I want to replace the http exception with a response, that is, I use responseentity I want to return for example 409 if the user is not found by name, and 509 if not found by mail, can I determine the error number and its description in responseEntity? If so, can give an example?
#RequestMapping(value = "/change", method = RequestMethod.POST)
public void change(#RequestBody User user) throws Exception {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
User userByUsername = userService.findUserByUsername(userDetails.getUsername());
if (userByUsername == null) {
throw new Exception("Пользователь не найден");
//TODO: return ResponseEntity code 409 if userByusername not found
}
user.setId(userByUsername.getId());
if (user.getPassword() == null) {
user.setPassword(userByUsername.getPassword());
}
user.setRoles(userByUsername.getRoles());
userService.save(user);
}
public ResponseEntity<Object> change(#RequestBody User user) throws Exception {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
ErrorResponse errorResponse = new ErrorResponse(HttpStatus.CONFLICT, "not found user by username",409);
User userByUsername = userService.findUserByUsername(userDetails.getUsername());
if (userByUsername == null) {
return new ResponseEntity<>(errorResponse, new HttpHeaders(), errorResponse.getStatus());
}
user.setId(userByUsername.getId());
if (user.getPassword() == null) {
user.setPassword(userByUsername.getPassword());
}
user.setRoles(userByUsername.getRoles());
userService.save(user);
return null;
}
public class ErrorResponse {
private HttpStatus status;
private String message;
private Integer errors;
public ErrorResponse(HttpStatus status, String message, Integer errors) {
super();
this.status = status;
this.message = message;
this.errors = errors;
}
public HttpStatus getStatus() {
return status;
}
}
Related
I am having issues with the Amazon MQ implementation of topics. When I use the in memory SimpleMessageBroker clients receive only messages that they have subscribed to. However with the externalized message broker, all clients receive all messages broadcast through the SimpMessagingTemplate.
relevant code:
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
if ("true".equalsIgnoreCase(environment.getProperty("aws.activemq.enabled")))
config.setApplicationDestinationPrefixes("/app")
.enableStompBrokerRelay("/topic")
.setUserDestinationBroadcast("/user")
.setRelayHost(this.activeMQCreds.getHost())
.setRelayPort(this.activeMQCreds.getPort())
.setClientLogin(this.activeMQCreds.getUsername())
.setClientPasscode(this.activeMQCreds.getPassword())
.setAutoStartup(true)
.setSystemLogin(this.activeMQCreds.getUsername())
.setSystemPasscode(this.activeMQCreds.getPassword())
.setTcpClient(this.createClient());
else config.setApplicationDestinationPrefixes("/app")
.enableSimpleBroker("/topic");
#Override
public void configureClientInboundChannel(ChannelRegistration registration) {
registration.interceptors(webSocketSessionChannelInterceptor);
}
private TcpOperations<byte[]> createClient() {
return new ReactorNettyTcpClient<>(
(client) -> client.remoteAddress(this::getAddress).secure(), new StompReactorNettyCodec());
}
private SocketAddress getAddress() {
try {
InetAddress address =
InetAddress.getByName(this.activeMQCreds.getHost().replace("stomp+ssl://", ""));
return new InetSocketAddress(address, this.activeMQCreds.getPort());
} catch (UnknownHostException e) {
log.error("Exception", e);
return null;
}
}
}
How we are handling subscriptions:
public class WebSocketSessionChannelInterceptor implements ChannelInterceptor {
#Override
public Message<?> preSend(final Message<?> message, final MessageChannel channel) throws AuthenticationException {
log.info("Message: {}", message);
final StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
try {
final String destination = accessor.getDestination();
if (StompCommand.CONNECT == accessor.getCommand()) {
final String token = accessor.getFirstNativeHeader("Authorization");
final UsernamePasswordAuthenticationToken user =
webSocketAuthenticatorService.getAuthenticatedOrFail(token);
if (user != null) SecurityContextHolder.getContext().setAuthentication(user);
accessor.setUser(user);
} else if (StompCommand.SUBSCRIBE == accessor.getCommand()
&& StringUtils.isNotEmpty(destination)
&& destination.contains("conversations?orgId=")) {
String orgId = destination.substring(destination.lastIndexOf('=') + 1);
if (WebSocketAuthenticatorService.hasPermissionToOrgId(orgId, (Authentication) accessor.getUser()))
return message;
else
throw new BadCredentialsException(
String.format("you do not have privilege to this organization: %s", orgId));
}
return message;
} catch (Exception e) {
log.error("Exception: ", e);
return null;
}
}
#Override
public void afterSendCompletion(Message<?> message, MessageChannel channel, boolean sent, #Nullable Exception ex) {
final StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
final String destination = accessor.getDestination();
if (StompCommand.SUBSCRIBE == accessor.getCommand()
&& StringUtils.isNotEmpty(destination)
&& destination.contains("conversations?orgId=")) {
String orgId = destination.substring(destination.lastIndexOf('=') + 1);
if (WebSocketAuthenticatorService.hasPermissionToOrgId(orgId, (Authentication) accessor.getUser()))
webSocketUtils.publishConversationsForOrgId(orgId);
}
}
}
How we are sending messages to clients:
this.simpMessagingTemplate.convertAndSend(
ApplicationConstants.ORG_WEBSOCKET_TOPIC_PATH + orgId, conversationBO);
I am working with Spring Boot and Spring Security, but is my first time using Google cloud firebase Firestore, I am connecting to my database via Firebase Admin SDK. I have a configuration class that looks like this.
