Victor Posts - Answer Overflow

Victor

•Created by Victor on 2/10/2025 in #java-help

Best entity relationship approach

Im storing transactions in my application that consist of a sender and a receiver, this is my entity class for it:

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    private User sender;
    private User receiver;
    private Item item;
    private LocalDateTime createdAt;

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    private User sender;
    private User receiver;
    private Item item;
    private LocalDateTime createdAt;

what would be the best approach for the relationship here? create a oneToMany relationship with both sender and receiver? Or just store the IDs for sender and receiver instead of the User object?

11 replies

JCHJava Community | Help. Code. Learn.

•Created by Victor on 2/7/2025 in #java-help

Spring security returning 401 with requestmatchers permitAll

When i try registering a new user it only works if i pass credentials of an user that is already registered through basic auth. If i try passing a register user request without auth it returns 401. security config:

@Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(
                auth -> auth.requestMatchers(HttpMethod.POST, "/api/v1/register").permitAll()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults())
                .oauth2ResourceServer(
                        conf -> conf.jwt(Customizer.withDefaults()));
        return http.build();
    }

@Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(
                auth -> auth.requestMatchers(HttpMethod.POST, "/api/v1/register").permitAll()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults())
                .oauth2ResourceServer(
                        conf -> conf.jwt(Customizer.withDefaults()));
        return http.build();
    }

134 replies

JCHJava Community | Help. Code. Learn.

•Created by Victor on 2/7/2025 in #java-help

Spring security: get user from implementation of UserDetails from Authorization

Im trying to extract the user of a request through the Authorization object. this is my implementation of UserDetails:

public class UserPrincipal implements UserDetails {

    private final User user;

    public UserPrincipal(User user) {
        this.user = user;
    }

    public User getUser() {
        return user;
    }

//ommited overridden methods

public class UserPrincipal implements UserDetails {

    private final User user;

    public UserPrincipal(User user) {
        this.user = user;
    }

    public User getUser() {
        return user;
    }

//ommited overridden methods

i tried getting the user by downcasting to my implementation and then getting the user but im getting an error that class org.springframework.security.oauth2.jwt.Jwt cannot be cast to class UserPrincipal.

public class ItemMapper {

    UserPrincipal userPrincipal;

    public Item toItem(ItemRequest itemRequest, Authentication authentication) {

        userPrincipal = (UserPrincipal) authentication.getPrincipal();

        return new Item(itemRequest.name(), itemRequest.brand(), itemRequest.condition(),
                itemRequest.price(), itemRequest.size(), userPrincipal.getUser());
    }

}

public class ItemMapper {

    UserPrincipal userPrincipal;

    public Item toItem(ItemRequest itemRequest, Authentication authentication) {

        userPrincipal = (UserPrincipal) authentication.getPrincipal();

        return new Item(itemRequest.name(), itemRequest.brand(), itemRequest.condition(),
                itemRequest.price(), itemRequest.size(), userPrincipal.getUser());
    }

}

Am i misunderstading something about the authentication.getPrincipal()? what would be the best way to get the user from the authentication?

4 replies

JCHJava Community | Help. Code. Learn.

•Created by Victor on 2/2/2025 in #java-help

Spring security: Authentication object null on authentication post request

Can anyone help me understand why the user passed on the authentication request is not being passed to the authentication object? Thank you. Security config:

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    @Value("${jwt.public.key}")
    private RSAPublicKey publicKey;
    @Value("${jwt.private.key}")
    private RSAPrivateKey privateKey;
    private final UserDetailsServiceImpl userDetailsService;
    public SecurityConfig(UserDetailsServiceImpl userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(
                auth -> auth.requestMatchers(HttpMethod.POST, "/authenticate").permitAll()
                        .requestMatchers(HttpMethod.POST, "/register").permitAll()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults())
                .oauth2ResourceServer(
                        conf -> conf.jwt(Customizer.withDefaults()));
        return http.build();
    }
    @Bean
    JwtDecoder jwtDecoder() {
        return NimbusJwtDecoder.withPublicKey(publicKey).build();
    }
    @Bean
    JwtEncoder jwtEncoder() {
        var jwk = new RSAKey.Builder(this.publicKey).privateKey(privateKey).build();
        var jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
        return new NimbusJwtEncoder(jwks);
    }
    @Bean
    BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setPasswordEncoder(passwordEncoder());
        provider.setUserDetailsService(userDetailsService);
        return provider;
    }
}

