Repository
public interface UserRepository extends JpaRepository<UserModel, Long> {
Optional<UserModel> findByUsername(String username);
}
Gustavo Nascimento
Curtir tópico
+ 0
Responder
Posts
Clique aqui para fazer login e interagir na Comunidade :)