I am working on a Spring Boot & Spring Security project where a user can add flights to his trip if the trip has been approved (user entity contains a status variable that can be changed by the admin to approved or denied for the trip) by an admin.
As long as the trip has pending/denied status the user should not be able to access the flights url. How can I achieve this blocking functionality based on that user variable?
Trips url: http://localhost:4040/user/{userId}/trip
Flights url for a specific trip: http://localhost:4040/user/{userId}/trips/{tripId}/flights
Related
Good morning. Question scenario is as follows. Suppose an employee with a role goes to annual leave and he has an account in a spring boot application. How can I disable his user account so that logins fail at that time. How do I write the code? I'm using WebSecurityConfigurerAdapter but I failed to accomplish this task. I need sample working code using preferably Spring boot 2.6.* cause other resources I found on the net are using older versions.
Thanks in advance.
If you want to disable a user for a certain period of time where the user can not log in till u enable his ID, then I assume that u created a table of name "User" where you store all user credentials, specify two more columns "role" and "isActive(boolean)", in "role" column you can specify your role as ADMIN or ROLE_ADMIN and write a code with logic where an admin has all authorization, as an admin you can alter the data, before that you should write a code for only active users can log in, then as an admin, you can change the state from "true" to "false" in the specific user's "isActive" column, now the user only able to login if his "isActive" state is true.
you can ping me any time...
We use the IdentityServer3 as our central authentication provider. Now I have a general question about the IdenityServer in an enterprise environment. I try to explain it with the following example:
If a user was successfully authenticated, he get a token from the provider. The token includes the unique ID of the user.
The authenticated user send a request to a WebApi, to create a new item (e.g a new product).
The WebApi extract the unique ID from the token and creates the new product in the database. Additionally the new product was linked with the unique user ID (e.g as creationUserId).
An other user send a request to the WebApi to get all available products.
The WebApi create a database query to retrieve all products. Additionally the WebApi wants to convert the creationUserId of each product to the correlating username. But that is not possible, because username is stored in the identity database which is an other database one than the application database (e.g for the products). Are there some best practices to solve this requirement?
Many thanks for your help!
Regards
Thank you for your answers. I see only one way to realize my requirements:
--> I store the username with the userId in the application database, because a API for translating is to slow.
We have developed an app that let user login with facebook. The app has been granted all required permissions to retrieve name, email, gender and age range etc. But our app developer stored only id,name and email while user login. Now we need to retrieve gender and age range of all those users who have logged in the app.
Is there a way to rerun user query to retrieve those data? I am looking to develop an program using Spring-social and RestFB but it needs user login action to retrieve required data which is problem in our case since we cannot recreate login action again.
As long as the user granted public_profile permission to your app, and you have their app-scoped user id, you can make the API call using your app access token.
And if you are looking to request this data for a lot of users, then you should optimize your requests in the following ways:
request the fields you need only: /user-id?fields=id,gender
request data for multiple users in one go: /?ids=user-id-1,user-id-2,user-id-3&fields=fields=id,gender – https://developers.facebook.com/docs/graph-api/using-graph-api/v2.5#multirequests
perhaps even use Batch Requests if necessary, https://developers.facebook.com/docs/graph-api/making-multiple-requests/
I have developed a Spring application which uses Spring Social Facebook, in order to get users activities in social network.
I need to know how i can get post's owner which is liked by authenticated user, and which permission is required to perform this operation.
For sake of clarity: User A (authenticated) likes a post belonging to user B. How i can get user B?
Any ideas?
Here you have url from facbook api explorator
me/posts?fields=from,message,picture,icon
This rest execution should return all posts - posted by current user and other users which was liked by him/her. Know you have to write it in Java, below code fetches data from the specified connection.
facebook.fetchConnections(null, "music", Page.class,
new PagingParameters(25, 0, null, null).toMap(), "from,message,picture,icon")
You can also try (but this I haven't tested)
facebook.fetchConnections(null, "posts", Post.class)
User(ROLE_USER) Login url:
www.aaa.com/user/info.do
Administrator(ROLE_ADMIN) Login url:
www.aaa.com/manager/info.do
I use Spring Security.
I don't want the administrator to log out When a user logs in.(
also I don't want the user to log out When administrator logs in.
One man has User(ROLE_USER) ID and Administrator(ROLE_ADMIN) ID and uses one browser.
I want to use two ID in one browser at the same time.
ex)a website customer service center staff uses manager site and user site with two ID.
Is this possible?
Sounds like it's just a matter of assigning to administrators ROLE_USER in addition to ROLE_ADMIN. A single user can have more than 1 role (check getAuthorities() method in UserDetails interface).