Java Spring login authentification | Together Java | Page 1

torn wave May 8, 2024, 3:03 PM

#

I have POST /login with JSON payload username and password
I need to auth that session with database (PasswordEncoder provided) and create session, so it could be used in later

I did research. I have been looking in documentation. Please do not post links to google or documentation. Just give me a hint which set of classes I must setup OR example project on github. Thanks

carmine sparrowBOT May 8, 2024, 3:03 PM

#

<@&1004656351647117403> please have a look, thanks.

torn wave May 8, 2024, 3:10 PM

#

so far I done this

#

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
    @Bean
    public UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(userDetailsService());
        authProvider.setPasswordEncoder(passwordEncoder());

        return authProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
        AuthenticationManagerBuilder builder = http.getSharedObject(AuthenticationManagerBuilder.class);
        builder.authenticationProvider(daoAuthenticationProvider());
        return builder.build();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
                .csrf(csrf -> {
                    csrf.ignoringRequestMatchers(("/**"));
                })
                .authorizeHttpRequests(auth -> {
                    //auth.requestMatchers("/user").authenticated();
                    auth.requestMatchers("/**").permitAll();
                })
                .formLogin(form -> {
                    form.loginPage("/login").permitAll();
                })
                .httpBasic(withDefaults())
                .build();
    }
}

public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private UserRepository userRepository;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userRepository.findUserByUsername(username)
                .orElseThrow(() -> new UsernameNotFoundException("username not found"));
return new UserDetailsImpl(user);
    }
}

#

public class UserDetailsImpl implements UserDetails {
    private final User user;

    public UserDetailsImpl(User user) {
        this.user = user;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return Collections.singletonList(user.getRole());
    }

    @Override
    public String getPassword() { return user.getPassword(); }

    @Override
    public String getUsername() {
        return user.getUsername();
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return !user.isDeleted();
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

carmine sparrowBOT May 9, 2024, 3:33 AM

#

@torn wave

Your question has been closed due to inactivity.

If it was not resolved yet, feel free to just post a message below
to reopen it, or create a new thread.

Note that usually the reason for nobody calling back is that your
question may have been not well asked and hence no one felt confident
enough answering.

When you reopen the thread, try to use your time to improve the quality
of the question by elaborating, providing details, context, all relevant code
snippets, any errors you are getting, concrete examples and perhaps also some
screenshots. Share your attempt, explain the expected results and compare
them to the current results.

Also try to make the information easily accessible by sharing code
or assignment descriptions directly on Discord, not behind a link or
PDF-file; provide some guidance for long code snippets and ensure
the code is well formatted and has syntax highlighting. Kindly read through
https://stackoverflow.com/help/how-to-ask for more.

With enough info, someone knows the answer for sure 👍

torn wave May 9, 2024, 5:54 AM

#

Not resolved

shadow pumice May 9, 2024, 6:29 AM

#

are you talking about setting up JWTs, so user doesn't have to login with credentials everytime??

#

I don't know much myself though, just trying the understand the problem!!

torn wave May 9, 2024, 12:32 PM

#

shadow pumice are you talking about setting up JWTs, so user doesn't have to login with creden...

not jwts, plain http session with cookie

shadow pumice May 9, 2024, 1:46 PM

#

Alright then, I'm also following this thread, I would also like to know that

#Java Spring login authentification