How to use spring security isEnabled

1

I was wondering if I'm using the isEnabled method of spring security correctly. For in my system, every user has a list of profiles. If the admin removes all their profiles and the user attempts to log in with that account without a profile an exception should be triggered for it to inform that the account is inactive.

@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException{

    Usuario usuario =  usuarioRepository.findByEmail(email);

    if(usuario == null)
    {
        throw new UsernameNotFoundException(email);
    }

    if(usuario.getPerfis().isEmpty())
    {
        usuarioLogado.isEnabled();
        //throw new AuthorizationException("Usuário bloqueado!");
    }

    return new UserSpringSecurity(usuario.getId(), usuario.getEmail(), usuario.getSenha(), usuario.getNome(), usuario.getPerfis());
}

Implementation of isEnabled in class that implements UserDetails

@Override
public boolean isEnabled() {
    return true;
}

This code works the way I expected it when the user tries to log in, firing the 401 status exception. The problem is in the refresh token method, which triggers the correct exception message, but with a 500 error status. p>

@RequestMapping(value = "/refresh_token", method = RequestMethod.POST)
public ResponseEntity<Void> refreshToken(HttpServletResponse response){
    UserSpringSecurity usuarioLogado = UserService.authenticated();
    //jwtUtil.checkIfPerfilIsEmpty(usuarioLogado);
    String token = jwtUtil.generateToken(usuarioLogado.getUsername());
    response.addHeader("Authorization", "Bearer " + token);
    response.addHeader("access-control-expose-headers", "Authorization");
    return ResponseEntity.noContent().build();
}

I tried to use this code to check if the logged-in user has a profile and trigger the exception with the checkIfPerfilIsEmpty method, but the result was the same, so I commented the line.

I researched it in the spring doc, but it just says what the method is for. doc do spring As I found nowhere an explanation, I do not know if I used it correctly.

    
asked by anonymous 24.04.2018 / 16:16

0 answers