#Configuration
public class FirestoreUserConfig {
#Bean
public Firestore getDB() {
return FirestoreClient.getFirestore();
}
}
I have BeanCreationException, my stack trace, in summary, looks like this.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getDB' defined in class path resource [com/d1gaming/user/firebaseconfig/FirestoreUserConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.firestore.Firestore]: Factory method 'getDB' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/api/gax/rpc/TransportChannelProvider
Caused by: java.lang.ClassNotFoundException: com.google.api.gax.rpc.TransportChannelProvider
at java.net.URLClassLoader.findClass(URLClassLoader.java:382) ~[na:1.8.0_271]
at java.lang.ClassLoader.loadClass(ClassLoader.java:418) ~[na:1.8.0_271]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:355) ~[na:1.8.0_271]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351) ~[na:1.8.0_271]
... 105 common frames omitted
The weird thing is I followed Google's documentation on Initializing firebase Admin SDK, I added the corresponding dependencies to my pom.xml file but it does not seem to work anyway. This is my Admin SDK dependency.
<dependency>
<groupId>com.google.firebase</groupId>
<artifactId>firebase-admin</artifactId>
<version>7.0.1</version>
</dependency>
I imagine Maven is not able to find this TransportChannelProvider class, Im not sure. I also tried adding all of gcp core dependencies in case provided Admin SDK dependency didn't have the class but I had the same result. I am also making use of a Service and a RESTController for my back end application, I don't know if it is relevant to include it here but I am going to include it just in case.
#Service
public class UserService {
public final String USERS_COLLECTION = "users";
#Autowired
private PasswordEncoder passwordEncoder;
private Firestore firestore;
//get users collcetion from Firestore.
private CollectionReference getUsersCollection() {
return firestore.collection(this.USERS_COLLECTION);
}
//Post a user onto the user collection. documentID is auto-generated by firestore.
public String saveUser(User user) throws InterruptedException, ExecutionException {
Query query = getUsersCollection().whereEqualTo("userName", user.getUserName());
QuerySnapshot querySnapshot = query.get().get();
//Query to validate if userName is already in use.
if(querySnapshot.isEmpty()) {
ApiFuture<DocumentReference> document = getUsersCollection().add(user);
DocumentReference reference = document.get();
String userId = document.get().getId();
//Assign auto-generated Id to userId field for ease of querying.
WriteBatch batch = FirestoreClient.getFirestore().batch();
batch.update(reference, "userId",userId);
//ENCODE USER PASSWORD!
batch.update(reference, "userPassword",passwordEncoder.encode(reference.get().get().toObject(User.class).getUserPassword()));
List<WriteResult> results = batch.commit().get();
results.forEach(result -> {
System.out.println("Update Time: " + result.getUpdateTime());
});
return "Created user with ID: " + "'" + userId + "'";
}
return "Username is already in use";
}
//Get User by given its email.
public Optional<User> getUserByEmail(String userEmail) throws InterruptedException, ExecutionException{
Query query = getUsersCollection().whereEqualTo("userEmail", userEmail);
QuerySnapshot snapshot = query.get().get();
//if user with provided Email exists in collection.
if(!snapshot.isEmpty()) {
List<User> userLs = snapshot.toObjects(User.class);
//Since there is a unique email for each document,
//There will only be on User object on list, we will retrieve the first one.
for(User currUser: userLs) {
return Optional.of(currUser);
}
}
return null;
}
//Query for user by given userName.
public Optional<User> getUserByUserName(String userName) throws InterruptedException, ExecutionException{
//Perform a query based on a user's Name.
