spring security authentication different profiles and permissions with hibernate and jsf - spring

i want to authenticate the users using spring security. i'm using hiebrnate and jsf.
the problem is in the different tutorials that i saw online there is just one role. but in my case i have a different database with permissions and profiles
Table User
user id
profile id
login
password
Table profile
profile_id
profile
Table action or permission
action_id
action
profile_id
I am wondering if anyone knows how to implement this or knows some good tutorials.

if you want to manage your user role, groups and permissions, you could see the Spring Security documentation about schema.
Here some snippets and details on the above link :
create table users(
username varchar_ignorecase(50) not null primary key,
password varchar_ignorecase(50) not null,
enabled boolean not null);
create table authorities (
username varchar_ignorecase(50) not null,
authority varchar_ignorecase(50) not null,
constraint fk_authorities_users foreign key(username) references users(username));
create unique index ix_auth_username on authorities (username,authority);
create table groups (
id bigint generated by default as identity(start with 0) primary key,
group_name varchar_ignorecase(50) not null);
create table group_authorities (
group_id bigint not null,
authority varchar(50) not null,
constraint fk_group_authorities_group foreign key(group_id) references groups(id));
create table group_members (
id bigint generated by default as identity(start with 0) primary key,
username varchar(50) not null,
group_id bigint not null,
constraint fk_group_members_group foreign key(group_id) references groups(id));

Related

Unable to extract JDBC value for position `3`

I am switching from MYSQL to ORACLE.
I have JPA Authentication setup like this:
#Override
#Transactional(readOnly = true)
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
AppUser user = userRepository.findByUseremailIgnoreCase(email);
With MySQL all works fine. But for Oracle, during login using JPA authentication I am getting this exception.
org.springframework.security.authentication.InternalAuthenticationServiceException: Unable to extract JDBC value for position `3`
Followed by these exceptions:
Caused by: org.springframework.orm.jpa.JpaSystemException: Unable to extract JDBC value for position `3`
Caused by: java.sql.SQLException: Invalid conversion requested
Caused by: java.lang.IllegalArgumentException: Timestamp format must be yyyy-mm-dd hh:mm:ss[.fffffffff]
Any clue what I am missing and where to debug?
My table structure is as per below:
create table CONTENTPLUSPLUS.app_user (
id NUMBER GENERATED ALWAYS as IDENTITY(START with 1 INCREMENT by 1) NOT NULL,
useremail VARCHAR(150) NOT NULL,
userpassword VARCHAR(150) NOT NULL,
useruuid VARCHAR(50) NOT NULL,
userfirstname VARCHAR(150) NOT NULL,
userlastname VARCHAR(150) NOT NULL,
userenabled NUMBER(1) DEFAULT 0 NOT NULL,
created_by VARCHAR(150) NOT NULL,
created_date VARCHAR(150) NOT NULL,
modified_by VARCHAR(150) NOT NULL,
modified_date VARCHAR(150) NOT NULL,
CONSTRAINT appuser_pk PRIMARY KEY (id), UNIQUE (useremail, useruuid));
create table CONTENTPLUSPLUS.app_role(
id NUMBER GENERATED ALWAYS as IDENTITY(START with 1 INCREMENT by 1) NOT NULL,
name VARCHAR(150) NOT NULL,
CONSTRAINT approle_pk PRIMARY KEY (id),UNIQUE (name));
CREATE TABLE CONTENTPLUSPLUS.app_department (
id NUMBER GENERATED ALWAYS as IDENTITY(START with 1 INCREMENT by 1) NOT NULL,
departmentuuid VARCHAR(150),
departmentheadname varchar(255) NOT NULL,
departmentheademail varchar(255) NOT NULL,
departmentname varchar(255) NOT NULL,
userid NUMBER NOT NULL,
created_by VARCHAR(150) NOT NULL,
created_date VARCHAR(150) NOT NULL,
modified_by VARCHAR(150) NOT NULL,
modified_date VARCHAR(150) NOT NULL,
CONSTRAINT appdepartment_pk PRIMARY KEY (id),UNIQUE (departmentname, departmentuuid));
CREATE TABLE CONTENTPLUSPLUS.app_user_department (
userid NUMBER NOT NULL,
departmentid NUMBER NOT NULL
);
ALTER TABLE CONTENTPLUSPLUS.app_user_department ADD CONSTRAINT FK_AUSERDEPTUSERID FOREIGN KEY (userid) REFERENCES app_user (id);
ALTER TABLE CONTENTPLUSPLUS.app_user_department ADD CONSTRAINT FK_AUSERDEPTDEPTID FOREIGN KEY (departmentid) REFERENCES app_department (id);
ALTER TABLE CONTENTPLUSPLUS.app_department ADD CONSTRAINT FK_AUSERUSERID FOREIGN KEY (userid) REFERENCES app_user (id);
CREATE TABLE CONTENTPLUSPLUS.app_user_role (
id NUMBER GENERATED ALWAYS as IDENTITY(START with 1 INCREMENT by 1) NOT NULL,
userid NUMBER NOT NULL,
roleid NUMBER NOT NULL,
CONSTRAINT appuserrole_pk PRIMARY KEY (id));
ALTER TABLE CONTENTPLUSPLUS.app_user_role ADD CONSTRAINT FK_AURUSERID FOREIGN KEY (userid) REFERENCES app_user (id);
ALTER TABLE CONTENTPLUSPLUS.app_user_role ADD CONSTRAINT FK_AURROLEID FOREIGN KEY (roleid) REFERENCES app_role (id);
Below is the query which gets fired during the login operation (shows up only for MySQL):
Hibernate:
select
a1_0.id,
a1_0.created_by,
a1_0.created_date,
a1_0.modified_by,
a1_0.modified_date,
a1_0.useremail,
a1_0.userenabled,
a1_0.userfirstname,
a1_0.userlastname,
a1_0.userpassword,
a1_0.useruuid
from
app_user a1_0
where
upper(a1_0.useremail)=upper(?)
Hibernate:
select
r1_0.userid,
r1_1.id,
r1_1.name
from
app_user_role r1_0
join
app_role r1_1
on r1_1.id=r1_0.roleid
where
r1_0.userid=?
You map Date in Java with VARCHAR2 in SQL: bad idea. You probably get lucky with the default conversion format of TS and the locale in MySQL: back to my first comment... look at the SQL Office Hours session code...

