Cześć,
mam problem z rejestracją użytkownika w springu. Można to zrobić dopiero po zalogowaniu użytkownika, w innym przypadku dostaję 401 Unauthorized.
UserController - rejestruję po wejściu localhost:8080/users przy użyciu POST:
@AllArgsConstructor
@CorsRestController
@RequestMapping("/users")
@Slf4j
public class UserController {
UserRepository userRepository;
PasswordEncoder passwordEncoder;
@PostMapping()
@ResponseStatus(value = HttpStatus.CREATED)
public void createUser(@Valid @RequestBody UserDTO userDTO) throws UserFoundException {
AppUser appUser = userRepository.findUserByEmail(userDTO.getEmail());
if(appUser != null) {
throw new UserFoundException();
}
AppUser user = AppUser.builder()
.firstName(userDTO.getFirstName())
.lastName(userDTO.getLastName())
.email(userDTO.getEmail())
.password(passwordEncoder.encode(userDTO.getPassword()))
.roles(Arrays.asList("USER"))
.id(UUID.randomUUID().toString()).build();
userRepository.save(user);
}
@GetMapping()
public AppUser getUser() {
UserDetails userDetails =
(UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); //getting user from session
userDetails.getUsername();
return userRepository.findUserByEmail(userDetails.getUsername());
}
@ExceptionHandler
@ResponseStatus(HttpStatus.BAD_REQUEST)
public void exceptionHandler(UserFoundException userFoundException) {
log.info("brak uzytkownika");
}
}
SpringSecurityConfig:
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers(HttpMethod.POST, "/users/**").hasRole("USER")
.antMatchers(HttpMethod.GET, "/users/**").hasRole("USER")
.antMatchers(HttpMethod.PUT, "/users/**").hasRole("USER")
//.anyRequest().authenticated()
.and()
.formLogin().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
Ma ktoś może jakiś pomysł co tu poprawić, żeby działało jak powinno?