Develop Reference

Spring NullPointerException this.service is null

I have problem with NullPointerException, every POST on /register endpoint, the NullPointerException shows that service is null
Controller with /register
#AllArgsConstructor
#RestController
#Validated
public class SecurityController {
private final UserService service;
#PostMapping("/register")
private ResponseEntity<UserDTO> registerUser (#RequestBody #Valid RegisterDTO registerDTO) {
return ResponseEntity.created(URI.create("/user")).body(service.createUser(registerDTO));
}
UserService
#RequiredArgsConstructor
#Service
public class UserService implements UserServiceApi {
private final UserRepository userRepository;
private final RoleRepository roleRepository;
private final PasswordEncoder encoder;
#Override
public UserDTO createUser(RegisterDTO user) {
if (user.equals(userRepository.findByUsername(user.getUsername()))) {
throw new RuntimeException("This nickname is already taken");
}
if (user.equals(userRepository.findByEmail(user.getEmail()))) {
throw new RuntimeException("This email is already taken");
}
// Encoding password
user.setPassword(encoder.encode(user.getPassword()));
// On creating new Account it's going to have USER role
Role role = roleRepository.findByName("USER");
String username = user.getUsername();
String password = user.getPassword();
String email = user.getEmail();
User dto = buildUser(username, password, email, role);
userRepository.save(dto);
return UserDTO.builder()
.username(username)
.password(password)
.email(email)
.build();
}
Other controller that use service, I dont know maybe that's the cuase of problem
#RestController(value = "/user")
#AllArgsConstructor
#Validated
public class UserController {
private final UserService service;
#GetMapping("/getusers")
public ResponseEntity<List<User>> getAllUser() {
return ResponseEntity.ok(service.getUsers());
}

JPA Respository: Data return null when #GetMapping include two required param

Based on my question above, Below is my code.
UserService
#Service
public class UserService {
#Autowired
private UserRepository userRepository;
public List<User> getUserByIdAndEmail(Long id, String email) {
return userRepository.findByIdAndEmail(id, email);
}
}
UserRepository
#Repository
public interface UserRepository extends JpaRepository<User, Long> {
public User findUserByEmail(String email);
public List<User> findByIdAndEmail(long id, String email);
}
UserController
#RestController
public class UserController {
#Autowired
private UserService userService;
#Autowired
private ModelMapper modelMapper;
#GetMapping(path="user/idEmail/{id}/{email}")
public #ResponseBody UserDto getUserByIdAndEmail(#PathVariable long id, #PathVariable String email) {
return modelMapper.map(userService.getUserByIdAndEmail(id, email), UserDto.class);
}
}
User
#Entity
#AllArgsConstructor
#NoArgsConstructor
#Getter
#Setter
#Table(name = "idr_user")
public class User {
#Id
#GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String name;
private String email;
}
UserDto
#Data
public class UserDto {
private int id;
private String name;
private String email;
}
And when i enter the correct ID and Email the result is null.
Can I know which part that I missing?

Change
public List<User> findByIdAndEmail(long id, String email);
to
public Optional<User> findByIdAndEmail(long id, String email);
then apply logic if the optional is present.
You shouldn't expect a list in this case as the ID is a primary key, therefor no duplicate. Even if you have duplicated emails, as long as you use id, you won't receive a list.

