I am a newbee in java and spring. My first exercise is project to simulate web phone book. I'm stuck with assigning contact to specific user, and later on displaying contacts for that specific user. Any idea or guideline is appreciated.
User class
#Entity
public class User implements Serializable {
#Id
#GeneratedValue(strategy = GenerationType.IDENTITY)
private int id;
private String name;
private String lastName;
private String email;
private String username;
private String password;
#Transient
private String retypePassword;
#ManyToMany(fetch = FetchType.EAGER,cascade=CascadeType.ALL)
#JoinTable(name="users_roles",
joinColumns = {#JoinColumn(name="user_id", referencedColumnName="id")},
inverseJoinColumns = {#JoinColumn(name="role_id", referencedColumnName="roles_id")}
)
private List<Rolee> authorities;
#OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL, mappedBy = "userForPhonebook")
#Fetch(value = FetchMode.SUBSELECT)
private Collection<Contact> allContacts;
// getters and setters
Contact class
#Entity
public class Contact implements Serializable {
#Id
#GeneratedValue(strategy = GenerationType.IDENTITY)
private int contactID;
private String name;
private String lastName;
private String email;
private String areaCode;
private String telNumber;
private String adress;
private String city;
private String note;
private String contactImage;
#JoinColumn(name = "users_id")
#ManyToOne(fetch = FetchType.EAGER, optional = false)
private User userForPhonebook;
// getters and setters
ContactServiceImpl class
#Service
public class ContactServiceImpl implements ContactService {
#Autowired
private ContactDAO contactDAO;
#Autowired
private UserDAO userDAO;
#Autowired
private ServletContext context;
#Override
public void addContact(ContactModel contactModel, MultipartFile[] contactImages, User user) {
Contact contact = new Contact();
/*
creating contact
*/
User user2 = userDAO.userGetById(user.getId()); //<-- i cant get user id
contact.setUserForPhonebook(user2);
// --------------------------------
User u = new User(); //
u.setId(2); // hard coding users id...
contact.setUserForPhonebook(u); // and its working fine
// rest of code to create contact ...
UserDAOImpl
// ...
#Override
public void addUser(User user) {
Session s = getCurrentSession();
Transaction trans = s.beginTransaction();
getCurrentSession().save(user);
trans.commit();
}
// ...
UserServiceImpl
// ...
#Override
public void addUser(UserModel userModel) {
User user = new User();
// creating user ...
getUserDAO().addUser(user);
}
// ...
RegisterController
// ...
#RequestMapping(value = "/addUser", method = RequestMethod.POST)
public String postRegister(#Valid #ModelAttribute("newUser") UserModel userModel, BindingResult results, ModelMap model) {
if (results.hasErrors()) {
return "addUser";
}
// checking if username, email exist in database ...
// password matching
getUserService().addUser(user);
return "index";
}
// ...
ContactController
// ...
#RequestMapping(value = "/addContact", method = RequestMethod.POST)
public String postAddContact(#Valid #ModelAttribute("addContact") ContactModel contactModel, BindingResult results, HttpServletRequest request, #RequestParam("contactImages") MultipartFile[] contactImages, User user)
throws FileNotFoundException, IOException {
if (results.hasErrors()) {
return "addContact";
}
getContactService().addContact(contactModel, contactImages, user);
return "redirect:phoneBook";
}
//...
You are not specifying how Spring is supposed to bind your User object in your postAddContact signature.
#RequestMapping(value = "/addContact", method = RequestMethod.POST)
public String postAddContact(
// Ok, this is a model retrieved from request params
#Valid #ModelAttribute("addContact") ContactModel contactModel,
// Ok, a BindingResult is mapped when the validation above occurs
BindingResult results,
// Ok, bind the internal HttlServletRequest
HttpServletRequest request,
// Ok, bind this to the multipart part of the request
#RequestParam("contactImages") MultipartFile[] contactImages,
// ... no idea how to bind this
User user)
throws FileNotFoundException, IOException {
// ...
}
You need to specify yourself which user is going to get the contact.
You could add the field inside your ContactModel object, like userId, and in your controller retrieve that user from database before adding the contact.
