n'arrive pas à récupérer le username après un post(err 403)

Version imprimable

1 pièce(s) jointe(s)

Bonjour :),

j'ai une class JWT AuthentificationFilter, je tente de récupérer le username et le password,mais je tombe sur cette erreur :

Code:

1
2
3
 
java.lang.RuntimeException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "password" (class ohkod.tdlist.entities.Membre), not marked as ignorable (4 known properties: "id", "passsword", "roles", "username"])
 at [Source: (org.apache.catalina.connector.CoyoteInputStream); line: 1, column: 33] (through reference chain: ohkod.tdlist.entities.Membre["password"])

Pièce jointe 479790

Voici ma class Membre:

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
 
import java.util.ArrayList;
import java.util.Collection;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.ManyToMany;
 
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonSetter;
@Entity
 
public class Membre{
    @Id @GeneratedValue
    private Long id;
    @Column(unique=true)
    private String username;
    private String passsword;
    @ManyToMany(fetch=FetchType.EAGER)
    private Collection<AppRole> roles = new ArrayList<>();
 
    public Membre( 
        Long id, 
        String username, 
        String passsword, 
        Collection<AppRole> roles) {
        super();
        this.id = id;
        this.username = username;
        this.passsword = passsword;
        this.roles = roles;
    }
 
    public Membre() {
        super();
    }
 
    public Long getId() {
        return this.id;
    }
 
    public void setId(Long id) {
        this.id = id;
    }
 
    public String getUsername() {
        return this.username;
    }
 
    public void setUsername(String username) {
        this.username = username;
    }
    @JsonIgnore
    public String getPasssword() {
        return this.passsword;
    }
    @JsonSetter
    public void setPasssword(String passsword) {
        this.passsword = passsword;
    }
 
    public Collection<AppRole> getRoles() {
        return this.roles;
    }
 
    public void setRoles(Collection<AppRole> roles) {
        this.roles = roles;
    }
 
}

voici le code jwtAuthentication:

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
 
import java.io.IOException;
 
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.rowset.serial.SerialException;
 
import com.fasterxml.jackson.databind.ObjectMapper;
 
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
import ohkod.tdlist.entities.Membre;
 
public class JWTAuthentificationFilter extends UsernamePasswordAuthenticationFilter{
    private AuthenticationManager authenticationManager;
 
    public JWTAuthentificationFilter(AuthenticationManager authenticationManager){
        super();
        this.authenticationManager = authenticationManager;
    }
 
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse reponse) throws AuthenticationException{
 
            Membre membre = null;
 
            try {  
                membre = new ObjectMapper().readValue(request.getInputStream(),Membre.class);
            } catch (Exception e) {
                System.out.println("**********Ligne 36**********");    
                throw new RuntimeException(e);
            }
            System.out.println("**********TEST JWT**********");    
            System.out.println(membre.getUsername());
            System.out.println(membre.getPasssword());    
            return authenticationManager.authenticate(
                new UsernamePasswordAuthenticationToken(membre.getUsername(), membre.getPasssword())
            );
    }

voici la configuration de la sécurité:

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
  @Autowired
  private UserDetailsService userDetailsService;
  @Autowired
  private BCryptPasswordEncoder bCryptPasswordEncoder;
 
 
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
 
    }
 
    @Override
    protected void configure(HttpSecurity http) throws Exception{
 
      http.csrf().disable();
      http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//desactiver la session
      //http.formLogin();
      http.authorizeRequests().antMatchers("/login/**","/register/**").permitAll();
      http.authorizeRequests().antMatchers(HttpMethod.POST, "/taches/**").hasAuthority("ADMIN");
      http.authorizeRequests().anyRequest().authenticated();
      System.out.println("**********TEST ligne 38**********");  
      http.addFilter(new JWTAuthentificationFilter(authenticationManager()));
    }
 
}

comment je dois débugger cela pour que j'arrive juste à récupérer les informations post avant de continuer ?

merci de vos réponses

1 pièce(s) jointe(s)

Je n'avais pas vérifier si j'ai bien reçu la donnée de type post, car le script fonctionnait avant la désactivation du formulaire.
je rentre dans le catch car la donnée est null :(

Code:

1
2
3
4
5
    protected void configure(HttpSecurity http) throws Exception{
 
      http.csrf().disable();
      http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//desactiver la session
      //http.formLogin();

en réactivant http.formLogin();
j'ai recois bien les donnée de ma soumission POST:

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
C:\Users\aker
λ curl localhost:8080/login
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta name="description" content="">
    <meta name="author" content="">
    <title>Please sign in</title>
    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M" crossorigin="anonymous">
    <link href="https://getbootstrap.com/docs/4.0/examples/signin/signin.css" rel="stylesheet" crossorigin="anonymous"/>
  </head>
  <body>
     <div class="container">
      <form class="form-signin" method="post" action="/login">
        <h2 class="form-signin-heading">Please sign in</h2>
        <p>
          <label for="username" class="sr-only">Username</label>
          <input type="text" id="username" name="username" class="form-control" placeholder="Username" required autofocus>
        </p>
        <p>
          <label for="password" class="sr-only">Password</label>
          <input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
        </p>
        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
      </form>
</div>
</body></html>

Code:

1
2
3
4
5
6
7
8
9
10
11
12
            String test_reception = request.getParameter("username");
            System.out.println(test_reception);  
            try {  
             membre = new ObjectMapper().readValue(request.getInputStream(), Membre.class);
 
             System.out.println(membre.getUsername());
 
            } catch (Exception e) {
 
                System.out.println("**********Ligne 36**********");    
                throw new RuntimeException(e);
            }

si je désactive cette la ligne http.formLogin(); je me retrouve avec test_reception=null

Comment je dois faire pour qu'il ne soit pas null ? car le but est de désactiver la génération du formulaire par le serveur, car c'est le front-end qui s'en chargera ?

Code:

1
2
3
4
5
6
7
8
9
10
    protected void configure(HttpSecurity http) throws Exception{
 
      http.csrf().disable();
      http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//desactiver la session
      //http.formLogin();
      http.authorizeRequests().antMatchers("/login/**","/register/**").permitAll();
      http.authorizeRequests().antMatchers(HttpMethod.POST, "/taches/**").hasAuthority("ADMIN");
      http.authorizeRequests().anyRequest().authenticated();
      http.addFilter(new JWTAuthentificationFilter(authenticationManager()));
    }

pourtant il y bien cette url login qui est authoriser ?

Code:

http.authorizeRequests().antMatchers("/login/**","/register/**").permitAll();

avec le logiciel ARC rest installé dans w10 , j'obtient une erreur 403 forbidden?

et avec curl terminal j'obitens 404

Code:

1
2
3
C:\Users\aker
λ curl localhost:8080/login
{"timestamp":"2019-06-02T07:35:30.486+0000","status":404,"error":"Not Found","message":"No message available","path":"/login"}

voici mon erreur 403 en image:

Pièce jointe 480050

03/06/2019, 07h11
andry.aime

Bonjour,

Tu as un s de trop sur le nom de ton attribut

Citation:

Code:

private String passsword;

A+.
06/06/2019, 08h39
keokaz

1 pièce(s) jointe(s)

Merci de ta réponse :), en effet j'ai tourné en rond un erreur sur le membre