I attempted to get all users, usin JWT Token and Spring Security. There is my source code as it follows:
Spring Console
org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.practicas.conexiona.model.User.userGroups, could not initialize proxy - no Session
at org.hibernate.collection.internal.AbstractPersistentCollection.throwLazyInitializationException(AbstractPersistentCollection.java:602) ~[hibernate-core-5.4.2.Final.jar:5.4.2.Final]
at org.hibernate.collection.internal.AbstractPersistentCollection.withTemporarySessionIfNeeded(AbstractPersistentCollection.java:217) ~[hibernate-core-5.4.2.Final.jar:5.4.2.Final]
at org.hibernate.collection.internal.AbstractPersistentCollection.readSize(AbstractPersistentCollection.java:161) ~[hibernate-core-5.4.2.Final.jar:5.4.2.Final]
at org.hibernate.collection.internal.PersistentSet.isEmpty(PersistentSet.java:174) ~[hibernate-core-5.4.2.Final.jar:5.4.2.Final]
at com.practicas.conexiona.model.User.getPermissionList(User.java:206) ~[classes/:na]
at com.practicas.conexiona.model.User.getAuthorities(User.java:115) ~[classes/:na]
at com.practicas.conexiona.service.UserService.loadUserByUsername(UserService.java:36) ~[classes/:na]
at com.practicas.conexiona.security.JwtRequestFilter.doFilterInternal(JwtRequestFilter.java:55) ~[classes/:na]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.36.jar:9.0.36]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_252]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_252]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.36.jar:9.0.36]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_252]
User.class
@Entity(name = "User")
@Table
public class User implements Serializable, UserDetails {
@Id
@GeneratedValue(generator = "uuid")
@GenericGenerator(name = "uuid", strategy = "uuid2")
@Size(max = 36)
@Column(name = "userId")
private String userId;
@JoinColumn(name = "accountId", referencedColumnName = "accountId", nullable = false)
@ManyToOne(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
@JsonInclude(JsonInclude.Include.NON_NULL)
private Account account;
@Column(name = "userName")
private String userName;
@Column(name = "emailAddress")
private String emailAddress;
@Column(name = "password")
private String password;
@Column(name = "enabled")
@ColumnDefault(value = "1")
private Integer enabled;
@Column(name = "lastLogin")
private Long lastLogin;
@OneToMany(
mappedBy = "user",
cascade = CascadeType.ALL,
orphanRemoval = true
)
private Set<UserGroupUser> userGroups = new HashSet<>();
public User() {
}
public User (String userId, String accountId, String userName, String emailAddress, String password, Integer enabled, Long lastLogin) {
this.userId = userId;
this.account = new Account(accountId);
this.userName = userName;
this.emailAddress = emailAddress;
this.password = password;
this.enabled = enabled;
this.lastLogin = lastLogin;
}
public User(String userId, Account account, String userName, String emailAddress, String password, Integer enabled, Long lastLogin) {
this.userId = userId;
this.account = account;
this.userName = userName;
this.emailAddress = emailAddress;
this.password = password;
this.enabled = enabled;
this.lastLogin = lastLogin;
}
public User(String userName, String password) {
this.userName = userName;
this.password = password;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public Account getAccount() { return account; }
public void setAccount(Account account) { this.account = account; }
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getEmailAddress() {
return emailAddress;
}
public void setEmailAddress(String emailAddress) {
this.emailAddress = emailAddress;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<>();
// Extract list of permissions (name)
this.getPermissionList().forEach(p -> {
GrantedAuthority authority = new SimpleGrantedAuthority(p);
authorities.add(authority);
});
// Extract list of roles (ROLE_name)
this.getRoleList().forEach(r -> {
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" + r);
authorities.add(authority);
});
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return userName;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return this.getEnabled() == 1;
}
public void setPassword(String password) {
this.password = password;
}
public Integer getEnabled() {
return enabled;
}
public void setEnabled(Integer enabled) {