403 Forbidden page Spring Security

I can't seem to find the 403 error problem, when I send a JSON request to register in Postman I get the 403 Forbidden error with no message.
Postman Screenshot
SecureConfig.Java
This is the configuration file.
#EnableWebSecurity
#AllArgsConstructor
#Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
#Bean(BeanIds.AUTHENTICATION_MANAGER)
#Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
#Override
public void configure(HttpSecurity httpSecurity) throws Exception{
httpSecurity.csrf()
.disable()
.authorizeRequests()
.antMatchers("/api/auth/**")
.permitAll()
.anyRequest()
.authenticated();
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
#Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
AuthConroller
This is the controller of the project to authenticate, when I sign up the new user was added to the database successfully, it sends afterwards a mail verification to the fake mail using Mailtrap " https://mailtrap.io " . But when I request to receive the authentication token and the username I receive the error.
#RestController
#AllArgsConstructor
#RequestMapping(value = "/api/auth", consumes = MediaType.APPLICATION_JSON_VALUE)
public class AuthController {
private final AuthService authService;
#PostMapping("/signup")
public ResponseEntity<String> signup(#RequestBody RegisterRequest registerRequest ) {
authService.signup(registerRequest);
return new ResponseEntity<>("User's Registration was successful", HttpStatus.OK);
}
#GetMapping("accountVerification/{token}")
public ResponseEntity<String> verifyAccount(#PathVariable String token){
authService.verifyAccount(token);
return new ResponseEntity<>("Account created successfully", HttpStatus.OK);
}
#PostMapping("/")
public String login(#RequestBody LoginRequest loginRequest){
return authService.login(loginRequest);
}
}
AuthService
This is the autentication service.
#Service
#AllArgsConstructor
public class AuthService {
private final PasswordEncoder passwordEncoder;
private final UserRepository userRepository;
private final VerificationTokenRepository verificationTokenRepository;
private final MailService mailService;
private final AuthenticationManager authenticationManager;
private final JwtProvider jwtProvider;
public void signup(RegisterRequest registerRequest){
User user = new User();
user.setUsername(registerRequest.getUsername());
user.setEmail(registerRequest.getEmail());
user.setPassword(passwordEncoder.encode(registerRequest.getPassword()));
user.setEnabled(false);
user.setCreated(Instant.now());
userRepository.save(user);
String token = generetedVerificationToken(user);
mailService.sendMail(new NotificationEmail("Please " +
"Activate Your Account", user.getEmail(), "Thanks " +
"for signing up. Click on the link below to go home: " +
"http://localhost:8080/api/auth/accountVerification/" + token));
}
private String generetedVerificationToken(User user){
String token = UUID.randomUUID().toString();
VerificationToken verificationToken = new VerificationToken();
verificationToken.setToken(token);
verificationToken.setUser(user);
verificationTokenRepository.save(verificationToken);
return token;
}
public void verifyAccount(String token) {
Optional<VerificationToken> verificationToken = verificationTokenRepository.findByToken(token);
fetchUserAndEnable(verificationToken.orElseThrow(() -> new SpringRedditException("Invalid Token")));
}
private void fetchUserAndEnable(VerificationToken verificationToken){
String username = verificationToken.getUser().getUsername();
Optional<org.springframework.security.core.userdetails.User> v = userRepository.findByUsername(username);
UserDetails user = userRepository.findByUsername(username).orElseThrow(() -> new SpringRedditException("User not found with name - " + username));
User s = (User) user;
s.setEnabled(true);
userRepository.save(s);
}
public String encodePassword(String password) { return passwordEncoder.encode(password);}
public String login(LoginRequest loginRequest){
Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
loginRequest.getUsername(),
loginRequest.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
return jwtProvider.generatedToken(authentication);
}
}
JwtProvider
This class is to generate the tokens for each user. I didn't use the JKS I've found in the tutoriel, because it provides an error.
#Service
public class JwtProvider {
// private KeyStore keyStore;
private Key key;
#PostConstruct
public void init() {
key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
}
public String generatedToken(Authentication authentication){
org.springframework.security.core.userdetails.User principal =
(org.springframework.security.core.userdetails.User) authentication.getPrincipal();
return Jwts.builder()
.setSubject(principal.getUsername())
.signWith(key)
.compact();
}
}
UserDetailsServiceImpl
Here goes the implementation that gives the user authority to connect :
#Service
#AllArgsConstructor
public class UserDetailsServiceImpl implements UserDetailsService {
private final UserRepository userRepository;
#Override
#Transactional
public UserDetails loadUserByUsername(String username) {
Optional<User> userOptional = userRepository.findByUsername(username);
User user = userOptional.orElseThrow(() -> new UsernameNotFoundException("No such user" +
"with username : " + username));
return new org.springframework.security.core.userdetails.User(user.getUsername(),
user.getPassword(), user.isEnabled(), true,
true, true,
getAuthorities("USER"));
}
private Collection<? extends GrantedAuthority> getAuthorities(String role){
return singletonList(new SimpleGrantedAuthority(role));
}
}
and last
AutheticationResponse
In the DTO file we have this class in order to receive the authenticatonToken and the username in postman as a JSON format.
#Data
#AllArgsConstructor
#NoArgsConstructor
public class AuthenticationResponse {
private String authenticationToken;
private String username;
}
After adding logging.level.org.springframework.security=DEBUG to application.properties file, I managed to see the reason this error appears in the below image.
Debug results Screenshot

Spring MongoRepository entity saved twice

I Have method in service to save user after registration, but after method invocation I have two same documents in collection.
Controller:
#RequestMapping(value="/registration/male", method= RequestMethod.POST, consumes={ MediaType.APPLICATION_JSON_VALUE })
public #ResponseBody void maleRegistration (#RequestBody MaleDTO maleDTO, HttpServletRequest request) throws EmailExistsException {
User user = registrationService.maleRegistration(maleDTO);
autoLogin(user, request);
}
Method in service:
#Transactional
public User maleRegistration(MaleDTO male) throws EmailExistsException {
if (userRepository.existsByEmail(male.getEmail())) {
throw new EmailExistsException("There is an account with that email address: " + male.getEmail());
}
User user = new User();
user.setName(male.getName());
user.setGender(Gender.MALE);
user.setDateOfBirth(male.getDateOfBirth());
user.setEmail(male.getEmail());
user.setPassword(encoder.encode(male.getPassword()));
user.setRoles(new HashSet<>(Arrays.asList(Role.ROLE_USER)));
userRepository.save(user);
return user;
}
User repository:
public interface UserRepository extends MongoRepository<User, String>{
}
User Class:
#Document(collection = "Users")
public class User {
#Id
private String id;
private String name;
private Gender gender;
private LocalDate dateOfBirth;
private String email;
private String password;
private Set<Role> roles;
//geters and seters
//toString
}
Why it happens?
I would appreciate any help.