ContactController.java
// ...
#RequestMapping(value = "/addContact", method = RequestMethod.POST)
public String postAddContact(#Valid #ModelAttribute("addContact") ContactModel contactModel, BindingResult results, HttpServletRequest request, #RequestParam("contactImages") MultipartFile[] contactImages)
throws FileNotFoundException, IOException {
if (results.hasErrors()) {
return "addContact";
}
// Retrieve the user
User user = getUserService().retrieveUser(contactModel.getUserId());
getContactService().addContact(contactModel, contactImages, user);
return "redirect:phoneBook";
}
//...
You could also add a path variable, use the connected user, etc. Above code is just a suggestion.
The answer here helped me to assign currently active user to contact and my postAddContact looks like this. Sorry if I didn't correctly ask the question and I hope this will help someone else
#RequestMapping(value = "/addContact", method = RequestMethod.POST)
public String postAddContact(#Valid #ModelAttribute("addContact") ContactModel contactModel, BindingResult results, HttpServletRequest request, #RequestParam("contactImages") MultipartFile[] contactImages)
throws FileNotFoundException, IOException {
if (results.hasErrors()) {
return "addContact";
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
UserDetails userDetail = (UserDetails) auth.getPrincipal();
User u = userDAO.getUserByUsername(userDetail.getUsername());
request.getSession().setAttribute("id", u.getId());
int userId = (int) request.getSession().getAttribute("id");
User user = new User();
user.setId(userId);
getContactService().addContact(contactModel, contactImages, user);
return "redirect:phoneBook";
}
Related
I have a Spring Boot Rest API. I want to create users and set a unique constraint on their email and username. That works well so far. Here are the main classes and methods:
#Entity
#NoArgsConstructor
#Getter
#Setter
public class User {
#Id
#GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
#Column(unique = true)
#NotNull
private String email;
#Column(unique = true)
#NotNull
private String username;
#NotNull
private String password;
public User(String email, String username, String password) {
this.email = email;
this.password = password;
this.username = username;
}
}
#Data
#NoArgsConstructor
#AllArgsConstructor
public class SignupRequest {
#NotNull
private String email;
#NotNull
private String username;
#NotNull
private String password;
}
#CrossOrigin(value = "*")
#PostMapping("/signup")
public ResponseEntity<?> signup(#Valid #RequestBody SignupRequest signupRequest) {
signupService.signup(signupRequest);
return ResponseEntity.ok().build();
}
#Service
public class SignupServiceImpl implements SignupService {
#Override
public void signup(SignupRequest signupRequest) throws MessagingException, UnsupportedEncodingException {
User user = new User();
User user = new User(signupRequest.getEmail(), signupRequest.getUsername(), signupRequest.getPassword());
user = userRepository.save(user);
}
}
#Repository
#Component
public interface UserRepository extends CrudRepository<User, Long> {}
Now, the thing is, when I send a POST request to that endpoint with a username or email that already exists, I just get the http response 500 Internal Server Error. But I want to return a different status code and some Error message indicating that the email/username already exists.
Now two questions:
How can I modify the response globally? I could surround the userRepository.save(user) method with a try catch block, but I would have to do that in all the methods where I save a user separately. Can I define something like that globally?
The userRepository.save(user) method just returns a. JdbcSQLIntegrityConstraintViolationException with a pretty verbose message. Is there a way to clearly determine WHAT exactly went wrong (unique username constraint failed, unique email constraint failed, ...)? I could check if a user with that username or email exists by writing a method in the userRepository, but that looks like a lot of unnecessary sql queries to me. Is there a better way?