this.enabled = enabled;
}
public Long getLastLogin() {
return lastLogin;
}
public void setLastLogin(Long lastLogin) {
this.lastLogin = lastLogin;
}
public Set<UserGroupUser> getUserGroups() {
return userGroups;
}
public void setUserGroups(Set<UserGroupUser> userGroupUser) {
this.userGroups = userGroupUser;
}
public List<String> getRoleList(){
List<String> userRoleList = new ArrayList<>();
if (!userGroups.isEmpty()) {
for (UserGroupUser usu : userGroups) {
if (usu.getUserAdmin() == 1)
userRoleList.add("ADMIN");
else
userRoleList.add("GUEST");
}
return userRoleList;
} else {
return new ArrayList<>();
}
}
public List<String> getPermissionList(){
List<String> userPermissionsList = new ArrayList<>();
if (!userGroups.isEmpty()) {
for (UserGroupUser usu : userGroups) {
if (usu.getUserAdmin() == 1) {
userPermissionsList.add("PERM_CREATE_ACCOUNT");
userPermissionsList.add("PERM_READ_ACCOUNT");
userPermissionsList.add("PERM_READ_ALL_ACCOUNTS");
userPermissionsList.add("PERM_UPDATE_ACCOUNT");
userPermissionsList.add("PERM_DELETE_ACCOUNT");
userPermissionsList.add("PERM_CREATE_USER");
userPermissionsList.add("PERM_READ_USER");
userPermissionsList.add("PERM_READ_ALL_USERS");
userPermissionsList.add("PERM_UPDATE_USER");
} else {
userPermissionsList.add("PERM_READ_ALL_USERS");
}
}
return userPermissionsList;
} else {
return new ArrayList<>();
}
}
}
UserGroupUser.class
@Entity(name="UserGroupUser")
@Table
public class UserGroupUser implements Serializable {
@EmbeddedId
private UserGroupUserId userGroupUserId = new UserGroupUserId();
@ManyToOne(fetch = FetchType.EAGER)
@MapsId("userGroupId")
@JoinColumn(name = "userGroupId", nullable = false, columnDefinition = "varchar(36)")
private UserGroup userGroup;
@ManyToOne(fetch = FetchType.EAGER)
@MapsId("userId")
@JoinColumn(name = "userId", nullable = false, columnDefinition = "varchar(36)")
private User user;
@Column(name = "userAdmin")
@ColumnDefault(value = "0")
private Integer userAdmin;
public UserGroupUser() {
}
public UserGroupUser(UserGroupUserId userGroupUserId) {
this.userGroupUserId = userGroupUserId;
}
public UserGroupUser(String userId, String userGroupId) {
this.userGroupUserId = new UserGroupUserId(userId, userGroupId);
}
public UserGroupUser(String userId, String userGroupId, Integer userAdmin) {
this.userGroupUserId = new UserGroupUserId(userId, userGroupId);
this.userAdmin = userAdmin;
}
public UserGroupUser(UserGroupUserId userGroupUserId, Integer userAdmin) {
super();
this.userGroupUserId= userGroupUserId;
this.userAdmin = userAdmin;
}
public UserGroupUser(UserGroupUserId userGroupUserId, UserGroup userGroup, User user, Integer userAdmin) {
this.userGroupUserId = userGroupUserId;
this.userGroup = userGroup;
this.user = user;
this.userAdmin = userAdmin;
}
public UserGroupUserId getUserGroupUserId() {
return userGroupUserId;
}
public void setUserGroupUserId(UserGroupUserId userGroupUserId) {
this.userGroupUserId = userGroupUserId;
}
public UserGroup getUserGroup() {
return userGroup;
}
public void setUserGroup(UserGroup userGroup) {
this.userGroup = userGroup;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public Integer getUserAdmin() {
return userAdmin;
}
public void setUserAdmin(Integer userAdmin) {
this.userAdmin = userAdmin;
}
}
UserGroupUserId.class (N:M table with UserGroup)
@Embeddable
public class UserGroupUserId implements Serializable {
@Column(name = "userId")
private String userId;
@Column(name = "userGroupId")
private String userGroupId;
public UserGroupUserId() {
}
public UserGroupUserId(String userId, String userGroupId) {
this.userId = userId;
this.userGroupId = userGroupId;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getUserGroupId() {
return userGroupId;
}
public void setUserGroupId(String userGroupId) {
this.userGroupId = userGroupId;
}
}
JwtRequestFilter.class
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
@Autowired
private UserService jwtUserDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain)
throws ServletException, IOException {
final String requestTokenHeader = request.getHeader("Authorization");
String username = null;
String jwtToken = null;
// JWT Token is in the form "Bearer token". Remove Bearer word and get only the Token
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
} else {
logger.warn("JWT Token does not begin with Bearer String");
}
//Once we get the token validate it.
