generator-jhipster: Security: can't secure API
Overview of the issue
Currently, in master branch, we can’t secure an API with:
@Secured(AuthoritiesConstants.ADMIN)
I will complete this ticket later, if needed
Motivation for or Use Case
Reproduce the error
- create an entity
- secure all API, using
@Secured(AuthoritiesConstants.ADMIN) - connect with user/user
- you can access to the entity
Related issues
Suggest a Fix
JHipster Version(s)
JHipster configuration
Entity configuration(s) entityName.json files generated in the .jhipster directory
Browsers and Operating System
- Checking this box is mandatory (this is just to show you read everything)
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 2
- Comments: 16 (16 by maintainers)
Of course @cbornet has the best answer: https://github.com/jhipster/generator-jhipster/issues/7806#issuecomment-398165015
I found a fix for this problem. The AuthenticationManager bean is injected into UserJWTController bean. With JHipster 4, this “AuthenticationManager” is configured using the
@PostContructannotation. I think that it’s not a good idea to create directly the AuthenticationManager. I prefer to delegate this instantiation using a AuthenticationManagerBean, the bean is created by Spring Security. See the documentation for more details. https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide#authenticationmanager-beanI’ve found the cause, this is crashing because of:
In the
SecurityConfigurationBean. This was working with JHipster 4, however.