I have created an entity with the help of the Yeoman generator. I chose not to create a DAO. The entity has a relationsship with User.
Now when I create an object I get to choose owner in a dropdown, but I would want to set owner to the currently logged on user. What's the best approach to do this?
I have tried
#Autowired
private Authentication authentication;
and
activity.setOwner((User) authentication.getPrincipal());
in the Resource Class, but this throws this exception
Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.springframework.security.core.Authentication
Regards
Mattias
Well, I think all of your problem is in getting the current user.
So what make you stop from using the your.package.security.SecurityUtils.getCurrentLogin()?.
The above code will give you the login name. If you need either id or the user object as a whole, then you will need to fetch from DB. You can also use UserService to do so.
Related
When deploying a JavaEE application as a WAR file (using the WAS Liberty Profile application server), the mappings between application roles and user groups are defined in server.xml. We have chosen to implement security by means of an EJB bean interceptor that compares the permissions stated on a method annotation with a set of permissions that are assigned to user.
This idea is based on an an original article in Java Magazine (Secure Java EE Authentication," Java Magazine, January/February 2013).
To take the idea further, we want to map the roles associated with the user to a more granular set of permissions. Unfortunately there is (currently) no way easy to obtain the list of roles associated with a user. Two suggested methods are proposed in this stack overflow article by #Josh and #Steve.
It struck me that if I can obtain the list of roles defined by the #DeclareRoles() annotation, I could use the request.isUserInRole(role) method for each of these roles without having to maintain a separate list of roles myself.
Has anyone used this method, or are there better methods to implement a finer grained security model since the article was written?
Well, you can certainly do something like:
#Stateless
#LocalBean
#DeclareRoles({ ROLE1, ROLE2, ROLE3 })
public class IsCallerInRoleDemoSessionBean {
#Resource
private SessionContext sessionContext;
#PermitAll
public Set<String> discoverRoles() {
Set<String> roleNames = new HashSet<>();
DeclareRoles declaredRoles = IsCallerInRoleDemoSessionBean.class.getAnnotation(DeclareRoles.class);
for (String roleName : declaredRoles.value())
if (sessionContext.isCallerInRole(roleName))
roleNames.add(roleName);
return roleNames;
}
}
This is from an old Arquillian Security Demo I did for someone a few years ago.
Ideally, this would also examine super-classes as well.
I’m a complete JHipster beginner and I want to create my first own JHipster application, but I got a problem that I’m not able to solve.
Firstly, I generated my app with following settings:
-Monolithic application
then I chose a base name and a default Java package of my app and HTTP Session Authentication.
Later, I chose following:
-SQL, MYSQL, MYSQL, Yes, with ehcache, Gradle, CSS preprocessor : Yes, Internationalization: Yes, Testing framework: Gatling
And to that moment everything looked fine , then I wanted to create my entity as follows:
Yo jhipster:entity activitylist
and I added three fields:
-activityname (String), acitivitydate (LocalDate) and rating (Integer) and then I added relationship with entity user, type: many to one.
Afterwards
I used yo jhipster:entity user and I added following fields: login(String), name(String), surname(String) and added relationship one to many with field user.
However, everytime when I tried to run it with docker I got compile Java Failure and following warnings:
warning: Unmapped target property: "authorities".
UserDTO userToUserDTO(User user);
error: Unknown property "password" in return type.
User userDTOToUser(UserDTO userDTO);
I would appreciate any help.
The problem with your app is the name of your entity: user.
You need to change the name of this entity because when You name it as following You create a new Java class : User, however JHipster has its own built-in User Java class which is located in src/main/java/domain folder.
This class has its own getter, setter methods and mapper which operation is affected when your entity „user" is created.
You can notice this fact in Your warnings when compiler informs You that it encountered unknown properties in Your return type in User userDTOToUser. I would strongly recommend You changing name of the user entity and everything else should work fine.
I've created a plugin to set some custom fields on the businessunit entity when it's created.
I registered the plugin and confirmed the context message is Create.
Now, when I create a new businessunit, I get the exception message "Expected only one default business unit team".
I'm not setting the default team and even went so far as to remove the attribute before I save the entity.
The problem was I was running in the context of Create and calling Update to save but the entity that hadn't been officially created yet.
I removed the Update() function because CRM will save my added attributes when it creates the record.
I have a simple application using the Play! framework's secure module. My 'Users' controller extends CRUD and is protected by #Check('admin'), so users have to be admins to access CRUD methods. However, I'd like anyone to be able to create new Users-- like a "Sign Up" or "Register" button.
What is a good way to do this, given that all of my Users methods except Create should be protected? Can I apply #Check("admin") to individual methods?
Here is my Users controller:
package controllers;
import play.*;
import play.mvc.*;
#Check("admin")
#With(Secure.class)
public class Users extends CRUD {
};
What is a good way to do this, given that all of my Users methods except Create should be protected?
In my practice, I create new controller in another package with the same name for doing this.
For example,
So, I think the best way is you should put Sign up method in the Non-Admin.
After I find some reference, this link has same idea with you and the answer of this topic is like what I said.
Can I apply #Check("admin") to individual methods?
Yes, you can. But you need to use #With(Secure.class) in that controller first.
You can see the example in Secure Module Documentation.
i am adding a new method into CalEventLocalServiceImpl using hook...
my code is ..
public class MyCalendarLocalServiceImpl extends CalEventLocalServiceWrapper {
public MyCalendarLocalServiceImpl(CalEventLocalService calEventLocalService) {
super(calEventLocalService);
// TODO Auto-generated constructor stub
}
public List getUserData(long userId) throws SystemException{
DynamicQuery query=DynamicQueryFactoryUtil.forClass(CalEvent.class)
.add(PropertyFactoryUtil.forName("userId").eq(userId));
List deatils=CalEventLocalServiceUtil.dynamicQuery(query);
return deatils;
}
}
liferay-hook.xml:
<service>
<service-type>
com.liferay.portlet.calendar.service.CalEventLocalService
</service-type>
<service-impl>
com.liferay.portlet.calendar.service.impl.MyCalendarLocalServiceImpl
</service-impl>
</service>
my question is how to use getUserData from jsp file.
Can anybody help me out....
i think u didn't gt my question...i want list of events based on USERID from Calendar ...to achieve this task what i need to do??
I assume getUserData() is not overridden but a new method (can't look up currently). This is not what you can do when overriding a service. Instead you'd have to add a new Service and make it available to the portal.
Remember that a customized ("hooked") jsp is running in the portal classloader, while your overloaded service is running in the hook's classloader. Thus, if you create a new service and make the service.jar available to Liferay (e.g. on the global classpath) you can call it from JSPs. The interface of Liferay services can not be extended through an overloaded service.
In case getUserData() is already in the interface (as I said I can't look up currently), you just need to call the CalendarLocalServiceUtil from your jsp and it will be delegated to your wrapper.
Just to add to Olaf's answer and comments...
if you you want to extend CalEventLocalService service with just "getUsetData" and use it in one jsp than building your own service might be overkill. Simply put your code from "getUserData" in jsp. Otherwise follow Olaf's suggestions.