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
// if token is valid configure Spring Security to manually set authentication
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// After setting the Authentication in the context, we specify
// that the current user is authenticated. So it passes the Spring Security Configurations successfully.
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
try {
chain.doFilter(request, response);
} catch (Exception e) {
e.printStackTrace();
}
}
}
JwtAuthenticationEntryPoint.class
@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint, Serializable {
private static final long serialVersionUID = -7858869558953243875L;
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
try {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
} catch (Exception e) {
e.printStackTrace();
}
}
}
JwtTokenUtil.class
@Component
public class JwtTokenUtil implements Serializable {
private static final long serialVersionUID = -2550185165626007488L;
public static final long JWT_TOKEN_VALIDITY = 5*60*60*60;
@Value("${jwt.secret}")
private String secret;
public String getUsernameFromToken(String token) {
return getClaimFromToken(token, Claims::getSubject);
}
public Date getIssuedAtDateFromToken(String token) {
return getClaimFromToken(token, Claims::getIssuedAt);
}
public Date getExpirationDateFromToken(String token) {
return getClaimFromToken(token, Claims::getExpiration);
}
public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
final Claims claims = getAllClaimsFromToken(token);
return claimsResolver.apply(claims);
}
private Claims getAllClaimsFromToken(String token) {
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
}
private Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
}
private Boolean ignoreTokenExpiration(String token) {
// here you specify tokens, for that the expiration is ignored
return false;
}
public String generateToken(UserDetails userDetails) {
Map<String, Object> claims = new HashMap<>();
return doGenerateToken(claims, userDetails.getUsername(), userDetails.getAuthorities());
}
private String doGenerateToken(Map<String, Object> claims, String subject, Collection<? extends GrantedAuthority> authorities) {
return Jwts.builder().setClaims(claims)
.setSubject(subject)
.claim("authorities", authorities)
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY*1000))
.signWith(SignatureAlgorithm.HS256, secret)
.compact();
}
public Boolean canTokenBeRefreshed(String token) {
return (!isTokenExpired(token) || ignoreTokenExpiration(token));
}
public Boolean validateToken(String token, UserDetails userDetails) {
final String username = getUsernameFromToken(token);
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
}
}
SecurityConfiguration.class
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
private UserService jwtUserDetailsService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// configure AuthenticationManager so that it knows from where to load
// user for matching credentials
// Use BCryptPasswordEncoder
auth.userDetailsService(jwtUserDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// We don't need CSRF for this example
httpSecurity.csrf().disable()
// dont authenticate this particular request
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/authenticate", "/register").permitAll()
.antMatchers( "/api/v1/usermanage/**").hasRole("GUEST")
.antMatchers( "/api/v1/accountmanage/**").hasRole("ADMIN")
.antMatchers("/api/v1/usermanage/**").hasRole("ADMIN")
// all other requests need to be authenticated
.anyRequest().authenticated()
.and()
// make sure we use stateless session; session won't be used to
// store user's state.
.exceptionHandling()
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Add a filter to validate the tokens with every request
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(this.jwtUserDetailsService);
return daoAuthenticationProvider;
}
}
UserController.class
@RestController
@RequestMapping("/api/v1/usermanage")
public class UserController {
@Autowired
private UserService userService;
@PreAuthorize("hasRole('ROLE_GUEST') OR hasRole('ROLE_ADMIN')")
@GetMapping("/users")
public List<User> getAllUsers() {
return userService.findAllUsers();
}
}
UserService.class
@Service
public class UserService implements IUserService, UserDetailsService {
@Autowired
private UserRepository userRepository;
@Autowired
private AccountRepository accountRepository;
@Autowired
private PasswordEncoder bcryptEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUserName(username);
if (user == null) {
throw new UsernameNotFoundException("User not found with username: " + username);
}
return new org.springframework.security.core.userdetails.User(user.getUsername(),
user.getPassword(), user.getAuthorities());
}
@Override
public List<User> findAllUsers() {
return (List<User>) userRepository.findAll();
}
}
Reference JWT+MySQL+Spring Security: https://www.techgeeknext.com/spring/spring-boot-security-token-authentication-jwt-mysql
Get inspired by this question: Spring MVC Role and Permission to Admin
Thanks in advance! :)
