-
-
Save yigiterinc/5aed60bcf1c53b34ed6b6e887158bbc0 to your computer and use it in GitHub Desktop.
| @EnableWebSecurity | |
| public class WebSecurity extends WebSecurityConfigurerAdapter { | |
| private UserDetailsServiceImpl userDetailsService; | |
| private BCryptPasswordEncoder bCryptPasswordEncoder; | |
| public WebSecurity(UserDetailsServiceImpl userService, BCryptPasswordEncoder bCryptPasswordEncoder) { | |
| this.userDetailsService = userService; | |
| this.bCryptPasswordEncoder = bCryptPasswordEncoder; | |
| } | |
| @Override | |
| protected void configure(HttpSecurity http) throws Exception { | |
| http.cors().and().authorizeRequests() | |
| .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll() | |
| .anyRequest().authenticated() | |
| .and() | |
| .addFilter(new JWTAuthenticationFilter(authenticationManager())) | |
| .addFilter(new JWTAuthorizationFilter(authenticationManager())) | |
| // this disables session creation on Spring Security | |
| .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); | |
| } | |
| @Override | |
| public void configure(AuthenticationManagerBuilder auth) throws Exception { | |
| auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder); | |
| } | |
| @Bean | |
| CorsConfigurationSource corsConfigurationSource() { | |
| final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); | |
| CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues(); | |
| source.registerCorsConfiguration("/**", corsConfiguration); | |
| return source; | |
| } | |
| } |
this line over here is useless .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll() because your doing a get request and not a post request.
this line over here is useless .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll() because your doing a get request and not a post request.
Sign up URL is supposed to be the URL of your sign up controller. Creating a user is definitely a POST request.
If you want to send a GET request to register someone, good luck with your life ;)
this line over here is useless .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll() because your doing a get request and not a post request.
Sign up URL is supposed to be the URL of your sign up controller. Creating a user is definitely a POST request.
If you want to send a GET request to register someone, good luck with your life ;)
Signup should be POST because your sending passwords, email,... and you don't want to put that in the get params but in the post body
this line over here is useless .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll() because your doing a get request and not a post request.
Sign up URL is supposed to be the URL of your sign up controller. Creating a user is definitely a POST request.
If you want to send a GET request to register someone, good luck with your life ;)Signup should be POST because your sending passwords, email,... and you don't want to put that in the get params but in the post body
Yes, I am offering the same thing :)
where is the implementation of UserDetailsServiceImpl class?
Did I miss something in the article?
I also don't see it. Can anyone help with that?
the WebSecurityConfigurerAdapter class is decrypted how to do it now in Ben format.
where is the implementation of UserDetailsServiceImpl class?
Did I miss something in the article?