naturalprogrammer / spring-lemon Goto Github PK

View Code? Open in Web Editor NEW

705.0 61.0 181.0 1.43 MB

Helper library for Spring Boot web applications

License: Other

Java 82.48% JavaScript 11.19% HTML 6.06% CSS 0.27%

java spring-lemon spring-framework rest-api spring-mvc spring-security spring-boot

spring-lemon's People

Contributors

Stargazers

Watchers

Forkers

gitter-badger kingchang josephmokenela edydkim yanqzsu shubhamsmhaske aungmyo georggr charques pozuelog narayanapk ttinana liminzhang luiz158 jornason rockyadi malloy1121 lcamilo15 ikane tntcoding codingcreeks killthatbird nagillavenkatesh tosavola wrapperclass fhferreira griand xiewenya nguyenthanhthai huynhduy9988 skm9380 mahesh223 bgao-ca rohitcs079 jamindy leiurus17 vishalbansod thomasdarimont ragutheva makdeniss z3r0 sakhtar1979 ishara jamesyangwang sefacihangir pulku vinayshivagange adityapai2398 referthepointer henrier ozinal transfusion rasoul26 sarbastjundi hhywangwei baobao211195 esthermc celist sbilello ahmedomarjee brownstonetech sathishs007 vinaypuranik ugurkaya88 dongjigong ojaynico l-ejs-l apersonw nangal nchall sushantgharote rusubogdan khinex purnachand99 kaziabidazad arturbumbu sfed deepshah21 bigtreemin manosbatsis etsangsplk domsteil peturv ssmichae acherbas schroedermatt raouf25 philippewanner ghostflare76 gauravnavgire cfqzero murali198 hhy5277 thaingo chingloong cxe4u kezhevatov sffej sindiazi sheeraz21

spring-lemon's Issues

I want to use the spring-lemon-exceptions module in my project. How can I introduce it?

Use @PostLoad for computing transient User fields

Currently we are calling the decorate method of User manually. Why not have a @PoasLoad method for it?

APK installed with permissions but appears offline in manager

Howdy, i installed the apk on my device with all possibile permissions and the device appears offline in the l3mon manager when i tried it on an emulator it worked, i'm running the server on a virtual machine perhaps that's it, if not any other ideas?

@EnableTransactionManagement seems redundant

@EnableTransactionManagement on LemonAutoConfiguration seems redundant. Remove it and test that transactions are working properly.

Lemon & Spring cloud?

What about Spring Cloud cooperation? I mean Spring Lemon its more for monolith, or it have some ineraction with Spring Cloud

Custom redirect url stopped working

Unfortunately custom redirects stopped working for me.
I'm no longer able to do custom redirects like this:
GET /oauth2/authorization/google?lemon_redirect_uri=http://your-front-end-app-url/dynamic-social-login-success?token=

The cookie is being set correctly in the browser.
I'm currently on the RC1 release.

Restrict Spring Security maximum sessions, and force logout when roles change

Allow application developers to restrict the number of maximum login sessions for a user by using a property such as lemon.security.max-sessions: 5. A default, say 5, can be set.

Coding this feature will also allow us to go a step further and force logout a user when an admin alters his roles.

References:

http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#concurrent-sessions
spring-projects/spring-boot#1537
https://jira.spring.io/browse/SEC-3069

I think we need to add some code to LemonSecurityConfig, like this:

@Override
protected void configure(HttpSecurity http) throws Exception {

     http
          ...
      .sessionManagement()
        .maximumSessions(10)
        .sessionRegistry(sessionRegistry());
     ...
}

/**
 * Until https://jira.spring.io/browse/SEC-2855
 * is closed, we need to have this custom sessionRegistry
 */
@Bean
public SessionRegistry sessionRegistry() {
    SessionRegistry sessionRegistry = new SessionRegistryImpl();
    return sessionRegistry;
}