Query query = getUsersCollection().whereEqualTo("userName", userName);
QuerySnapshot snapshot = query.get().get();
if(!snapshot.isEmpty()) {
List<User> userList = snapshot.toObjects(User.class);
//Since there is a unique userName for each document,
//there will only be one User object on the list, we will retrieve the first one.
for(User currUser: userList) {
return Optional.of(currUser);
}
}
return null;
}
//Query for user by given userName.
public User getUserByName(String userName) throws InterruptedException, ExecutionException {
//Perform a query based on a user's Name.
Query query = getUsersCollection().whereEqualTo("userName", userName);
QuerySnapshot snapshot = query.get().get();
if(!snapshot.isEmpty()) {
List<User> userList = snapshot.toObjects(User.class);
//Since there is a unique userName for each document,
//there will only be one User object on the list, we will retrieve the first one.
for(User currUser : userList) {
return currUser;
}
}
return null;
}
//Get User by its auto-generated ID.
public User getUserById(String userId) throws InterruptedException, ExecutionException {
DocumentReference reference = getUsersCollection().document(userId);
if(reference.get().get().exists()) {
DocumentSnapshot snapshot = reference.get().get();
User user = snapshot.toObject(User.class);
return user;
}
return null;
}
//Get DocumentReference on a User.
public DocumentReference getUserReference(String userId) throws InterruptedException, ExecutionException {
DocumentReference reference = getUsersCollection().document(userId);
//Evaluate if documentExists in users collection.
if(reference.get().get().exists()) {
return reference;
}
return null;
}
//return a list of objects located in the users collection.
public List<User> getAllUsers() throws InterruptedException, ExecutionException {
//asynchronously retrieve all documents
ApiFuture<QuerySnapshot> future = getUsersCollection().get();
List<QueryDocumentSnapshot> objects = future.get().getDocuments();
//If there is no documents, return null.
if(!objects.isEmpty()) {
List<User> ls = new ArrayList<>();
objects.forEach((obj) -> {
User currUser = obj.toObject(User.class);
ls.add(currUser);
});
return ls;
}
return null;
}
//delete a User from users collection by a given id.
//In reality delete method just changes UserStatus from active to inactive or banned.
public String deleteUserById(String userId) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
DocumentReference reference = db.collection(USERS_COLLECTION).document(userId);
User user = reference.get().get().toObject(User.class);
if(user == null) {
return "User not found.";
}
WriteBatch batch = db.batch();
batch.update(reference, "userStatusCode",UserStatus.INACTIVE);
ApiFuture<List<WriteResult>> result = batch.commit();
List<WriteResult> results = result.get();
results.forEach(response -> {
System.out.println("Update Time:" + response.getUpdateTime());
});
//Check if user did actually change status.
if(reference.get().get().toObject(User.class).getStatusCode().equals(UserStatus.ACTIVE)) {
return "User with ID: " + "'" + userId + "'" + " was deleted.";
}
return "User could not be deleted";
}
//Delete a User's certain field value.
public String deleteUserField(String userId, String userField) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
DocumentReference reference = getUsersCollection().document(userId);
if(!reference.get().get().exists()) {
return "User not found.";
}
Map<String,Object> map = new HashMap<>();
map.put(userField, FieldValue.delete());
WriteBatch batch = firestore.batch();
batch.update(reference, map);
List<WriteResult> results = batch.commit().get();
results.forEach(response -> System.out.println("Update Time: " + response.getUpdateTime()));
return "Field deleted Successfully";
}
//Change UserStatus to BANNED
public String banUserById(String userId) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
final DocumentReference reference = db.collection(this.USERS_COLLECTION).document(userId);
WriteBatch batch = db.batch().update(reference,"userStatusCode",UserStatus.BANNED);
List<WriteResult> results = batch.commit().get();
results.forEach(response -> System.out.println("Update Time: " + response.getUpdateTime()));
if(reference.get().get().toObject(User.class).getStatusCode().equals(UserStatus.BANNED)) {
return "User with ID: " + "'" + userId + "'" + " was BANNED.";
}
return "User could not be BANNED.";
}
//Set a user with all new fields.
