#spring login

a

⌛ This post has been reserved for your question.

Hey @heady pier! Please use /close or the Close Post button above when you're finished. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.

@half forum hello

and this is the filter chain bean

so you have a PasswordEncoder bean

yeah, i added it because this is when i'm using the UserDetailsService

Do you want to use the UserDetailsService?

if it works, sure

Do you maybe have another UserDetailService?

Can you show the full stack trace (ideally as text, not as an image)?

i have this one

there is no stack trace, it doesn't throw an exception

i'm just unable to log in using these credentials here

I thought you are getting a Could not find PasswordEncoder for id null error or something like that?

that's when i use this

in your PasswordEncoder bean, try replacing it with PasswordEncoderFactories.createDelegatingPasswordEncoder()

okay

is it better to use a UserDetailsService or handle the post request manually

Do you have any AuthenticationProvider?

I'd either use an AuthenticationProvider or a UserDetailService

no

okay

i don't really know anything about AuthenticationProviders

so i'll stick to UserDetailsService for now i guess

A custom UserDetailService could look like this:

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) {
        UserDetails userDetails = getUserDetailsFromUsername(username);
        if(userDetails == null){
            throw new UsernameNotFoundException("User not found: " + username);
        }
        return userDetails;
    }
}

what's @Transactional

you can create the UserDetails object like this:

org.springframework.security.core.userdetails.User
  .withUsername(user.getPhoneNumber())
  .password(user.getPassword())
  .authorities(yourGrantedAuthorities)
  .build();

forget that

mine looks about the same except no german and no @Transactional

Didn't plan to include Transactional

oh

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private UserRepository repo;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = this.repo.findByUsername(username);
        if (user == null) {
            throw new UsernameNotFoundException(username);
        }
        return new CustomUserDetails(user);
    }


}

this is mine

Can you show your CustomUserDetails class?

yeah the getPassword() should return the encoded (hashed) password

with your PasswordEncoder

https://cdn.discordapp.com/emojis/831508801646755850.webp?size=48&name=hmmCat&quality=lossless

where do i get the password encoder from

Just don't store plain text passwords

like when registering the user, you should encode the password and then never use the plain text password again

server side?

yes

okay

where would i save a test user

where i create the bean?

where is registration even done

in your user repository

@Bean
    public UserDetailsService userDetailsService() {
        this.repo.save(new User("user", "", passwordEncoder().encode("password")));
        return new UserDetailsServiceImpl();
    }
``` like this?

@Controller
public class RegisterController{
  private UserRepository userRepo;
  private PasswordEncoder passwordEncoder;
  public RegisterController(UserRepository userRepo, PasswordEncoder passwordEncoder){
    this.userRepo=userRepo;
    this.passwordEncoder=passwordEncoder;
  }
  @PostMapping("/register")
  public String register(@RequestParam("username")String username, @RequestParam("password") String password)
    //additional logic
    userRepo.save(new User(username, passwordEncoder.encode(passwod)));
    return "redirect:/login";
}

I wrote that in Discord so idk whether this is correct lol

you could do something like that for registering

is the PasswordEncoder injected

okay thanks

If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.

and in your UserDetailService, you could do something like

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private UserRepository repo;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return this.repo.findByUsername(username)
          .map(CustomUserDetails::new)
          .orElseThrow(()->new UsernameNotFoundException(username));
    }
}

since the UserRepository already stores encoded passwords, it should work

but you shouldn't have any plaintext passwords in your DB

okay

i see

findByUsername isn't an optional

i'll make it one i guess

if it returns null, you could also do a null check

it doesn't matter

gonna eat first 👍🏻

what kind of exception would i throw if the username already exists

you could also just redirect the user somewhere or something like that

or let them stay on the register site and tell them to use a nonexisting username

hmm

could i like add a parameter to the url and make thymeleaf show a message if that parameter is present

yes

e.g. you could redirect to /whatever?someParam

and check that in thymeleaf

how?

since it's a rest controller

do i return a 302

return new ResponseEntity<>(response, HttpStatus.FOUND);

If you really have a RestController and not a Controller

i do

but you don't have to use a redirect

response is the redirect url?

the content

oh right you need an additional Location header

yeah

you could use a MultiValueMap

or use servlets: https://stackoverflow.com/a/29088306/10871900

but I'd like the second answer there more:

HttpHeaders headers = new HttpHeaders();
headers.setLocation(URI.create(newUrl));
return new ResponseEntity<>(headers, HttpStatus.MOVED_PERMANENTLY);

hm?

lol

me too

for the url, do i use localhost

also, there's that interesting comment

oooo you can do .status

that's cool

if you want 302, use HttpStatus.FOUND ofc

gonna test this

huh

i think it doesn't use the UserDetailsService

Do you still have that?

it should print the user right, or at least null

If so, try removing it

no

just this

what's that supposed to be?

oh I see

the bean

it prints nothing at all

Is that bean created?

wdym

Can you show the full class of that?

Also, when sharing code, please share it as text in a codeblock

if possible

sure

is the userDetailService() method executed?

package xyz.mirai666.uwupaste.service;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import xyz.mirai666.uwupaste.UserRepository;
import xyz.mirai666.uwupaste.model.CustomUserDetails;
import xyz.mirai666.uwupaste.model.User;

import java.util.Optional;

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private UserRepository repo;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return Optional.ofNullable(this.repo.findByUsername(username))
                .map(e -> {System.out.println(e); return e;})
                .map(CustomUserDetails::new)
                .orElseThrow(() -> new UsernameNotFoundException(username));
    }


}

meant the full class of that

actually, that shouldn't matter

Can you also share your main class?

shouldn't spring be creating the bean

package xyz.mirai666.uwupaste;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class UwUPasteApplication {

    public static void main(String[] args) {
        SpringApplication.run(UwUPasteApplication.class, args);
    }

}

If you have @Service, it should automatically create the bean without an explicit @Bean method

ah

is it a problem if it's creating it twice maybe

maybe

And your UserRepository is a JPA repository?

yes

ig User is annotated with @Entity?

yes

Check whether UserDetailsServiceImpl#loadUserByUsername is executed

not the .map(e -> {System.out.println(e); return e;})

how

Add a System.out.println before the Optional.ofNullable(this.repo.findByUsername(username))

hmm it worked this time

both things got printed

i guess the problem was that the bean got created twice

Does it work?

the login does

nice

thank you :D

If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.

So what doesn't work?

the registering

i'll try to make that work

good luck

thanks

i need to add /register there too right

assuming you want it to work without logging in first

what the fuck did i do wrong

You must be logged in in order to create an account 🧌

I appreciate this error page

that's big brain

no annoying users

only the admin

yeah

and friends of the admin maybe

i hate users fr fr

thank you

If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.

maybe we should add a don't ask again button lol

truly

i know why it's saying this

shit is being sent like this 💀

no json

@half forum do you know which media type this is?

ah got it i think i can change it

form encoded?

text/plain?

yeah

I mean, you can just use @RequestParam for reading these things

i used @RequestBody

i did this

@PostMapping("/register")
public WHATEVER register(@RequestParam("username") String username, @RequestParam("password") String password, @RequestParam("email") String email){
  //TODO
}

ah

this does not work

sob

it worked

thanks

If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.

/login?usernameExists get redirected to /login

how do i get the currently logged in user

SecurityContextHolder.getContext()

or you add an Authentication parameter