spring 401 | Java Community | Help. Code. Learn. | Page 1

azure orchid Oct 31, 2022, 9:54 PM

#

Hey, i added to my backend a login system (https://www.youtube.com/watch?v=mn5UZYtPLjg&t=798s) and it gives 401 to everyone if its not valid. In the tutorial it works, but not with me. My code is here: https://github.com/Uzuark/websitebackend

sharp shadowBOT Oct 31, 2022, 9:54 PM

#

Hey, @azure orchid!
Please remember to /close this post once your question has been answered!

whole hornet Nov 1, 2022, 1:33 AM

#

azure orchid Hey, i added to my backend a login system (https://www.youtube.com/watch?v=mn5UZ...

Your RequestMapping("/api/v1/users/") should be match with

antMatchers("/auth/**")
                .permitAll()

U are allowing auth path without authentication and authorisation but trying to access other which will result to unauthorised access error

azure orchid Nov 1, 2022, 8:25 AM

#

whole hornet Your `RequestMapping("/api/v1/users/")` should be match with ```java antMatchers...

i edited it, but now i get from the login method 500 error

azure orchid Nov 1, 2022, 8:45 AM

#

https://pastebin.com/m6bRaHzC

sharp shadowBOT Nov 1, 2022, 8:45 AM

#

    @PostMapping("/login")

azure orchid Nov 1, 2022, 12:18 PM

#

https://github.com/Uzuark/websitebackend/blob/main/src/main/java/de/uzuark/websitebackend/controller/AuthController.java#L53

sharp shadowBOT Nov 1, 2022, 12:18 PM

#

azure orchid https://github.com/Uzuark/websitebackend/blob/main/src/main/java/de/uzuark/websi...

        Authentication authentication = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authRequest.getEmail(), authRequest.getPassword()));

azure orchid Nov 1, 2022, 12:19 PM

#

sharp shadow ```java Authentication authentication = this.authenticationManager.authe...

error line

lyric sluice Nov 1, 2022, 12:37 PM

#

Maybe missing: SecurityContextHolder.getContext().setAuthentication(authentication); ?

azure orchid Nov 1, 2022, 1:08 PM

#

lyric sluice Maybe missing: `SecurityContextHolder.getContext().setAuthentication(authentica...

where

lyric sluice Nov 1, 2022, 1:10 PM

#

I think the best approach is creating a OncePerRequestFilter and then adding it to your web security config, inside the filter create the auth and add it to the context

#

Auth must be created before the request reaches the controllers

#

See here I have an example in a side project: https://github.com/carlos-molero/fundebt/blob/master/src/main/java/dev/carlosmolero/fundebt/filters/JWTAuthorizationFilter.java

GitHub

fundebt/JWTAuthorizationFilter.java at master · carlos-molero/fundebt

A fully managed and easy to deploy debt management dashboard. - fundebt/JWTAuthorizationFilter.java at master · carlos-molero/fundebt

azure orchid Nov 1, 2022, 2:38 PM

#

lyric sluice Maybe missing: `SecurityContextHolder.getContext().setAuthentication(authentica...

nope i'm doing that already

#

i found out that this is null

String token = request.getHeader("Authorization");

lyric sluice Nov 1, 2022, 2:45 PM

#

That’s problematic then 😂

azure orchid Nov 1, 2022, 2:45 PM

#

lyric sluice That’s problematic then 😂

yes

whole hornet Nov 1, 2022, 3:04 PM

#

but since it's added in

.antMatchers("/api/**")
.permitAll()

#

that shouldn't be problem

#

ah got it

#

u have overide wrong method

#

    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    @Nullable
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }

#

it should be

- public AuthenticationManager authenticationManager() ...
+ public AuthenticationManager authenticationManagerBean() ...

azure orchid Nov 1, 2022, 3:19 PM

#

finally

#

it works

#

thanks

#

love u

whole hornet Nov 1, 2022, 3:27 PM

#

🎉

#spring 401