public String updateUser(User user) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(user.getUserId());
DocumentSnapshot snapshot = reference.get().get();
if(snapshot.exists()) {
WriteBatch batch = firestore.batch();
batch.set(reference, user);
List<WriteResult> results = batch.commit().get();
results.forEach(response -> System.out.println("Update time: " + response.getUpdateTime()));
return "User updated successfully";
}
return "User not found.";
}
// Update a specific field on a given document by another given value. In case userId is field to be changed, one integer will be subtracted from userTokens field.
public String updateUserField(String userId,String objectField, String replaceValue) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
if(!reference.get().get().exists()) {
return "User not found.";
}
WriteBatch batch = db.batch();
List<WriteResult> results = new ArrayList<>();
//These fields cannot be updated.
if(!objectField.equals("userName") && !objectField.equals("userCash") && !objectField.equals("userTokens") && !objectField.equals("userId")) {
batch.update(reference, objectField, replaceValue);
results = batch.commit().get();
results.forEach(response ->{
System.out.println("Update time: " + response.getUpdateTime());
});
}
else if(objectField.equals("userName")) {
String response = updateUserName(userId, replaceValue);
return response;
}
else {
return "This field canntot be updated.";
}
return "User field could not be updated.";
}
//Update a user's userName depending of availability and token adquisition capacity. i.e. if user has enough tokens to pay fee.
public String updateUserName(String userId, String newUserName) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
DocumentSnapshot snapshot = reference.get().get();
if(!snapshot.exists()) {
return "User not found.";
}
Query query = getUsersCollection().whereEqualTo("userName", newUserName);
QuerySnapshot querySnapshot = query.get().get();
//Evaluate if userName is already in use.
String response = "Username is already taken";
if(querySnapshot.isEmpty()) {
//Transaction to get() tokens and update() tokens.
ApiFuture<String> futureTransact = db.runTransaction(transaction -> {
DocumentSnapshot doc = transaction.get(reference).get();
double tokens = doc.getDouble("userTokens");
//evaluate if user holds more than one token
if(tokens >= 1) {
transaction.update(reference, "userTokens", tokens - 1);
transaction.update(reference, "userName", newUserName);
return "Username updated to: '"+ newUserName +"'";
}
else {
throw new Exception("Not enough Tokens");
}
});
response = futureTransact.get();
}
return response;
}
//update user Currency field.
public String updateUserCash(String userId, double cashQuantity) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
DocumentSnapshot snapshot = reference.get().get();
String response = "User not found.";
//evaluate if document exists
if(snapshot.exists()) {
ApiFuture<String> futureTransaction = firestore.runTransaction(transaction -> {
Map<String,Object> map = new HashMap<>();
map.put("userCash", FieldValue.increment(cashQuantity));
transaction.update(reference, map);
return "Updated userCash";
});
response = futureTransaction.get();
return response;
}
return response;
}
//Update user Token field.
public String updateUserTokens(String userId, double tokenQuantity) throws InterruptedException, ExecutionException {
Firestore firestore = FirestoreClient.getFirestore();
final DocumentReference reference = getUsersCollection().document(userId);
String response = "User not found.";
//evaluate if user exists on collection.
if(reference.get().get().exists()) {
ApiFuture<String> futureTransaction = firestore.runTransaction(transaction -> {
Map<String,Object> map = new HashMap<>();
map.put("userTokens",tokenQuantity);
transaction.update(reference, map);
return "Updated userTokens";
});
response = futureTransaction.get();
return response;
}
return response;
}
//evaluate if given documentId exists on given collection.
public static boolean isPresent(String userId,String collectionName) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
DocumentReference reference = db.collection(collectionName).document(userId);
ApiFuture<DocumentSnapshot> snapshot = reference.get();
DocumentSnapshot document = snapshot.get();
if(!document.exists()) {
return false;
}
return true;
}
//Evaluate if given document's status corresponds to active.
