1

I have rest end point config as in my application.properties as:

spring.data.rest.base-path=/api/v1 security.user.name=admin security.user.password=secret security.user.role=USER,ADMIN

And since,we implement spring security in pom.xml,we get the default login screen and when i enter username and password in that box,then i get authenticated:

enter image description here

The login happens successfully.But,when I try from postman,then I got 401 unathorized on response:

My rest endpoints to check is:

@RestController public class BasicAuthController { @GetMapping(path = "/basicauth") public AuthenticationBean basicauth() { System.out.println("hitted here"); return new AuthenticationBean("You are authenticated"); } }

So,i tried same username and password from postman and debugging using this System.out.println("hitted here"); doesnot get print on my console when send from postman.

enter image description here

I am getting 401 unauthorized while using postman.Even my restend point @GetMapping(path = "/basicauth") is not called.

My websecutry config is:

package in.ashwin.onlinebookstore.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl; import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService customUserDetailsService; @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(customUserDetailsService) .passwordEncoder(passwordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http .headers() .frameOptions().sameOrigin() .and() .authorizeRequests() .antMatchers("/resources/**", "/webjars/**","/assets/**").permitAll() .antMatchers("/").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .httpBasic(); } }

Customuserdetailservice is:

package in.ashwin.onlinebookstore.config; import java.util.Collection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import in.ashwin.onlinebookstore.entity.User; import in.ashwin.onlinebookstore.repository.UserRepository; @Service @Transactional public class CustomUserDetailsService implements UserDetailsService { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { User user = userRepository.findByEmail(userName) .orElseThrow(() -> new UsernameNotFoundException("Email " + userName + " not found")); return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), getAuthorities(user)); } private static Collection<? extends GrantedAuthority> getAuthorities(User user) { String[] userRoles = user.getRoles().stream().map((role) -> role.getName()).toArray(String[]::new); Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(userRoles); return authorities; } }

AuthenticationBean.java

public class AuthenticationBean { private String message; public AuthenticationBean(String message) { this.message = message; } }

I have basic user,role and user_role tables .As user can have many roles.

What is the mistake I did while sending from postman?

Improve this question
3
  • You need to configure Spring Security WebSecurityConfig class : .anyRequest().authenticated() .antMatchers("/api/auth/**").permitAll() Commented Jun 27, 2020 at 16:49
  • 2
    Is it your intention to use POST method? Commented Jun 27, 2020 at 16:54
  • oh yes thank you it was get method and it worked fine . Commented Jun 27, 2020 at 17:06

1 Answer 1

Reset to default
1

You are passing wrong data.

You need to put username and password set in the application.properties in the postman basic auth.

spring.security.user.name=admin spring.security.user.password=secret
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.