/**
 * Register HttpSessionEventPublisher. Note that it is declared
 * static to instantiate it very early, before this configuration
 * class is processed.
 * 
 * See http://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html
 * for how to add a ServletContextListener.
 * 
 * See http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/context/annotation/Bean.html
 * for how static instantiation works.
 */
@Bean
public static ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
    return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}

But, for scaling up, won't we need to have our own SessionRegistry implementation, say JPA based, instead of SessionRegistryImpl, which is the in-memory based? I also noticed that SessionRegistryImpl only listens to SessionDestroyedEvent. Should not it be listening to SessionCreatedEvent as well? Need to study more.

no sample working

Hello, I really like what you are trying to do in this project but unfortunately, I could not manage to run any of the application. Neither the JPA one nor the reactive one. Is it possible that you make a standalone project (not modular) which just start running with mvn spring-boot: run command? I would highly appreciate that. Thanks.

Update CORS handling as per Spring Boot 1.3

As per this post and the documentation, Spring Boot 1.3 should make it easier to configure CORS.

I tried to configure it this way:

@Configuration
@ConditionalOnProperty(name="lemon.cors.allowedOrigins")
public class CorsConfig extends WebMvcConfigurerAdapter {

    private final Log log = LogFactory.getLog(getClass());

    @Autowired
    LemonProperties properties;

    @Override
    public void addCorsMappings(CorsRegistry registry) {

        log.debug("Configuring CORS");

        Cors cors = properties.getCors();

        registry.addMapping("/**")
            .allowedOrigins(cors.getAllowedOrigins())
            .allowedMethods(cors.getAllowedMethods())
            .allowedHeaders(cors.getAllowedHeaders())
            .exposedHeaders(cors.getExposedHeaders())
            .maxAge(cors.getMaxAge())
            .allowCredentials(true);
    }   
}

But it did not work for security related requests, e.g. /login and /logout. Looking at Spring Security code, I felt that DefaultCorsProcessor.handleInternal is not getting called for these.

I then found a CorsFilter, whose JavaDoc says

This is an alternative to Spring MVC Java config and XML namespace CORS configuration, useful for applications depending only on spring-web (not on spring-webmvc) or for security constraints requiring CORS checks to be performed at Filter level.

I then tried to configure it as a highest ordered filter, like this:

@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter extends CorsFilter {

    private final Log log = LogFactory.getLog(getClass());

    @Autowired
    public SimpleCorsFilter(CorsConfigurationSource configSource) {
        super(configSource);
        log.debug("Created SimpleCorsFilter");
    }
}

Still no luck. Maybe we should wait for sometime till things stabilize.

Change message keys - remove .spring.

E.g. com.naturalprogrammer.spring.invalidLink should become com.naturalprogrammer.invalidLink

How to use redirect cookie

I tried to use cookie from LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME

but this is not working..

How to use this?

Device Go offline after connecting initially

I created a host on google cloud to test the system, everything works fine until the client connects and the it gets disconnected and goes offline. I have no idea why it does that or maybe google is doing deep packet inspection and dropping the packets for l3mon.

I also observed there is no means to trouble shoot your connected devices and see if its from the client or the server. also there is no means to delete added clients

Non existent Maven repo in the Spring-Lemon documentation

spring-lemon-exceptions isn't published in Maven Central (why not?). There's an SO question about this in 2016 https://stackoverflow.com/q/36316717/839733.
The Maven repo shown in the docs returns 404.
https://github.com/naturalprogrammer/spring-lemon/wiki/Spring-Lemon-Exceptions-Guide#adding-to-your-spring-boot-project

<repositories>

    <repository>
        <id>naturalprogrammer</id>
        <url>https://naturalprogrammer.github.io/mvn-repository</url>
    </repository>
    ...
</repositories>

Makes me question whether there is a serious commitment to maintaining this project, or it's just someone's weekend project.

