JWT with Spring Boot and Mysql, getting an error "status": 401, "error": "Unauthorized", while giving an access roles
Question
protected void configure(HttpSecurity http) throws Exception{ http.csrf().disable().cors().disable().authorizeRequests()
.antMatchers("/**","/user/**","/document/**","/appointment/**","/activity/**").hasAuthority(UserRole.ADMIN.name()) .antMatchers("/user/","/document/**","/appointment/**","/activity/**").hasAuthority(UserRole.ADMIN.name()) .antMatchers("/user/**","/activity/**","/appointment/","/document/","/appointment/**","/document/**").hasAuthority((UserRole.SUPPORTEXECUTIVE.name())) .antMatchers("/user/**","/activity/**","/appointment/","/document/","/appointment/**").hasAuthority((UserRole.FIELDEXECUTIVE.name()))
.and().exceptionHandling().authenticationEntryPoint(invaildUserAuthEntryPoint).and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore(securityFilter,UsernamePasswordAuthenticationFilter.class);
protected void doFilterInternal(HttpServletRequest request,HttpServletResponse response, FilterChain filterChain) throws
ServletException, IOException
{
String token = request.getHeader("Authorization");
if(token != null)
{
String username = util.getUsername(token);
if(username != null && SecurityContextHolder.getContext().getAuthentication() == null)
{
UserDetails usr = userDetailsService.loadUserByUsername(username);
System.out.println(usr);
boolean isValid = util.validateToken(token, usr.getUsername());
if(isValid)
{
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username,usr.getPassword(),usr.getAuthorities());
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
}
}
}
filterChain.doFilter(request, response);
}
}
public ResponseEntity<UserResponse> loginUser(@RequestBody UserRequest request) throws Exception
{
try
{
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(request.getUserEmail(),request.getPassword()));
String token = utill.genrateToken(request.getUserEmail());
System.out.println("Token :" +token);
return ResponseEntity.ok(new UserResponse(token));
}
catch (DisabledException e)
{
throw new Exception("USER_DISABLED", e);
}
catch (BadCredentialsException e)
{
throw new Exception("INVALID_CREDENTIALS", e);
}
}
When given the access for.antmatchers.permitALL() the token is generated and given access with generated token only, but after applying.hasAuthority(Role) we get unauthorized user error.
{
"timestamp": "2022-12-13T11:51:52.606+00:00",
"status": 401,
"error": "Unauthorized",
}
Expecting Token generation with hasAuthority() and access the roles for particular user.
1 answers
solution1
0 2022-12-13 13:11:20
Generally, 401 occurs when you provide the wrong credentials.
if credentials are proper then it seems like you are missing the authority column in your users table, everything else looks fine. Maybe this link will help you JWT-based authorization
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Spring Boot JWT Roles and getting 401 Unauthorized
Error 401 Unauthorized in spring boot / spring security
Getting 401 Unauthorized in Spring security JWT
status=401, error=Unauthorized, message=Full authentication is required to access this resource in Spring Framework when trying to receive a token
how can i fix “Error 401 Unauthorized” on Spring Boot
Spring Boot Microservices - Rest Template 401 Unauthorized error
HTTP 401 Unauthorized error occurs in Spring Boot test
401 Unauthorized Error in Spring Security
Getting 401 unauthorized error in retrofit?
How can I upload an excel file with Spring Boot and Postman to a MySQL Database? - Status: 401 Unauthorized
Related Tags