I was wondering if I'm using the isEnabled method of spring security correctly. For in my system, every user has a list of profiles. If the admin removes all their profiles and the user attempts to log in with that account without a profile an exception should be triggered for it to inform that the account is inactive.
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException{
Usuario usuario = usuarioRepository.findByEmail(email);
if(usuario == null)
{
throw new UsernameNotFoundException(email);
}
if(usuario.getPerfis().isEmpty())
{
usuarioLogado.isEnabled();
//throw new AuthorizationException("Usuário bloqueado!");
}
return new UserSpringSecurity(usuario.getId(), usuario.getEmail(), usuario.getSenha(), usuario.getNome(), usuario.getPerfis());
}
Implementation of isEnabled in class that implements UserDetails
@Override
public boolean isEnabled() {
return true;
}
This code works the way I expected it when the user tries to log in, firing the 401 status exception. The problem is in the refresh token method, which triggers the correct exception message, but with a 500 error status. p>
@RequestMapping(value = "/refresh_token", method = RequestMethod.POST)
public ResponseEntity<Void> refreshToken(HttpServletResponse response){
UserSpringSecurity usuarioLogado = UserService.authenticated();
//jwtUtil.checkIfPerfilIsEmpty(usuarioLogado);
String token = jwtUtil.generateToken(usuarioLogado.getUsername());
response.addHeader("Authorization", "Bearer " + token);
response.addHeader("access-control-expose-headers", "Authorization");
return ResponseEntity.noContent().build();
}
I tried to use this code to check if the logged-in user has a profile and trigger the exception with the checkIfPerfilIsEmpty method, but the result was the same, so I commented the line.
I researched it in the spring doc, but it just says what the method is for. doc do spring As I found nowhere an explanation, I do not know if I used it correctly.