Questions about Spring Security

I am actually beginner in Spring framework. For today i've faced with problems and i want ask you a couple questions to figure it out.
I want to make simple user login/authorisation app with Android client.
First of all I want to post my code:
Model:
#Entity
#Table(name = "Users")
public class User {
public User() {
}
#Id
#GeneratedValue(generator = "increment")
#GenericGenerator(name = "increment", strategy = "increment")
#Column(name = "Id", unique = true, nullable = false)
private long id;
#Column(name = "userName", nullable = false)
private String userName;
#Column(name = "userPassword", nullable = false)
private String userPassword;
#Transient
private String confirmPassword;
public long getId() {
return id;
}
public String getUsername() {
return userName;
}
public String getPassword() {
return userPassword;
}
public String getConfirmPassword() {
return confirmPassword;
}
public void setId(long id) {
this.id = id;
}
public void setName(String userName) {
this.userName = userName;
}
public void setPassword(String userPassword) {
this.userPassword = userPassword;
}
public void setConfirmPassword(String confirmPassword) {
this.confirmPassword = confirmPassword;
}
}
Services:
User details:
#Service("userDetailsServiceImpl")
public class UserDetailsServiceImpl implements UserDetailsService {
#Autowired
private UserRepository userRepository;
#Override
#Transactional(readOnly = true)
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByUserName(userName);
Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities);
}
}
Impl of UserSerice interface:
#Service
public class UserServiceImpl implements UserService {
#Autowired
private UserRepository userRepository;
#Autowired
private BCryptPasswordEncoder passwordEncoder;
public void save(User user) {
user.setPassword(passwordEncoder.encode(user.getPassword()));
userRepository.save(user);
}
public User findByUserName(String userName) {
return userRepository.findByUserName(userName);
}
}
User validator:
#Component
public class UserValidator implements Validator {
#Autowired
private UserService userService;
#Override
public boolean supports(Class aClass) {
return User.class.equals(aClass);
}
#Override
public void validate(Object o, Errors errors) {
User user = (User) o;
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "username", "Required");
if (user.getUsername().length() < 8 || user.getUsername().length() > 32) {
errors.rejectValue("username", "Size.userForm.username");
}
if (userService.findByUserName(user.getUsername()) != null) {
errors.rejectValue("username", "Duplicate.userForm.username");
}
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password", "Required");
if (user.getPassword().length() < 8 || user.getPassword().length() > 32) {
errors.rejectValue("password", "Size.userForm.password");
}
if (!user.getConfirmPassword().equals(user.getPassword())) {
errors.rejectValue("confirmPassword", "Different.userForm.password");
}
}
}
Impl of SecurityService
#Service
public class SecurityServiceImpl implements SecurityService {
#Autowired
private AuthenticationManager authenticationManager;
#Autowired
private UserDetailsService userDetailsService;
#Override
public String findLoggedInUsername() {
Object userDetails = SecurityContextHolder.getContext().getAuthentication().getDetails();
if (userDetails instanceof UserDetails) {
return ((UserDetails) userDetails).getUsername();
}
return null;
}
#Override
public void autoLogin(String username, String password) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
authenticationManager.authenticate(authenticationToken);
if (authenticationToken.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
}
SecurityConfig:
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(securedEnabled = true)
#ComponentScan("com.webserverconfig.user")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
#Qualifier("userDetailsServiceImpl")
UserDetailsService userDetailsService;
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
#Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
#Bean
#Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
And the lsat one -> Controller:
#RestController
#RequestMapping("/user")
public class UserController {
#Autowired
private UserService userService;
#Autowired
private SecurityService securityService;
#Autowired
private UserValidator userValidator;
#RequestMapping(value = "/registration", method = RequestMethod.POST)
#ResponseBody
#ResponseStatus(value = HttpStatus.CREATED)
public User registration(#RequestBody User user, BindingResult bindingResult, Model model) {
userValidator.validate(user, bindingResult);
if (bindingResult.hasErrors()) {
//What should i return here to my Android client ?
}
userService.save(user);
securityService.autoLogin(user.getUsername(), user.getConfirmPassword());
return user;
}
}
I am missing some classes here for saving space.
I am asking you for help me with my questions, please:
1) When i am trying to send JSON using Postman:
{
"id": 1,
"userName": "Andrew",
"userPassword": "apoyark123",
"confirmPassword": "apoyark123"
}
I am getting next erorr:
DefaultHandlerExceptionResolver - Failed to read HTTP message: org.springframework.http.converter.HttpMessageNotReadableException: Could not read document: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
at [Source: java.io.PushbackInputStream#ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"]); nested exception is com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
at [Source: java.io.PushbackInputStream#ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"])
Am i missing some annotation ?
This issue resolved by Mehdi in the first comment. !!!
Please help me with second question.
2) I am haven't tested security validation part yet, because this code doesn't working, but i have a question -> How my client will understand that login/authorisation have gone wrong/good ?
If we take a look on controller's method registration(...) -> what should i return to the client if first "if" false ?
What if validation is not correct ? What should i return to the client and how ?