I'm trying to build an app that use custom oaut2 authentication with spring boot. I want to set a groupId for principal and use it for spring jpa on resource server.
#Query("select o from BusinessObject o where o.owner.id = ?#{principal.claims['companyId']} or 1=?#{hasRole('ROLE_ADMIN') ? 1 : 0}")
List<BusinessObject> findBusinessObjectsForCurrentUserById();
How to succeed this?
Related
Currently I am using Spring Security Oauth2 2.3.2 Release. I want to set up a Authorization Code Grant Type Based Authentication.
I debugged the Spring Security "/oauth/authorize" EndPoint. I found below code
private AuthorizationCodeServices authorizationCodeServices = new InMemoryAuthorizationCodeServices();
I debugged more into the code and I found out that AuthorizationCodeServices is implementented by 3 Classes .
1) InMemoryAuthorizationCodeServices
2) JdbcAuthorizationCodeServices
3) RandomValueAuthorizationCodeServices
Default Implementation of Spring provides the InMemoryAuthorizationCodeServices. I want to configure it based on the JdbcAuthorizationCodeServices. Now, for that do I need to write my own endpoint and code or could it be done using any configuration?
I have two Java processes - which get spawned from the same Jar using different run configurations
Process A - Client UI component , Developed Using Spring bean xml based approach. No Spring Boot is there.
Process B - A new Springboot Based component , hosts REST End points.
Now from Process A , on various button click how can I call the REST end points on Process B using Feign Client.
Note - Since Process A is Spring XML based , right at the moment we can not convert that to Spring boot. Hence #EnableFeignClients can not be used to initialise the Feign Clients
So Two questions
1) If the above is possible how to do it ?
2) Till Process A is moved to Spring boot - is Feign still an easier option than spring REST template ?
Feign is a Java to HTTP client binder inspired by Retrofit, JAXRS-2.0, and WebSockets and you can easily use feign without spring boot. And Yes, feign still better option to use because Feign Simplify the HTTP API Clients using declarative way as Spring REST does.
1) Define http methods and endpoints in interface.
#Headers({"Content-Type: application/json"})
public interface NotificationClient {
#RequestLine("POST")
String notify(URI uri, #HeaderMap Map<String, Object> headers, NotificationBody body);
}
2) Create Feign client using Feign.builder() method.
Feign.builder()
.encoder(new JacksonEncoder())
.decoder(customDecoder())
.target(Target.EmptyTarget.create(NotificationClient.class));
There are various decoders available in feign to simplify your tasks.
You are able to just initialise Feign in any code (without spring) just like in the readme example:
public static void main(String... args) {
GitHub github = Feign.builder()
.decoder(new GsonDecoder())
.target(GitHub.class, "https://api.github.com");
...
}
Please take a look at the getting started guide: feign on github
I want to use Spring Integration RedisLockRegistry . I have some questions about Spring Integration RedisLockRegistry.
Can I use the redisLockRegistry as a Spring bean ? it means my application just a single redisLockRegistry.
I see the RedisLockRegistry implement ExpirableLockRegistry in the version 5.0,
Should I need run the expireUnusedOlderThan method?
I met the same questions and start analyze spring code. So from sources I can state that:
Yes you can create and configure it as a bean of any instance of LockRegistry like RedisLockRegistry, JdbcLockRegistry. For test purposes I'd like even use PassThruLockRegistry
I tried to find any invocation of expireUnusedOlderThan inside Spring without success.
So I have created simple scheduler as following:
#Autowired
private ExpirableLockRegistry lockRegistry;
#Scheduled(fixedDelay=50000)
public void cleanObsolete(){
lockRegistry.expireUnusedOlderThan(50000);
}
I have an application (Spring MVC 4 + Hibernate/JPA + MySQL + Maven integration example using annotations), integrating Spring with Hibernate using annotation based configuration.
I have this property
#Pattern(regexp = "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*#"
+ "[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$",
message = "{general.error.mail}")
private String email;
But when there is an error I see the key in the page instead of the message itself
{general.error.mail}
You need a messages.properties file. Check Spring MVC Form Validation Example with Bean Validation API as a tutorial.
My Spring Boot application works on Spring Security 3.2.7.RELEASE.
Now, I'd like to update it to 4.0.2.RELEASE.
After hours of debug I have found that Spring Security 4.0.2.RELEASE uses defaultRolePrefix="ROLE_"
in
org.springframework.security.access.expression.SecurityExpressionRoot.hasAnyAuthorityName(String prefix, String... roles) method
In my application I use roles without this prefix and accordingly I get AccessDeniedException.
How to configure Spring Boot in order to use SecurityExpressionRoot.defaultRolePrefix="" ?
I found the solution how to fix it. I need to change hasRole to hasAuthority, for example:
#PreAuthorize("hasAuthority('PERMISSION_CREATE_NODE')")
In the other hand you can remove role prefix ass described here. In this cas you are free to use other annotations.