To answer your first question, You can handle exception globally via spring exception handling mechanism. You could use spring ControllerAdvice. Here you can set generic error response and custom http code. Here is an example of ControllerAdvice
#ControllerAdvice
public class CustomExceptionHandler extends ResponseEntityExceptionHandler
{
#ExceptionHandler(UserNotFoundException.class)
public final ResponseEntity<ErrorResponse> handleUserNotFoundException(UserNotFoundException ex, WebRequest request) {
String details = ex.getLocalizedMessage();
ErrorResponse error = new ErrorResponse(ApplicationConstants.RECORD_NOT_FOUND, details);
return new ResponseEntity<>(error, HttpStatus.NOT_FOUND);
}
#ExceptionHandler(Exception.class)
public final ResponseEntity<ErrorResponse> handleAllExceptions(Exception ex, WebRequest request) {
String details = ex.getLocalizedMessage();
ErrorResponse error = new ErrorResponse(ApplicationConstants.SERVER_ERROR, details);
return new ResponseEntity<>(error, HttpStatus.INTERNAL_SERVER_ERROR);
}
}
public class ErrorResponse
{
public ErrorResponse(String message, String details) {
super();
this.message = message;
this.details = details;
}
private String message;
private String details;
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public String getDetails() {
return details;
}
public void setDetails(String details) {
this.details = details;
}
}
Now about second question you can loop through all the cause and check unique constraint name to find out what exception violated. But better approach would be to check first and if found then throw error.
I made a SpringBoot application and now I'm at the login part.
I've made some custom restrictions with a custom annotation.
The problem is that this custom annotation is applied to the user after the password has been ecncripted.
This is the PasswordConstraint
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, User>{
#Override
public void initialize(final ValidPassword arg0){}
#SneakyThrows
#Override
public boolean isValid(User user, ConstraintValidatorContext context) {
Properties props = new Properties();
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("passay.properties");
props.load(inputStream);
MessageResolver resolver = new PropertiesMessageResolver(props);
PasswordValidator validator = new PasswordValidator(resolver, Arrays.asList(
new LengthRule(8, 16),
new CharacterRule(EnglishCharacterData.UpperCase, 1),
new CharacterRule(EnglishCharacterData.LowerCase, 1),
new CharacterRule(EnglishCharacterData.Digit, 1),
new CharacterRule(EnglishCharacterData.Special, 1),
new WhitespaceRule(),
new IllegalSequenceRule(EnglishSequenceData.Alphabetical, 5, false),
new IllegalSequenceRule(EnglishSequenceData.Numerical, 5, false)
));
RuleResult result = validator.validate(new PasswordData(user.getPasswordHash()));
if (result.isValid()) {
return true;
}
List<String> messages = validator.getMessages(result);
String messageTemplate = String.join(",", messages);
context.buildConstraintViolationWithTemplate(messageTemplate)
.addConstraintViolation()
.disableDefaultConstraintViolation();
return false;
}
}
This is where I encrypt the password
#Qualifier("getPasswordEncoder")
#Autowired
private PasswordEncoder passwordEncoder;
public void registerNewUserAccount(User user){
Optional<User> userOptional= userRepository.findUserByEmailAddress(user.getEmailAddress());
if(userOptional.isPresent()){
throw new IllegalStateException("email taken!");
}
// Se comenteaza pentru ca: Validarea parolei se face pe hashPassword
//Dupa rezolvarea problemei, se decomenteaza
user.setPasswordHash(passwordEncoder.encode(user.getPasswordHash()));
user.setEnabled(false);
Optional<User> saved = Optional.of(user);
saved.ifPresent(u -> {
try {
String token = UUID.randomUUID().toString();
verificationTokenService.save(user, token);
try {
emailService.sendHtmlMail(u);
} catch (MessagingException e) {
e.printStackTrace();
}
} catch (Exception e){
e.printStackTrace();
}
});
userRepository.save(user);
System.out.println(user);
saved.get();
}
Here is the user:
#Entity
#Table
#ValidPassword
public class User implements UserDetails {
#Id
#SequenceGenerator( //se auto-incrementeaza pkul ?
name = "user_sequence",
sequenceName = "user_sequence",
allocationSize = 1
)
#GeneratedValue( ///??????????
strategy = GenerationType.SEQUENCE,//maybe auto if not working
generator = "user_sequence"
)
//TODO Change camelCase to python_format
private Long id;
private String userName;
#NonNull
#NotBlank(message = "New password is mandatory")
private String passwordHash;
private String firstName;
private String lastName;
private String phoneNumber;
#Email
private String emailAddress;
public String address1;
public String address2;
private String city;
private String country;
private String zipcode;
private boolean enabled;
The issue here is that when you save an entity to the database, the validation annotations are also checked, which will then trigger the ConstraintViolationException.
