em ko rõ cho khoanh tròn đó…
em xét quyền cho tài khoản đăng nhập quyền member
sau khi đăng nhập thành công… em lưu lại token… rồi thực hiện họi đến api /user/getListProductType kia… thì nó vẫn ra kết quả dù em xét nó quyền admin mới dược gọi đến
request
config:
doFillter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String authToken = httpRequest.getHeader(TOKEN_HEADER);
if (jwtService.validateTokenLogin(authToken)) {
String username = jwtService.getUsernameFromToken(authToken);
UserDao user=userService.findByPhone(username);
if (user != null) {
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
UserDetails userDetail = new User(username, user.getPassword(), enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, user.getAuthorities());
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetail,
null, userDetail.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
System.out.println("----");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
CustomAccessDeniedHandler
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exc)
throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.getWriter().write("Access Denied!");
}
}
controller
@RequestMapping("/user")public class UserController {
@Autowired
SegmentService segmentService;
@Autowired
ProductTypeService productTypeService;
@Autowired
private JwtService jwtService;
@Autowired
private UserSerivce userSerivce;
@Autowired
private UserRepository userRepository;
ResponseData responseData = new ResponseData(1, "Chưa có dữ liệu", null);
@RequestMapping(value = "/logins",method = RequestMethod.POST)
ResponseEntity<?> logins(InputStream inputStream){
try {
responseData = new ResponseData(1, "Lỗi", null);
BaseRequest baseRequest = RequestUtils.convertToBaseRequest(inputStream);
System.out.println("--------------------");
if (baseRequest.getWsRequest() != null) {
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(objectMapper.writeValueAsString(baseRequest.getWsRequest()));
String phone = "";
String pass = "";
String result= "";
if (jsonNode.get("phone") != null) {
phone = jsonNode.get("phone").asText();
}
if (jsonNode.get("password") != null) {
pass = jsonNode.get("password").asText();
}
UserDao personal = userSerivce.findByPhone(phone);
if (personal != null) {
String passs = userRepository.findByUsername(phone);
if (pass.equals(passs)) {
result=jwtService.generateTokenLogin(phone);
responseData = new ResponseData(0, "OK", new ResponseBase(null,result));
} else {
responseData = new ResponseData(0, "sai mat khau", null);
}
} else {
responseData = new ResponseData(1, "Tài khoản không tồn tại!", null);
}
}
}
catch (Exception e){
e.printStackTrace();
}
return ResponseEntity.status(HttpStatus.OK).body(responseData);
}
@RequestMapping(value = "/getListProductTypes", method = RequestMethod.POST)
public ResponseEntity<?> getListProductType(InputStream inputStream) {
try {
BaseRequest baseRequest = RequestUtils.convertToBaseRequest(inputStream);
responseData = new ResponseData(1, "loi", null);
if (baseRequest.getWsRequest() != null) {
List<ProductType> list = productTypeService.findAll();
responseData = new ResponseData(0, "thanh cong", new ResponseBase(null, list));
}
} catch (Exception e) {
e.printStackTrace();
}
return ResponseEntity.status(HttpStatus.OK).body(responseData);
}
83% thành viên diễn đàn không hỏi bài tập, còn bạn thì sao?