1
I was wondering if I am using the isEnabled spring security method correctly. Because on my system, every user has a list of profiles. If admin removes all their profiles and the user tries to log in with that profile-free account, an exception should be made to the user stating that the account is inactive.
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException{
Usuario usuario = usuarioRepository.findByEmail(email);
if(usuario == null)
{
throw new UsernameNotFoundException(email);
}
if(usuario.getPerfis().isEmpty())
{
usuarioLogado.isEnabled();
//throw new AuthorizationException("Usuário bloqueado!");
}
return new UserSpringSecurity(usuario.getId(), usuario.getEmail(), usuario.getSenha(), usuario.getNome(), usuario.getPerfis());
}
Implementation of isEnabled in the class implementing Userdetails
@Override
public boolean isEnabled() {
return true;
}
This above code works as I expected when the user tries to log in, triggering the status exception 401. The problem is in the refresh token method, which triggers the correct exception message, but with error status 500.
@RequestMapping(value = "/refresh_token", method = RequestMethod.POST)
public ResponseEntity<Void> refreshToken(HttpServletResponse response){
UserSpringSecurity usuarioLogado = UserService.authenticated();
//jwtUtil.checkIfPerfilIsEmpty(usuarioLogado);
String token = jwtUtil.generateToken(usuarioLogado.getUsername());
response.addHeader("Authorization", "Bearer " + token);
response.addHeader("access-control-expose-headers", "Authorization");
return ResponseEntity.noContent().build();
}
I tried to use this code above to check if the logged-in user has any profile and trigger the exception with the checkIfPerfilIsEmpty method, but the result was the same, so I commented the line.
I looked it up in the spring doc, but it only says what the method is for. spring doc Since I couldn’t find an explanation anywhere, I don’t know if I used it correctly.