So the best approach is to follow the Data Transfer Object pattern. I suggest you create a new class say UserDto which will be similar or even a replica of your User entity, ideally your UserDto class should only contain the field that the controller needs inclusive of all the necessary validation annotations.
In the service class where you encrypted your password, before saving the user, convert the UserDto instance to a User entity but remember to remove the #ValidPassword annotation from the User entity since you don't want to validate the encrypted password and you've already checked for the validations from your UserDto class
Remember: UserDto should not be an entity class since we don't want it in our database, we only need it for validation purpose.
I have created the User and Order entities as bellow. What I want to achieve is that if http://localhost:8080/users/username? is given I want to return only the user detail based on username provided. if http://localhost:8080/users/username?detail=true, I want to return user detail and order details for the username provided. How can I achieve this?
User.java
#Entity
public class User {
#Id
#GeneratedValue(strategy = GenerationType.AUTO)
private long id;
private String userName;
private String password;
private String firstName;
private String lastName;
private String gender;
private String lastLoggedIn;
#OneToMany
List<Order> listOfOrder;
//constructors
//getter and setter
}
Order.java
#Entity
public class Order
{
#Id
#GeneratedValue(strategy = GenerationType.AUTO)
private long id;
private float amount;
private String createdAt;
private String deliveredDate;
//constructors
//getter and setter
}
Controller.java
//CREATE CUSTOMER
#RequestMapping(method = POST, value = "/create")
public ResponseEntity createCustomerDetails(#RequestParam String userName, String password, String firstName,
String lastName, String gender) {
String lastLogged = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").format(Calendar.getInstance().getTime());
User user = new User(userName, password, firstName, lastName, gender, lastLogged);
userRepository.save(user);
return ResponseEntity.status(OK).body(user.getId() + " User were successfully saved");
}
//CREATE ORDER
#RequestMapping(method = POST, value = "/order/{userName}")
public ResponseEntity createOrder(#PathVariable ("userName") String userName, #RequestParam float amount)
{
String createdAt = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").format(Calendar.getInstance().getTime());
String deliveredDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").format(Calendar.getInstance().getTime());
User user = orderService.findUser(userName);
if (!user.equals(null))
{
Order order = new Order(amount,createdAt,deliveredDate);
user.getListOfOrder().add(order);
return ResponseEntity.status(OK).body("order details were saved under "+user.getUserName() + " "+user.getFirstName());
}
return ResponseEntity.status(NOT_FOUND).body(null + " was not found");
}
//GET THE USER DETAILS
#RequestMapping(method = GET, value = "/users/{userName}")
public ResponseEntity getUserDetail(#PathVariable("userName") String userName,
#RequestParam(defaultValue ="none", required = false) String detail) {
if (!detail.equals("none")){
return .....;
}else {
return ........;
}
}
UserRepository
#Repository
public interface UserRepository extends CrudRepository<User, Long> {
User findByUserName(String userName);
}
If you're ok with doing the serialization manually, you can employ JsonView to determine what gets serialized.
https://www.baeldung.com/jackson-json-view-annotation
User.java
import com.fasterxml.jackson.annotation.JsonView;
public class User {
#JsonView(Views.Lite.class)
private String name;
#JsonView(Views.Full.class)
private List<Order> orders;
}
Views.java
public class Views {
public static class Lite {}
public static class Full extends Lite {}
}
UserController.java
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.web.bind.annotation.RestController;
#RestController
public class UserController {
#Autowired
private UserRepository userRepository;
#Autowired
private ObjectMapper mapper;
#GetMapping("/user/{username}")
public ResponseEntity<String> getUserDetail(#PathVariable String username, #RequestParam(required = false) String detail) throws JsonProcessingException {
User user = userRepository.findByUserName(username);
Class viewClass = Views.Lite.class;
if (!StringUtils.isEmpty(detail)) {
viewClass = Views.Full.class;
}
return ResponseEntity.status(HttpStatus.OK)
.body(mapper.writerWithView(viewClass).writeValueAsString(user));
}
}
I have a user with admin and user roles, now I need to add ROLE_SUPPORT and restrict this role to only reading the list of users, how can I do this?