Broken image link in Spring Lemon Exceptions guide

https://github.com/naturalprogrammer/spring-lemon/wiki/Spring-Lemon-Exceptions-Guide#coding-exception-handlers

Spring Lemon already comes with a rich set of exception handlers:

Spring Lemon exception handler hierarchy <--- Broken link

Allow projects to choose their ID generator

AbstractUser pretty much bars applications from using their own ID generator, as it extends LemonEntity > AbstractPersistable, with the latter defining the ID member and JPA annotations. It would be much preferable to provide an interface VS AbstractUser or otherwise not include the id member definition within it or it's superclasses. In short, users should be able to:

// OR:  implements LemonUser<Integer>
public class User extends AbstractUser<Integer> {
	@Id
	@GeneratedValue(strategy = GenerationType.IDENTITY)
	private Integer id;
}

Code unit tests for exceptions module

Need to extend SimpleUrlAuthenticationFailureHandler

.failureHandler(new SimpleUrlAuthenticationFailureHandler()) no longer return JSON. Instead, it return a html page.

Try a post to /api/core/login with wrong credential return a HTML instead of JSON

LemonAuthenticationFailureHandler need to be implemented

Issue adding updateUserFields in service class.

Description Resource Path Location Type
The type UserDto is not generic; it cannot be parameterized with arguments MatapaService.java /matapa/src/main/java/mahi/tanvi/pandu line 48 Java Problem

Configure Spring security to handle the new exceptionhandling

No need to cache AbstractUser.authorities

OAuth2 Authentication

How to spring gateway?

How to integrate the spring-Lemon-exceptions module in the spring gateway?

Reactive Auditing

spring-lemon/spring-lemon-commons-reactive/src/main/java/com/naturalprogrammer/spring/lemon/commonsreactive/security/LemonReactiveAuditorAware.java

Lines 29 to 31 in ca2e567

    
           // TODO: Can't return a mono, as below 
        
           // So, sorry, no reactive auditing until Spring Data supports it 
        
           // return LecrUtils.currentUser();

My suggestion to solve the lack of support in Spring Data:

https://juliuskrah.com/blog/2018/02/15/auditing-with-spring-data-jpa/#comment-4848839807

Adding parameters for login

Hello
First of all thanks for the awesome library.
Please help me in adding or updating parameters for login. I have read about custom login pages. I can't seem to understand how to do that here.

Thanks
Abhinav

Remove Thread.sleep in tests with CountdownLatch or CyclicBarrier

exception when trying to register

I am using spring lemon for user registration. It used to work fine, but for some reason I started getting some cryptic exceptions. It seems like I don't follow some kind of constraint on the user data but I have no idea which one. This is the stack trace:

javax.validation.ConstraintViolationException: null
    at org.springframework.validation.beanvalidation.MethodValidationInterceptor.invoke(MethodValidationInterceptor.java:136) ~[spring-context-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69) ~[spring-security-core-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) ~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) ~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) ~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at com.speakez.iqr.server.services.MyService$$EnhancerBySpringCGLIB$$ac63ae44.signup(<generated>) ~[classes/:1.0.0]
    at com.naturalprogrammer.spring.lemon.LemonController.signup(LemonController.java:103) ~[spring-lemon-0.12.0.jar:0.12.0]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) ~[servlet-api.jar:na]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[servlet-api.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-websocket.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at com.naturalprogrammer.spring.lemon.security.LemonTokenAuthenticationFilter.doFilter(LemonTokenAuthenticationFilter.java:95) ~[spring-lemon-0.12.0.jar:0.12.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:197) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at com.naturalprogrammer.spring.lemon.security.LemonTokenAuthenticationFilter.doFilter(LemonTokenAuthenticationFilter.java:95) ~[spring-lemon-0.12.0.jar:0.12.0]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60) ~[spring-security-oauth2-2.0.13.RELEASE.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at com.naturalprogrammer.spring.lemon.security.LemonCorsFilter.doFilterInternal(LemonCorsFilter.java:86) ~[spring-lemon-0.12.0.jar:0.12.0]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
    at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
    at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
    at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [catalina.jar:8.5.15]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.15]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [catalina.jar:8.5.15]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.15]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [catalina.jar:8.5.15]
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) [catalina.jar:8.5.15]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.15]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:8.5.15]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-coyote.jar:8.5.15]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.15]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-coyote.jar:8.5.15]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-coyote.jar:8.5.15]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.15]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_131]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_131]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.15]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]

