Аутентификация и авторизация в Spring Security через бд postgresql
Прошу помощи в понимании ошибки, связанной с авторизацией.
Есть класс WebSecurityConfig
package kotiki.controllers.configuration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import javax.sql.DataSource;
@EnableWebSecurity(debug = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery("SELECT login AS username, password, 'true' AS enabled FROM users WHERE login=?")
.authoritiesByUsernameQuery(
"SELECT login AS username, name AS role " +
"FROM user_roles " +
"JOIN users " +
"ON users.id = user_id " +
"JOIN roles " +
"ON roles.id = role_id " +
"WHERE login=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().disable()
.csrf().disable()
.authorizeRequests()
.antMatchers("/user/**").permitAll()
.antMatchers("/**").hasAnyRole("USER", "ADMIN", "ROLE_USER", "ROLE_ADMIN")
.and()
.httpBasic()
.and()
.formLogin().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
Класс User
package kotiki.dao.entities;
import javax.persistence.*;
import java.util.Set;
@Entity
@Table(name = "users")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private int id;
@Column(name = "login")
private String login;
@Column(name = "password")
private String password;
@ManyToMany
@JoinTable(
name = "user_roles",
joinColumns = @JoinColumn(name = "user_id"),
inverseJoinColumns = @JoinColumn(name = "role_id")
)
private Set<Role> roles;
// @ManyToMany
// @JoinTable(
// name = "user_roles",
// joinColumns = @JoinColumn(name = "user_id"))
// private Set<Role> roles;
public User() {}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
}
Класс Role
package kotiki.dao.entities;
import javax.persistence.*;
import java.util.Set;
@Entity
@Table(name = "roles")
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private int id;
@Column(name = "name")
private String name;
@ManyToMany(mappedBy = "roles")
private Set<User> users;
public Role() {}
public int getId() { return id; }
public void setId(int id) { this.id = id; }
public String getName() { return name; }
public void setName(String name) { this.name = name; }
public Set<User> getUsers() { return users; }
public void setUsers(Set<User> users) { this.users = users; }
@Override
public String toString() {
System.out.println(users);
return "Role{" +
"id=" + id +
", name='" + name + '\'' +
", users=" + users +
'}';
}
}
Таблица users
Таблица user_roles
Таблица roles
При авторизации через postman всегда выдаёт ошибку 403, за исключением обращения по адресу /user/**
Не могу понять в чём может быть дело.
Очень надеюсь на помощь!