I don’t know what I did wrong. I was trying to implement the Jwt token(only post method).it shows the exception that
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.ClassCastException: class com.vivek.discussion.service.UserDetailServiceImpl$1 cannot be cast to class com.vivek.discussion.model.User (com.vivek.discussion.service.UserDetailServiceImpl$1 and com.vivek.discussion.model.User are in unnamed module of loader ‘app’)] with root cause
java.lang.ClassCastException: class com.vivek.discussion.service.UserDetailServiceImpl$1 cannot be cast to class com.vivek.discussion.model.User (com.vivek.discussion.service.UserDetailServiceImpl$1 and com.vivek.discussion.model.User are in unnamed module of loader ‘app’) at com.vivek.discussion.security.JwtProvider.generateToken(JwtProvider.java:26) ~[classes/:na] at com.vivek.discussion.service.AuthService.login(AuthService.java:85) ~[classes/:na]
I am not sharing DTO classes. I know the problem is in Jwtprovider but no idea why
UserDetailService
JavaScript
x
package com.vivek.discussion.service;@AllArgsConstructor@Servicepublic class UserDetailServiceImpl implements UserDetailsService { private final UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username){ Optional<User> userOptional=userRepository.findByUsername(username); User user=userOptional.orElseThrow(()-> new UsernameNotFoundException("User name not valid "+username)); return new UserDetails() { @Override public Collection<? extends GrantedAuthority> getAuthorities() { return UserDetailServiceImpl.this.getAuthorities("USER"); } @Override public String getPassword() { return user.getPassword(); } @Override public String getUsername() { return user.getUsername(); } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return user.isEnabled(); } }; } private Collection<? extends GrantedAuthority> getAuthorities(String role) { return Collections.singletonList(new SimpleGrantedAuthority(role)); }}AuthService
JavaScript
package com.vivek.discussion.service;@Service@AllArgsConstructorpublic class AuthService { // constructor injection is recommended over direct autowired annotation private final PasswordEncoder passwordEncoder; private final UserRepository userRepository; private final VerificationTokenRepository verificationTokenRepository; private final MailService mailService; private final AuthenticationManager authenticationManager; private final JwtProvider jwtProvider; @Transactional public void signup(RegisterRequest registerRequest){ User user=new User(); user.setUsername(registerRequest.getUsername()); user.setPassword(passwordEncoder.encode(registerRequest.getPassword())); user.setEmail(registerRequest.getEmail()); user.setCreated(Instant.now()); user.setEnabled(false); userRepository.save(user); String token=generateRandomToken(user); mailService.sendMail(new NotificationEmail("Please Activate Your Account",user.getEmail(),"thank you For Signing In Into our disscusion form" + "Please click the link below to get : "+ "http://localhost:8080/api/auth/accountVerification/"+token)); } private String generateRandomToken (User user){ String s= UUID.randomUUID().toString(); VerificationToken verificationToken=new VerificationToken(); verificationToken.setToken(s); verificationToken.setUser(user); verificationTokenRepository.save(verificationToken); return s; } public void verifyAccount(String token) { Optional<VerificationToken> verificationToken= verificationTokenRepository.findAllByToken(token); verificationToken.orElseThrow(() -> new SpringDiscussionException("Invalid Token")); fetchUserAndUnable(verificationToken.get()); } @Transactional void fetchUserAndUnable(VerificationToken verificationToken) { String username=verificationToken.getUser().getUsername(); User user=userRepository.findByUsername(username).orElseThrow(()-> new SpringDiscussionException("User not found with name : "+username)); user.setEnabled(true); userRepository.save(user); } public AuthenticationResponse login(LoginRequest loginRequest) { Authentication authentication=authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(),loginRequest.getPassword())); SecurityContextHolder.getContext().setAuthentication(authentication); String token= jwtProvider.generateToken(authentication); return new AuthenticationResponse(token,loginRequest.getUsername()); }}AuthController
JavaScript
@Slf4j@RestController@RequestMapping("/api/auth")@AllArgsConstructorpublic class AuthController { private final AuthService authService; @PostMapping("/signup") public ResponseEntity<String> signup(@RequestBody RegisterRequest registerRequest){ log.info(registerRequest.getEmail()); authService.signup(registerRequest); return new ResponseEntity<>("user registration link send", HttpStatus.OK ); } @GetMapping("accountVerification/{token}") public ResponseEntity<String> verify(@PathVariable String token){ authService.verifyAccount(token); return new ResponseEntity<>("User is register",HttpStatus.OK); } @PostMapping("/login") public AuthenticationResponse login(@RequestBody LoginRequest loginRequest){ return authService.login(loginRequest); }}JwtProvider
JavaScript
package com.vivek.discussion.security;import com.vivek.discussion.model.User;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.SignatureAlgorithm;import io.jsonwebtoken.security.Keys;import org.springframework.security.core.Authentication;import org.springframework.stereotype.Service;import javax.annotation.PostConstruct;import java.security.Key;@Servicepublic class JwtProvider { private Key key; @PostConstruct public void init(){ key= Keys.secretKeyFor(SignatureAlgorithm.HS256); } public String generateToken(Authentication authentication){ User principal=(User) authentication.getPrincipal(); return Jwts.builder().setSubject(principal.getUsername()) .signWith(key) .compact(); }}pom.xml(only jwt dependency)
JavaScript
<dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-api</artifactId> <version>0.10.5</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> <scope>runtime</scope> <version>0.10.5</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-jackson</artifactId> <scope>runtime</scope> <version>0.10.5</version> </dependency>SecurityConfig
JavaScript
package com.vivek.discussion.configuration;import lombok.AllArgsConstructor;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.config.BeanIds;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;@Configuration@EnableWebSecurity@AllArgsConstructorpublic class SecurityConfig extends WebSecurityConfigurerAdapter { private final UserDetailsService userDetailsService; @Bean(BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception{ return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/api/auth/**") .permitAll() .anyRequest() .authenticated(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); }}Advertisement
Answer
The problem is that your UserDetailsService implementation is returning something of type UserDetails:
JavaScript
@Overridepublic UserDetails loadUserByUsername(String username){ Optional<User> userOptional=userRepository.findByUsername(username); User user=userOptional.orElseThrow(()-> new UsernameNotFoundException("User name not valid "+username)); return new UserDetails() { But JwtProvider is asking for something of type User:
JavaScript
User principal=(User) authentication.getPrincipal();Instead of returning an anonymous inner class, consider adding a copy constructor to User and using a static inner class that extends your User class and implements UserDetails:
JavaScript
private static class InternalUser extends User implements UserDetails { public InternalUser(User user) { super(user); // call the copy constructor } // ... all the implemented methods from your anonymous class}Then, you can do in UserDetailsServiceImpl:
JavaScript
@Overridepublic UserDetails loadUserByUsername(String username){ Optional<User> userOptional = userRepository.findByUsername(username); User user = userOptional.orElseThrow( () -> new UsernameNotFoundException("User not valid")); return new InternalUser(user);}