Suika Comments - Answer Overflow

@Service
public class AppUserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
    private final DefaultOAuth2UserService defaultService = new DefaultOAuth2UserService();

    Logger log = LoggerFactory.getLogger(AppUserService.class);

    @Override
    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
        OAuth2User originalUser = defaultService.loadUser(userRequest);
        Set<GrantedAuthority> authorities = new HashSet<>(originalUser.getAuthorities());

        if(originalUser.getAttribute("id").toString().equals("11550140")) {
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            log.info("User: " + originalUser.getAttributes().get("login") + " logged in with role ROLE_ADMIN");
        } else {
            authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
            log.info("User: " + originalUser.getAttributes().get("login") + " logged in with role ROLE_USER");
        }

        return new DefaultOAuth2User(authorities, originalUser.getAttributes(), "id");
    }
}

@Service
public class AppUserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
    private final DefaultOAuth2UserService defaultService = new DefaultOAuth2UserService();

    Logger log = LoggerFactory.getLogger(AppUserService.class);

    @Override
    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
        OAuth2User originalUser = defaultService.loadUser(userRequest);
        Set<GrantedAuthority> authorities = new HashSet<>(originalUser.getAuthorities());

        if(originalUser.getAttribute("id").toString().equals("11550140")) {
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            log.info("User: " + originalUser.getAttributes().get("login") + " logged in with role ROLE_ADMIN");
        } else {
            authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
            log.info("User: " + originalUser.getAttributes().get("login") + " logged in with role ROLE_USER");
        }

        return new DefaultOAuth2User(authorities, originalUser.getAttributes(), "id");
    }
}

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authz -> authz
                        .requestMatchers("/styles/**", "/js/**").permitAll()
                        .anyRequest().authenticated()
                )
                .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
                .oauth2Login(oauth2 -> oauth2
                        .userInfoEndpoint(
                                info -> info.userService(new AppUserService())
                        )
                        .loginPage("/oauth2/authorization/github")
                        .defaultSuccessUrl("/dashboard", true))


        ;

        return http.build();
    }

}

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authz -> authz
                        .requestMatchers("/styles/**", "/js/**").permitAll()
                        .anyRequest().authenticated()
                )
                .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
                .oauth2Login(oauth2 -> oauth2
                        .userInfoEndpoint(
                                info -> info.userService(new AppUserService())
                        )
                        .loginPage("/oauth2/authorization/github")
                        .defaultSuccessUrl("/dashboard", true))


        ;

        return http.build();
    }

}

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

yes

@GetMapping("/dashboard")
    public String index(Model model) {
        model.addAttribute("activeModulList", modulService.findByActiveStatus(true));
        model.addAttribute("deactivatedModulList", modulService.findByActiveStatus(false));
        return "home";
}

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

yes with oath2

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

user must first log in to see /dashboard

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

and the server sends it because spring security is on and this: .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint

what if i just generate a iput hidden with the token in the get request?

222 replies

JCHJava Community | Help. Code. Learn.

•Created by Suika on 2/18/2025 in #java-help

Spring Boot, JavaScript fetching Endpoint