public static boolean isActive(String userId, String collectionName) throws InterruptedException, ExecutionException {
Firestore db = FirestoreClient.getFirestore();
DocumentReference reference = db.collection(collectionName).document(userId);
ApiFuture<DocumentSnapshot> snapshot = reference.get();
DocumentSnapshot result = snapshot.get();
User user = result.toObject(User.class);
if(user.getStatusCode().equals(UserStatus.ACTIVE)) {
return true;
}
return false;
}
}
My Controller class:
#RestController
#RequestMapping("/userapi")
#CrossOrigin(origins = "http://localhost:4200")
public class UserController {
#Autowired
UserService userServ;
#GetMapping(value = "/users/search",params="userName")
#PreAuthorize("hasRole('PLAYER')")
public ResponseEntity<Object> getUserByName(#RequestParam(value = "userName", required = true)final String userName) throws InterruptedException, ExecutionException{
if(userName == null) {
return new ResponseEntity<>("Invalid Input",HttpStatus.BAD_REQUEST);
}
User user = userServ.getUserByName(userName);
if(user == null) {
return new ResponseEntity<>("User Not Found", HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(user,HttpStatus.OK);
}
#GetMapping("/users")
#PreAuthorize("hasRole('PLAYER')")
public ResponseEntity<List<User>> getAllUsers() throws InterruptedException, ExecutionException{
List<User> ls = userServ.getAllUsers();
if(ls.isEmpty()) {
return new ResponseEntity<List<User>>(ls, HttpStatus.NO_CONTENT);
}
return new ResponseEntity<List<User>>(ls, HttpStatus.OK);
}
#DeleteMapping(value = "/users/delete",params="userId")
#PreAuthorize("hasRole('ADMINISTRATOR')")
public ResponseEntity<Object> deleteUserById(#RequestParam(value="userId", required = true)String userId, #RequestParam(required = false, value="userField") String userField) throws InterruptedException, ExecutionException{
if(userField != null) {
String response = userServ.deleteUserField(userId, userField);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
String response = userServ.deleteUserById(userId);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
#PutMapping(value = "/users/update")
#PreAuthorize("hasRole('ADMINISTRATOR') or hasRole('PLAYER')")
public ResponseEntity<Object> updateUser(#RequestBody User user) throws InterruptedException, ExecutionException{
String response = userServ.updateUser(user);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
#PutMapping(value = "/users/update",params="userId")
#PreAuthorize("hasRole('ADMINISTRATOR') or hasRole('PLAYER')")
public ResponseEntity<Object> updateUserField(#RequestParam(required = true, value="userId")String userId, #RequestParam(required = true)String userField, #RequestParam(required = true)String replaceValue) throws InterruptedException, ExecutionException{
String response = userServ.updateUserField(userId, userField, replaceValue);
if(response.equals("User not found.")) {
return new ResponseEntity<>(response, HttpStatus.NOT_FOUND);
}
else if(response.equals("This field cannot be updated.")) {
return new ResponseEntity<>(response, HttpStatus.BAD_REQUEST);
}
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
I didn't find ANY documentation on this particular problem and that is why I am here, I would be glad if anyone could help me solving this problem. Am I missing something? Anyways thank you for your time, happy coding.
as you said, you are missing the TransportChannelProvider interface and it's implementations. it's not provided in the dependency you added.
try to add this dependency to your POM:
<dependency>
<groupId>com.google.api</groupId>
<artifactId>gax</artifactId>
<version>1.57.0</version>
</dependency>
the interface included there.
After checking my pom.xml and my dependency hierarchies(On Eclipse, found on the toolbar above the console when the pom.xml file is being viewed.), I found I had another dependency on another Spring Boot project that was overriding the one I had on my project, make sure to check all dependencies on different projects as well. The dependency version I had on my other project did not include the classes Spring needed to create a a bean.
This class is deserializing an oauth2 token and I would like to tweak it. I created my own class extending StdDeserializer<OAuth2AccessToken> which at the moment is the same as the original class.