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

    @Value("${jwt.public.key}")
    private RSAPublicKey publicKey;
    @Value("${jwt.private.key}")
    private RSAPrivateKey privateKey;
    private final UserDetailsServiceImpl userDetailsService;
    public SecurityConfig(UserDetailsServiceImpl userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(
                auth -> auth.requestMatchers(HttpMethod.POST, "/authenticate").permitAll()
                        .requestMatchers(HttpMethod.POST, "/register").permitAll()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults())
                .oauth2ResourceServer(
                        conf -> conf.jwt(Customizer.withDefaults()));
        return http.build();
    }
    @Bean
    JwtDecoder jwtDecoder() {
        return NimbusJwtDecoder.withPublicKey(publicKey).build();
    }
    @Bean
    JwtEncoder jwtEncoder() {
        var jwk = new RSAKey.Builder(this.publicKey).privateKey(privateKey).build();
        var jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
        return new NimbusJwtEncoder(jwks);
    }
    @Bean
    BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setPasswordEncoder(passwordEncoder());
        provider.setUserDetailsService(userDetailsService);
        return provider;
    }
}

14 replies

JCHJava Community | Help. Code. Learn.

•Created by Victor on 1/2/2025 in #java-help

Spring security failing to convert String to RSA keys

getting the following error: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through field 'privateKey': Failed to convert value of type 'java.lang.String' to required type 'java.security.interfaces.RSAPrivateKey'; Failed to convert from type [java.lang.String] to type [@org.springframework.beans.factory.annotation.Value java.security.interfaces.RSAPrivateKey] for value [${jwt.private.key] not sure what to do and havent been able to find much on this, anyone have any idea? thanks

61 replies

JCHJava Community | Help. Code. Learn.

•Created by Victor on 12/7/2024 in #java-help

Best Design Approach

So im making an API for a marketplace and i have different kinds of listings (footwear, clothes and accessories) where the enum attributes "subcategory" and "size" would change based on what kind of listing it is, what would be the best design approach for creating these listings? inheritance? factory? Thanks

6 replies

JCHJava Community | Help. Code. Learn.

•Created by Victor on 7/23/2024 in #java-help

SPRING: validation returning error 500 instead of 400

Why does the validation return an internal server error instead of a bad request when the request does not pass validation? I've seen some videos about validation and in the examples it returned a bad request but in my application its returning error 500, here is my model class

@Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    //@Column(nullable = false, unique = true)
    @NotBlank
    private String username;
    @Column(nullable = false, unique = true)
    private String email;

@Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    //@Column(nullable = false, unique = true)
    @NotBlank
    private String username;
    @Column(nullable = false, unique = true)
    private String email;

the post method

@PostMapping
    public ResponseEntity<UserModel> postUser(@Valid
                                              @RequestBody UserDTO userDTO) {

        var user = new UserModel();
        BeanUtils.copyProperties(userDTO, user);
        return ResponseEntity.status(HttpStatus.CREATED).body(userService.save(user));

    }

@PostMapping
    public ResponseEntity<UserModel> postUser(@Valid
                                              @RequestBody UserDTO userDTO) {

        var user = new UserModel();
        BeanUtils.copyProperties(userDTO, user);
        return ResponseEntity.status(HttpStatus.CREATED).body(userService.save(user));

    }

and this is the error when i send a request with a blank username: jakarta.validation.ConstraintViolationException: Validation failed for classes [com.vss.wardrober.models.UserModel] during persist time for groups [jakarta.validation.groups.Default, ] List of constraint violations:[ ConstraintViolationImpl{interpolatedMessage='must not be blank', propertyPath=username, rootBeanClass=class com.vss.wardrober.models.UserModel, messageTemplate='{jakarta.validation.constraints.NotBlank.message}'} ]

7 replies

Gaming

Programming