public class UserController {
#Autowired
UserService userService;
#RequestMapping(value = "getAll", method = RequestMethod.POST)
public List<User> getUsers() throws IOException {
return userService.getUsers();
}
#PostMapping("save")
#ResponseStatus(HttpStatus.OK)
public void save(#RequestBody User user) {
userService.save(user);
}
#RequestMapping(value = "delete", method = RequestMethod.POST)
public void delete(#RequestBody User user) {
userService.delete(user);
}
#RequestMapping(value = "getUser", method = RequestMethod.POST, produces = "application/json;charset=UTF-8")
#ResponseBody
public User getUser(#RequestBody RequestDto requestDto) throws IOException {
return userService.getUser(requestDto.getId());
}
I suppose a new method should be added to this controller, but I could be wrong
public class User extends BaseEntity<Integer> {
public enum Roles {
ADMIN
}
private String firstName;
private String lastName;
#Column(name = "username")
private String username;
#Convert(converter = PurshasedProductConverter.class)
private List<PurshasedProduct> purshasedProducts;
private String email;
private String activationCode;
#Convert(converter = AttachmentConverter.class)
private Attachment userAvatar;
public Attachment getUserAvatar() {
return userAvatar;
}
public void setUserAvatar(Attachment userAvatar) {
this.userAvatar = userAvatar;
}
#JsonProperty(access = Access.WRITE_ONLY)
private String password;
#JsonProperty(access = Access.WRITE_ONLY)
private String temporaryPassword;
#Convert(converter = StringArrayConverter.class)
private String[] roles;
private Date lastPasswordReset;
private Date dateCreated;
private Date dateUpdated;
private Date validatyTime;
private Boolean active;
public User() {
lastPasswordReset = dateCreated = dateUpdated = new Date();
roles = new String[]{"USER"};
}
That is, when requesting with the support role, a list of users should be returned.
Spring-Security provides this support by just adding #PreAuthorize annotation
#RequestMapping(value = "getAll", method = RequestMethod.GET)
**#PreAuthorize("hasRole('ROLE_SUPPORT')")**
public List<User> getUsers() throws IOException {
return userService.getUsers();
}
I'm trying to develop a RESTful webservice with Spring using 2 different projects for backend/webservice and frontend.
In the backend project I implemented the model
#Entity
#Table(name="user")
public class User {
#Id
#GeneratedValue(strategy = GenerationType.AUTO)
#Column(name = "id_user", nullable = false)
private String id;
#Column(name = "username", nullable = false)
private String username;
#Column(name = "firstname", nullable = false)
private String firstname;
#Column(name = "lastname", nullable = false)
private String lastname;
#Column(name = "password", nullable = false)
private String password;
#Column(name = "email", nullable = false)
private String email;
#Column(name = "own_printer", nullable = false)
private Boolean ownsPrinter;
// Getters Setters...
}
There is also a UserDAO class to access database (through Hibernate 4) and a UserManager for business processes. And then a UserController:
#RestController
public class UserController {
private UserService userService ;
#RequestMapping(value = "/listusers")
List<User> getAllUser() {
Application.context = new ClassPathXmlApplicationContext("applicationContext.xml");
userService = (UserService) Application.context.getBean("userService");
List<User> users = userService.getUsers();
return users;
}
#RequestMapping(value = "/user/{userid}")
User getUserById(#PathVariable("userid") String userId) {
Application.context = new ClassPathXmlApplicationContext("applicationContext.xml");
userService = (UserService) Application.context.getBean("userService");
User user = userService.getUserById(userId);
return user;
}
#RequestMapping(value = "/user/add")
#ResponseBody
User signUpUser(#RequestBody User user ) {
// Don't really know what to do...