I can`t see my created tables in HSQLDB, what could be the issue?

My environment is HSQLDB, Maven and spring-boot.
I have created 2 entity POJOs. I do see the CREATE TABLE command under testedb.log file. But when I open Data Source Explorer in Eclipse, I can`t see my tables, albeit I do see all the system tables.
I have looked at this question too, but no vail: Where can I see the HSQL database and tables
Here is my partial pom.xml:
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.4.0</version>
<scope>runtime</scope>
</dependency>
Here is my partial application.properties:
# DataSource
#spring.datasource.driverClassName=org.hsqldb.jdbc.JDBCDriver
spring.datasource.url=jdbc:hsqldb:file:resources/db/testedb;DATABASE_TO_UPPER=false
#spring.datasource.url=jdbc:hsqldb:mem:memTestdb
spring.datasource.username=sa
spring.datasource.password=
# Hibernate
spring.jpa.show-sql=true
#spring.jpa.hibernate.ddl-auto=create-drop
spring.jpa.hibernate.ddl-auto=create
And below is my HSQLDB created on disk:
HSQLDB folder in my workspace
Here is my partial testedb.script:
SET FILES LOG SIZE 50
CREATE USER SA PASSWORD DIGEST 'd41d8cd98f00b204e9800998ecf8427e'
ALTER USER SA SET LOCAL TRUE
CREATE SCHEMA PUBLIC AUTHORIZATION DBA
SET SCHEMA PUBLIC
CREATE SEQUENCE PUBLIC.HIBERNATE_SEQUENCE AS INTEGER START WITH 1
CREATE MEMORY TABLE PUBLIC.ENQUIRY_HISTORY(ID BIGINT NOT NULL PRIMARY KEY,FROM_AMOUNT DOUBLE NOT NULL,FROM_CURRENCY VARCHAR(255) NOT NULL,QUERY_DATE TIMESTAMP NOT NULL,TO_AMOUNT DOUBLE NOT NULL,TO_CURRENCY VARCHAR(255) NOT NULL,USER_ID BIGINT NOT NULL,VERSION INTEGER NOT NULL)
CREATE MEMORY TABLE PUBLIC.USERS(ID BIGINT NOT NULL PRIMARY KEY,EMAIL VARCHAR(255) NOT NULL,LAST_LOGIN TIMESTAMP NOT NULL,PASSWORD VARCHAR(255) NOT NULL,VERSION VARCHAR(255) NOT NULL)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 1
ALTER SEQUENCE PUBLIC.HIBERNATE_SEQUENCE RESTART WITH 1
SET DATABASE DEFAULT INITIAL SCHEMA PUBLIC
GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.SQL_IDENTIFIER TO PUBLIC
Please see above that the CREATE TABLE contains the word MEMORY even though I have created file DB.
And by testsdb.log:
/*C12*/SET SCHEMA PUBLIC
drop table enquiry_history if exists
drop table users if exists
drop sequence hibernate_sequence if exists
create sequence hibernate_sequence start with 1 increment by 1
create table enquiry_history (id bigint not null, from_amount float not null, from_currency varchar(255) not null, query_date timestamp not null, to_amount float not null, to_currency varchar(255) not null, user_id bigint not null, version integer not null, primary key (id))
create table users (id bigint not null, email varchar(255) not null, last_login timestamp not null, password varchar(255) not null, version varchar(255) not null, primary key (id))
/*C14*/SET SCHEMA PUBLIC
DISCONNECT
/*C17*/SET SCHEMA PUBLIC
And Finally here is my screen shot of Database
Data Source Explorer
Any pointer will be awesome, thanks for your time.
file and mem are in-process modes. For testing/debugging, if you need concurrent access to data from another process, start database in Server mode.
Check various available modes here.
I was able to see the tables using in build HSQLDB interface, now a fancy one but it still works for me.
I used the following [listed in this answer https://stackoverflow.com/a/35240141/8610216]
java -cp /path/to/hsqldb.jar org.hsqldb.util.DatabaseManager
And then specify path your database:
jdbc:hsqldb:file:mydb
There was one more thing that I was doing incorrect; it was the path of the db. The correct path is spring.datasource.url=jdbc:hsqldb:file:src/main/resources/db/userx;DATABASE_TO_UPPER=falsein application.properties.

