Why my login not working? Spring security

0
votes

I am learning Spring MVC and trying to implement spring security in my application. I have created custom login and trying to login using custom login form. While I am running application Login page is appearing properly but after entering the username and password it's not working. Submitting login form is calling the same login page, but with error in URL.

My UserDetailsService:

@Service
public class CustomUserDetailsService implements UserDetailsService {
    @Autowired
    private UserService userService;

    @Transactional
    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
        User user = userService.getUserByEmail(email);
        if (user != null) {
            List<GrantedAuthority> authorities = getUserAuthority(user.getRoles());
            return buildUserForAuthentication(user, authorities);
        } else {
            throw new UsernameNotFoundException("user with email " + email + " does not exist.");
        }
    }

    private List<GrantedAuthority> getUserAuthority(Set<Role> userRoles) {
        Set<GrantedAuthority> roles = new HashSet<>();
        userRoles.forEach((role) -> {
            roles.add(new SimpleGrantedAuthority(role.getName()));
        });
        return new ArrayList<GrantedAuthority>(roles);
    }

    private UserDetails buildUserForAuthentication(User user, List<GrantedAuthority> authorities) {
        return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), authorities);
    }
}



WebSecurityConfig

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Qualifier("customUserDetailsService")
    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/profile").authenticated()
                .anyRequest().permitAll()
                .and()
                .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/", true)
                .permitAll()
                .and()
                .httpBasic()
                .and()
                .csrf().disable()
                .logout()
                .logoutSuccessUrl("/");
    }
}



User class:

@Entity
@Table(name = "users")
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    private String email;
    private String password;
    private String firstName;
    private String lastName;
    private String joinedDate;
    @Embedded
    @AttributeOverrides({
            @AttributeOverride( name = "country", column = @Column(name = "country")),
            @AttributeOverride( name = "city", column = @Column(name = "city")),
            @AttributeOverride( name = "zipCode", column = @Column(name = "zip_code")),
            @AttributeOverride( name = "street", column = @Column(name = "street")),
            @AttributeOverride( name = "homeNumber", column = @Column(name = "home_number"))
    })
    private Address address;
    private String phoneNumber;
    @ManyToMany
    private Set<Role> roles = new HashSet<Role>();

GETTERS AND SETTERS

UserService:

@Service
@Transactional
public class UserServiceImpl implements UserService {
    @Autowired
    private UserRepository userRepository;
    @Autowired
    private PasswordEncoder bCryptPasswordEncoder;
    @Autowired
    private RoleRepository roleRepository;

    @Override
    public User getUserByEmail(String email) {
        return userRepository.findByEmail(email);
    }

    @Override
    public User addUser(UserRegistrationDto user) throws EmailExistsException {
        if (checkEmailExists(user.getEmail())) {
            throw new EmailExistsException("There is an account with that email adress: " + user.getEmail());
        } else {
            User userObject = new User();
            userObject.setEmail(user.getEmail());
            userObject.setPassword(bCryptPasswordEncoder.encode(user.getPassword()));
            userObject.setFirstName(user.getFirstName());
            userObject.setLastName(user.getLastName());
            userObject.setPhoneNumber(user.getPhoneNumber());
            userObject.setAddress(user.getAddress());
            userObject.setJoinedDate(DateUtils.todayStr());
            userObject.setRoles(new HashSet<>(roleRepository.findAll()));
            userRepository.save(userObject);
            return userObject;
        }
    }

    @Override
    public void updateUser(String email, User userUpdate) {
        User toUpdate = userRepository.findByEmail(email);
        if(toUpdate.getEmail().equals(userUpdate.getEmail())){
            userRepository.save(userUpdate);
        }
    }

    private boolean checkEmailExists(String email) {
        User user = null;
        user = userRepository.findByEmail(email);

        if (user != null) {
            return true;
        } else {
            return false;
        }
    }
}



After entering the data in the form, a database query appears. UserDetailsService also does not throw an error that the user was not found. So what could the error be in?

1
javaspringspring-bootspring-mvcspring-security

1 Answers

0
votes

On the first sight, shouldn't you inject UserServiceDAO instead of UserService in 'CustomUserDetailsService' class?