Here is the class:
public class MyCustomDeserializer extends StdDeserializer<OAuth2AccessToken> {
public MyCustomDeserializer() {
super(OAuth2AccessToken.class);
}
#Override
public OAuth2AccessToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException,
JsonProcessingException {
String tokenValue = null;
String tokenType = null;
String refreshToken = null;
Long expiresIn = null;
Set<String> scope = null;
Map<String, Object> additionalInformation = new LinkedHashMap<String, Object>();
// TODO What should occur if a parameter exists twice
while (jp.nextToken() != JsonToken.END_OBJECT) {
String name = jp.getCurrentName();
jp.nextToken();
if (OAuth2AccessToken.ACCESS_TOKEN.equals(name)) {
tokenValue = jp.getText();
}
else if (OAuth2AccessToken.TOKEN_TYPE.equals(name)) {
tokenType = jp.getText();
}
else if (OAuth2AccessToken.REFRESH_TOKEN.equals(name)) {
refreshToken = jp.getText();
}
else if (OAuth2AccessToken.EXPIRES_IN.equals(name)) {
try {
expiresIn = jp.getLongValue();
} catch (JsonParseException e) {
expiresIn = Long.valueOf(jp.getText());
}
}
else if (OAuth2AccessToken.SCOPE.equals(name)) {
scope = parseScope(jp);
} else {
additionalInformation.put(name, jp.readValueAs(Object.class));
}
}
// TODO What should occur if a required parameter (tokenValue or tokenType) is missing?
DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(tokenValue);
accessToken.setTokenType(tokenType);
if (expiresIn != null) {
accessToken.setExpiration(new Date(System.currentTimeMillis() + (expiresIn * 1000)));
}
if (refreshToken != null) {
accessToken.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken));
}
accessToken.setScope(scope);
accessToken.setAdditionalInformation(additionalInformation);
return accessToken;
}
private Set<String> parseScope(JsonParser jp) throws JsonParseException, IOException {
Set<String> scope;
if (jp.getCurrentToken() == JsonToken.START_ARRAY) {
scope = new TreeSet<String>();
while (jp.nextToken() != JsonToken.END_ARRAY) {
scope.add(jp.getValueAsString());
}
} else {
String text = jp.getText();
scope = OAuth2Utils.parseParameterList(text);
}
return scope;
}
}
Here I am registering the bean:
#Bean
public ObjectMapper configObjectMapper() {
final ObjectMapper objectMapper = new ObjectMapper();
objectMapper.enable(SerializationFeature.INDENT_OUTPUT);
final SimpleModule module = new SimpleModule("configModule", com.fasterxml.jackson.core.Version.unknownVersion());
module.addDeserializer(OAuth2AccessToken.class, new MyCustomDeserializer());
objectMapper.registerModule(module);
return objectMapper;
}
Testing the above code the flow doesn't reach my class but the original. I am using spring boot 2.1.4
I want to prevent not logged user form accessing the proxy. I can throw an exception but the response is 404 instead of `401 or '403'. It it possible?
Filter code:
#Component
public class CustomZuulFilter extends ZuulFilter {
//FIXME - if 401,403 get the new token??, fallbackMethod = "fall",
#HystrixCommand(
commandProperties = {
#HystrixProperty(name = "execution.isolation.thread.timeoutInMilliseconds", value = "5000"),
#HystrixProperty(name = "circuitBreaker.errorThresholdPercentage", value = "60")
}
)
#Override
public Object run() {
logger.debug("Adding zulu header");
String userName = getLoggedUser();
RequestContext ctx = RequestContext.getCurrentContext();
if (userName == null) {
// throw new RuntimeException("User not authenticated");
logger.info("User not authenticated");
ctx.setResponseStatusCode(401);
ctx.sendZuulResponse();
return null;
}
return null;
}
private String getLoggedUser() {
[...]
}
#Override
public boolean shouldFilter() {
return true;
}
#Override
public String filterType() {
return PRE_TYPE;
}
#Override
public int filterOrder() {
return PRE_DECORATION_FILTER_ORDER - 1;
}
}
It might be a bit late, but i think you can remove ctx.sendZuulResponse();
and add ctx.setSendZuulResponse(false);
I have this auth method for login and i am doing a junit test on it.
I am using Mockito, spring4, hibernate5.
What i am facing is this.
The junit test result is correct for testIsAuthorizedUser_normalLogin().