userService = (UserService) Application.context.getBean("userService");
return user;
}
}
And now for the frontend projects I implemented the same User class. And I wrote a UserDAO UserManager and UserController classes:
//UserDAO.java
#Repository("userDAO")
public class UserDAOImpl implements UserDAO{
#Override
public ArrayList<User> getUsers() {
//User[] users = new RestTemplate().getForEntity(WebService.getWebServiceUrl() + "users", User[].class).getBody();
ArrayList<User> user = new RestTemplate().getForEntity(WebService.getWebServiceUrl() + "listusers", ArrayList.class).getBody();
return (user);
//return Arrays.asList(users);
}
#Override
public User getUserById(String userId) {
User user = new RestTemplate().getForEntity(WebService.getWebServiceUrl() + "user/" + userId, User.class).getBody();
return user;
}
#Override
public void insertUser(User user) {
// doesn't work
RestTemplate template = new RestTempl ate();
template.postForObject(WebService.getWebServiceUrl() + "user/add",user, String.class);
System.out.println(user.toString());
}
}
//UserController.java
#Controller
public class UserController {
private static final Logger logger = LoggerFactory.getLogger(UserController.class);
private UserService userService = new UserServiceImpl();
#RequestMapping(value = "/listusers", method = RequestMethod.GET)
public String listUsers(#RequestParam(required=false)Locale locale, Model model) {
logger.info("Users page", locale);
ArrayList<User> users = userService.getUsers();
model.addAttribute("users", users);
return "listusers";
}
#RequestMapping(value = "/user/{user_id}", method = RequestMethod.GET)
public String singleUser(#RequestParam(required=false)Locale locale,
Model model,HttpServletRequest request, #RequestParam String id) {
logger.info("User page", locale);
User user = userService.getUserById(id);
model.addAttribute("user", user);
return "user";
}
#RequestMapping(value = "/signup", method = RequestMethod.GET)
public String listPersons(Model model) {
model.addAttribute("user", new User());
return "signup";
}
//For add and update person both
#RequestMapping(value= "/user/add", method = RequestMethod.POST)
#ResponseBody
public void saveUser(Model model, #ModelAttribute("user") User u){
RestTemplate rt = new RestTemplate();
rt.getMessageConverters().add(new MappingJacksonHttpMessageConverter());
rt.getMessageConverters().add(new StringHttpMessageConverter());
String uri = new String(WebService.getWebServiceUrl() + "user/add");
User user = new User();
user = u;
User returns = rt.postForObject(uri, u, User.class);
}
}
The get requests work: I get to display my list of users. But my problem is that I can't get to pass data from the frontend part to the backend webservice part with a post request... I'have been trying several solutions but I think there is something wrong with something else.
I'm kinda new in the world of JavaEE applications. Can someone help me or guide me to a solution ?
In the Frontend UserDAO:
public ArrayList<User> getUsers() {
ArrayList<User> user = new RestTemplate().getForEntity(WebService.getWebServiceUrl() + "listusers", ArrayList.class).getBody();
return (user);
}
This code allows to request the server through the uri "/listuser". On the frontEnd UserController you can see the function that call getUsers():
#RequestMapping(value = "/listusers", method = RequestMethod.GET)
public String listUsers(#RequestParam(required=false)Locale locale, Model model) {
logger.info("Users page", locale);
ArrayList<User> users = userService.getUsers();
model.addAttribute("users", users);
return "listusers";
}
And then in the backend the function that route this url:
#RequestMapping(value = "/listusers")
List<User> getAllUser() {
Application.context = new ClassPathXmlApplicationContext("applicationContext.xml");
userService = (UserService) Application.context.getBean("userService");
List<User> users = userService.getUsers();
return users;
}
After this, teh backend UserDAO class access to database.
You may want to take a look at the URL you are posting to at the frontend. You are using the same URL for posting to frontend (UserDAO) and backend (UserController) : WebService.getWebServiceUrl()
[EDIT]
You have two POST services as /user/add/ , If you are exposing them on the same url, it is a conflict. Probably your backend will be hosted on another port or another server. You should use that url to hit the backend service from frontend.
[EDIT 2]
Yes for listusers you are not making a REST call from frontend. You are calling the JAVA API userService. But for add user, you are making a REST call from frontend to backend once again