multi level login, and restricted area on code igniter

i have problem to proces multi level log in and restristed area
there will be 2 type of user: admin and user (common), when a user register they fill form : username, email, and city. --> acces will be set as NULL. for admin acces will be st to 1 (manually)
table users:
CREATE TABLE IF NOT EXISTS users (
id int(11) NOT NULL AUTO_INCREMENT,
username varchar(255) NOT NULL,
password varchar(255) NOT NULL,
acces' varchar(5),
'city varchar(25) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=17 ;
table event :
CREATE TABLE IF NOT EXISTS events (
id int(11) NOT NULL AUTO_INCREMENT,
event varchar(255) NOT NULL,
'cityvarchar(25) NOT NULL,
PRIMARY KEY (id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=17 ;
the problems are:
1. when a user want to log in, they fill 2 form : email and password.
2. how to to check if they user or admin
3. if they log in as user, they will be directed to their 'city'. the 'city' will be same to the city when they register.
i really appreciate all possible solution to my problems..
thanks all
Regards.
Simply add a third table with 'roles', that assigns a user with a role.
instead of checking for the user login, You can limit functions/controllers to rules.
if(user_has_role('admin'))
You can with some minor effort expand this to multiple roles per user, with each role having it's own permissions etc., there are also several premade libraries for this sort of functionality.
Just google around for user libraries.

Can I use spring security without username or password?

I need to make sso for applications and combile user table.
I want to use spring security with email authentication, without username or password.
How can I do this?
My limittations:
Single user can authenticate with multiple emails (Like github)
User can manage all authentication state and expire specific authentication. (In profile page)
No password. No string username or id. (Because no service supports basic login)
--- EDIT ---
OAuth 2.0 / 1.0a Authentication
Generated scheme:
(Is this proper for this case?)
create table hib_authentication (
id BIGINT UNSIGNED not null auto_increment,
firstAuthenticatedTime TIMESTAMP DEFAULT CURRENT_TIMESTAMP not null,
ip VARBINARY(16) not null,
browser VARBINARY(24) not null,
lastAuthenticatedTime TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP not null,
user_id INT UNSIGNED not null,
primary key (id)
) ENGINE=InnoDB;
create table hib_user (
id INT UNSIGNED not null auto_increment,
country SMALLINT UNSIGNED not null,
created TIMESTAMP DEFAULT CURRENT_TIMESTAMP not null,
locale varchar(255) not null,
timeZone varchar(255) not null,
primary key (id)
) ENGINE=InnoDB;
create table hib_user_email (
id BIGINT UNSIGNED not null auto_increment,
email varchar(255) not null,
user_id INT UNSIGNED not null,
primary key (id)
) ENGINE=InnoDB;
create index index_to_get_authentication_by_user on hib_authentication (user_id);
alter table hib_user_email
add constraint UK_isuygi7fmcwnlht8f4plckt6n unique (email);
create index index_to_search_email_by_user on hib_user_email (user_id);
alter table hib_authentication
add constraint authentication_belongs_to_user
foreign key (user_id)
references hib_user (id);
alter table hib_user_email
add constraint email_belongs_to_user
foreign key (user_id)
references hib_user (id);

Referencing foreign keys across different users

I'm referencing a key that is part of another user:
Example:
create table emp
( name char(10)
, empid char(10)
, dob date
, phone char(14)
, primary key(empid)
, foreign key phone
references (user2.contacts)
);
where user2 holds a table which has phone as the primary key.
How can I achieve this?
USER2 needs to grant your user the REFERENCES privilege on their table.
grant references on contacts to user1
/
Note that, unlike other privileges, REFERENCES must always be granted directly. USER1 will not be able to create a foreign key if the privilege is granted through a role.
The syntax for foreign keys requires us to include the primary key (or at least a unique key) column in the reference:
create table emp
( name char(10)
, empid char(10)
, dob date
, phone char(14)
, constraint emp_pk primary key(empid)
, constraint emp_contact foreign key (phone)
references (user2.contacts.phone) );
It is good practice to explicity name our constraints, as the system-generated names are a pain to work with.
it should be like this:
create table emp
( name char(10)
, empid char(10)
, dob date
, phone char(14)
, primary key(empid)
, foreign key phone
references user2.contacts)
);

Resources