Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR 403 ON AUTHENTICATION #12

Open
troemmanuel opened this issue Feb 12, 2023 · 12 comments · May be fixed by #27
Open

ERROR 403 ON AUTHENTICATION #12

troemmanuel opened this issue Feb 12, 2023 · 12 comments · May be fixed by #27

Comments

@troemmanuel
Copy link

I have a forbidden ressource error when I try to authenticate.
But registration work properly.

Need help plz.
@RaCode75
Copy link

RaCode75 commented Feb 12, 2023 via email

@troemmanuel
Copy link
Author

I fix my problem.
The account was blocked.

@eleazardasilva
Copy link

Hi, I have the same problem. 403 on authentication.
What do you mean with "account was blocked"?

@eleazardasilva
Copy link

Ok, figured it out. UserDetails overriden methods where setting the account indicators to false.

@troemmanuel
Copy link
Author

troemmanuel commented Feb 15, 2023
edited

Ok, figured it out. UserDetails overriden methods where setting the account indicators to false.

Yes That's.
Happy Coding !

@HARSHA95336
Copy link

even i also have same problem registerrequest is working fine but authentication is not working could anyone please help me out

@HARSHA95336
Copy link

Ok, figured it out. UserDetails overriden methods where setting the account indicators to false.

Yes That's. Happy Coding !

i have the same issue plz help me out where i need to make changes in the code

@HARSHA95336
Copy link

Hi, I have the same problem. I have athentication but when try to acces to the bd return 403 error. El dom, 12 de feb. de 2023 15:12, TRO KOPE EMMANUEL JUNIOR < @.> escribió:

I have a forbidden ressource error when I try to authenticate. But registration work properly. Need help plz. — Reply to this email directly, view it on GitHub <#12>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AU4KTQNAMEFJG4UFNXE2IITWXERXDANCNFSM6AAAAAAUZPDKRM . You are receiving this because you are subscribed to this thread.Message ID: @.>

bro whether your issue resolved?

@jemmalmohamed
Copy link

i have the same issue plz help me out where i need to make changes in the code

@wilferraciolli
Copy link

I have an issue where everythinf is returning a 403

@nekitbr nekitbr linked a pull request Apr 27, 2023 that will close this issue
Open
@ertbil
Copy link

ertbil commented May 25, 2023

I got 403 problems too, but my problem's difference is 403 on "http://localhost:7001/api/v1/auth/register" but another controller link "http://localhost:7001/api/v1/places" succeed

My Security Config
`
package com.example.treavelAppback.config;
import com.example.treavelAppback.consts.strings.Paths;
import com.example.treavelAppback.filters.JWTAuthFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@configuration
@EnableWebSecurity
@requiredargsconstructor
public class SecurityConfig {

private final JWTAuthFilter jwtAuthFilter;
private final AuthenticationProvider authenticationProvider;


@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.csrf()
            .disable()
            .authorizeHttpRequests()
            .requestMatchers(
                    Paths.whiteListedRoutes

            )
            .permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authenticationProvider(authenticationProvider)
            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);

    return http.build();
}

}
`

My JWT Authfilter
`
package com.example.treavelAppback.filters;
import com.example.treavelAppback.consts.strings.ErrorInfo;
import com.example.treavelAppback.consts.strings.Paths;
import com.example.treavelAppback.service.JWTService;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import lombok.NonNull;
import lombok.RequiredArgsConstructor;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;
import java.util.Arrays;

@component
@requiredargsconstructor
public class JWTAuthFilter extends OncePerRequestFilter {

private final JWTService jwtService;
private final UserDetailsService userDetailsService;

@Override
protected void doFilterInternal(@NonNull HttpServletRequest request,
                                @NonNull HttpServletResponse response,
                                @NonNull FilterChain filterChain
) throws ServletException, IOException {


    final String authHeader = request.getHeader("Authorization");
    final String jwt;
    final String username;

    if (Arrays.asList(Paths.whiteListedRoutes).contains(request.getServletPath()) ||
            authHeader == null ||
            !authHeader.startsWith("Bearer ")) {

        filterChain.doFilter(request, response);
        return;
    }
    jwt = authHeader.substring(7);
    username = jwtService.extractUsername(jwt);

    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
        UserDetails user = this.userDetailsService.loadUserByUsername(username);
        if (jwtService.isTokenValid(jwt, user)) {
            UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
                    user,
                    null
                    , user.getAuthorities()
            );

            authToken.setDetails(
                    new WebAuthenticationDetailsSource().buildDetails(request)
            );

            SecurityContextHolder.getContext().setAuthentication(authToken);
        } else {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, ErrorInfo.inValidToken + " " + username);

        }
    } else {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, ErrorInfo.inValidToken + " " + username);
    }

    filterChain.doFilter(request, response);

}

}

`

@jekoyjake
Copy link

jekoyjake commented Sep 16, 2023
edited

if you are having this issue. dont forget the @NoArgsConstructor and @Allaargsconstructor of user model. my issue solved. or you may use try and catch in athenticate im auth service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor guest routes nekitbr/spring-boot-3-jwt-security
9 participants
@wilferraciolli @jemmalmohamed @jekoyjake @troemmanuel @HARSHA95336 @ertbil @RaCode75 @eleazardasilva and others