However for testIsAuthorizedUser_blackListUser(), it is not.
I am expecting it to throw an exception.
The problem lies in this line of code.
when(blacklistDeviceService.getBlacklistDeviceForSearch(
eq(PropertiesUtil.BlacklistType.IP_ADDRESS.ordinal()), eq(request.getRemoteAddr()), eq(true), eq(null), eq(null), eq(null)))
.thenReturn(deviceListForIp);
When i debug the code blacklistDeviceService.getBlacklistDeviceForSearch does not return me the object that i force it to return. instead it return me a empty list.
How do i return the value?
Main implementation
public Map<String,String> isAuthorizedUser(String username, String password, Integer loginType, String imei, HttpServletRequest req) throws ErrorException
{
HashMap<String,String> result = new HashMap<>();
UUID uuid = UUID.randomUUID();
UserInfo user = null;
user = isAuthorizedUser(username, password, loginType, imei, req, uuid.toString());
if (isPolicyEnforce)
{
validate(user);
//trigger when user pwd is expired or when password is reset
if (user.getExpire() || user.getIsPasswordReset())
{
result.put(PropertiesUtil.MAPPING_TOKEN, generateToken(user, uuid.toString()));
result.put(PropertiesUtil.MAPPING_CHANGE_PASSWORD, "true");
return result;
}
}
result.put(PropertiesUtil.MAPPING_TOKEN, generateToken(user, uuid.toString()));
result.put(PropertiesUtil.MAPPING_CHANGE_PASSWORD, "false");
return result;
}
private UserInfo isAuthorizedUser(String username, String password, Integer loginType, String imei, HttpServletRequest req, String uuid) throws ErrorException
{
UserInfo user = userInfoDAO.findById(username);
if (GlobUtil.isNotEmpty(user))
{
try
{
if (isPolicyEnforce && (maxFailAttempt < 0))
{
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_INVALID_POLICY));
}
Set<Role> roles = new HashSet<>(userRoleDAO.getRoleBy(user));
if(roles.isEmpty())
{
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_UNAUTHORIZED_USER));
}
if (PasswordEncoder.verifyPassword(password, user.getPassword()))
{
if(isBlacklist(req.getRemoteAddr(), imei))
{
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_UNAUTHORIZED_DEVICE));
}
if(GlobUtil.isNotEmpty(user.getErrorCount()) && user.getErrorCount() > 0)
{
user.setErrorCount(0);
accessControlTransNewService.transNewUpdateUser(user);
}
accessControlTransNewService.transNewAddLoginLog(username, PropertiesUtil.ACTION_LOGIN, PropertiesUtil.getEnum(PropertiesUtil.LoginType.values(), loginType).name(), "Login - Success.", req);
}
else
{
if (user.getIsActive() && !user.getIsLock())
{
accessControlTransNewService.transNewAddLoginLog(username, PropertiesUtil.ACTION_LOGIN, PropertiesUtil.getEnum(PropertiesUtil.LoginType.values(), loginType).name(), "Login - Fail. Invalid password.", req);
unauthorizedAccess(user, maxFailAttempt);
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_INVALID_USERPWD));
}
else
{
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_INACTIVE_USER));
}
}
}
catch (CannotPerformOperationException | InvalidHashException e)
{
throw new ErrorException(e);
}
catch (NumberFormatException nfe)
{
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_INVALID_POLICY));
}
}
else
{
accessControlTransNewService.transNewAddLoginLog(username, PropertiesUtil.ACTION_LOGIN, PropertiesUtil.getEnum(PropertiesUtil.LoginType.values(), loginType).name(), "Login - Fail. User do not exist.", req);
throw new ErrorException(msgProperty.getProperty(MessageUtil.ERR_AUTH_INVALID_USERPWD));
}
addUserToSession(user, req, uuid);
return user;
}
private boolean isBlacklist(String ipAddress, String imei)
{
List<BlacklistDevice> deviceListForImei = new ArrayList<>();
List<BlacklistDevice> deviceListForIp = new ArrayList<>();
if(GlobUtil.isNotEmpty(imei))
{
deviceListForImei = blacklistDeviceService.getBlacklistDeviceForSearch(PropertiesUtil.BlacklistType.IMEI.ordinal(), imei, true, null, null, null);
}
if(GlobUtil.isNotEmpty(ipAddress))
{
deviceListForIp = blacklistDeviceService.getBlacklistDeviceForSearch(PropertiesUtil.BlacklistType.IP_ADDRESS.ordinal(), ipAddress, true, null, null, null);
}
return (!deviceListForImei.isEmpty()) || (!deviceListForIp.isEmpty());
}
Mock
#Before
public void setUp() throws Exception
{
MockitoAnnotations.initMocks(this);
user = new UserInfo("user1", "sha1:64000:18:VFNOK/vZ3W8Zd9/xDQKUBNlccvpmydbu:rlemV/kvTi/FNZpEA/9jf+Wh", "User 1", "User 1",
"User 1",0, true,false, new Date(), false, null, false, false);
roles = new ArrayList<>();
roles.add(new Role("ADMIN","ADMIN"));
deviceListForImei = new ArrayList<>();
deviceListForIp = new ArrayList<>();
BlacklistDevice blacklistDevice = new BlacklistDevice(1, "Blacklist", PropertiesUtil.BlacklistType.IP_ADDRESS.ordinal(), "192.168.1.100", "admin", new Date(), true);
deviceListForIp.add(blacklistDevice);
}
/**
* Test method for
* {#link com.stengg.stee.auth.service.impl.AccessControlServiceImpl#isAuthorizedUser(java.lang.String, java.lang.String, java.lang.Integer, java.lang.String, javax.servlet.http.HttpServletRequest)}.
*/
#Test
public void testIsAuthorizedUser_normalLogin()
{
MockHttpServletRequest request = new MockHttpServletRequest();
String username = "user1";
String password = "password";
Integer loginType = PropertiesUtil.LoginType.IPAC2.ordinal();
String imei = "";
when(userInfoDAO.findById(anyString())).thenReturn(user);
when(userRoleDAO.getRoleBy(any(UserInfo.class))).thenReturn(roles);
when(blacklistDeviceService.getBlacklistDeviceForSearch(anyInt(), anyString(), anyBoolean(), anyInt(), anyInt(), anyString())).thenReturn(Collections.EMPTY_LIST);
doNothing().when(accessControlTransNewService).transNewAddLoginLog(anyString(), anyString(), anyString(), anyString(), any(HttpServletRequest.class));
when(onlineUsers.getOnlineUser(anyString())).thenReturn(null);
when(blueForceTrackerStore.removeViewer(anyString())).thenReturn(false);
Map<String, String> result1 = accessControlService.isAuthorizedUser(username, password, loginType, imei, request);
//login success
assertNotNull(result1);
assertNotNull(result1.get("token"));
assertNotNull(result1.get("token").contains("Bearer "));
}
#Test(expected = ErrorException.class)
public void testIsAuthorizedUser_blackListUser()
{
MockHttpServletRequest request = new MockHttpServletRequest();
String username = "user1";
String password = "password";
Integer loginType = PropertiesUtil.LoginType.IPAC2.ordinal();
String imei = "";
when(userInfoDAO.findById(anyString())).thenReturn(user);
when(userRoleDAO.getRoleBy(any(UserInfo.class))).thenReturn(roles);
when(blacklistDeviceService.getBlacklistDeviceForSearch(
eq(PropertiesUtil.BlacklistType.IP_ADDRESS.ordinal()), eq(request.getRemoteAddr()), eq(true), eq(null), eq(null), eq(null)))
.thenReturn(deviceListForIp);
doNothing().when(accessControlTransNewService).transNewAddLoginLog(anyString(), anyString(), anyString(), anyString(), any(HttpServletRequest.class));
when(onlineUsers.getOnlineUser(anyString())).thenReturn(null);
when(blueForceTrackerStore.removeViewer(anyString())).thenReturn(false);
Map<String, String> result2 = accessControlService.isAuthorizedUser(username, password, loginType, imei, request);
assertNull(result2);
}
You may want to use another construct:
doReturn(deviceListForIp)
.when(blacklistDeviceService)
.getBlacklistDeviceForSearch(eq(PropertiesUtil.BlacklistType.IP_ADDRESS.ordinal()), eq(request.getRemoteAddr()), eq(true), eq(null), eq(null), eq(null))
An empty list is a sign of not properly mocked behaviour, its default.