Spring boot integration

Is Spring Boot have some planes about integration of Spring Lemon?
And about Kotlin, could i use it with my Kotlin Spring Boot App?

lemon-demo-reactive test fails when run first time

Running tests on lemon-demo-reactive requires mongodn to be running locally, and even then fails when run first time, If you run it second time, it passes.

Looks like it requires lemontest database to pre-exist. Couldn't we fix it by creating it beforehand? Or better yet, would be great if we could point it to an in-memory DB, or Docker or do something robust about it.

Technical hint: See the @SpringBootTest annotations on AbstractTests, and also MyTestUtils.initDatabase.

How to add more roles?

Hi!
I have seen the Role interface in com.naturalprogrammer.spring.lemon.commons.security.UserDto.UserUtils, I would like to be able to add more roles or customize the interface.

What could I do?

A hug!

Add OAuth2 signup/login to reactive project

Device not showing after the installation of the l3mon app and giving all permision of the device

Enable CORS at Filter Level

Presently CORS is configured for controllers, but not at filter level. I think best would be to wait for this ticket to have it enabled at ease: spring-projects/spring-security#4832

social login throwing 401 after changing google client ID and secret

After changing the client ID and secret the code returned by google is little different and social API is throwing 401.
Any help would be appreciated. Do let me know if any other info is required. Thanks in advance.

Replace use or mongoTemplate..block in tests with a method having subscribe..countdownLatch

Code validation for reactive JsonPatch user update

Divide spring-lemon into spring-lemon-commons, jpa and mongo (reactive)

Use lombok

Spring Social integration

adding a ManyToOne relationship to the user class

Hi,
I added another entity class to my project which is based on lemon-demo, and I am trying to add a ManyToOne relationship between the User class and the new class (LanguageServiceProvider).

User.java:

package com.naturalprogrammer.spring.lemondemo.entities;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.validation.constraints.Size;

import org.hibernate.validator.constraints.NotBlank;

import com.fasterxml.jackson.annotation.JsonView;
import com.naturalprogrammer.spring.lemon.domain.AbstractUser;

@Entity
@Table(name = "usr")
public class User extends AbstractUser<User, Long>
{

	private static final long serialVersionUID = 2716710947175132319L;

	public static final int NAME_MIN = 1;
	public static final int NAME_MAX = 50;

	public User()
	{
	}

	public User(String email, String password, String name)
	{
		this.email = email;
		this.password = password;
		this.name = name;
	}

	@JsonView(SignupInput.class)
	@NotBlank(message = "{blank.name}", groups = { SignUpValidation.class, UpdateValidation.class })
	@Size(min = NAME_MIN, max = NAME_MAX, groups = { SignUpValidation.class, UpdateValidation.class })
	@Column(nullable = false, length = NAME_MAX)
	private String name;

	private LanguageServiceProvider languageServiceProvider;

	public String getName()
	{
		return name;
	}

	public void setName(String name)
	{
		this.name = name;
	}

	@ManyToOne
	@JoinColumn(name = "lspId")
	public LanguageServiceProvider getLanguageServiceProvider()
	{
		return languageServiceProvider;
	}

	public void setLanguageServiceProvider(LanguageServiceProvider languageServiceProvider)
	{
		this.languageServiceProvider = languageServiceProvider;
	}

}

LanguageServiceProvider.java:

package com.naturalprogrammer.spring.lemondemo.entities;
// Generated Jun 8, 2017 9:59:22 AM by Hibernate Tools 5.2.3.Final

import static javax.persistence.GenerationType.IDENTITY;

import java.util.Set;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToMany;
import javax.persistence.Table;

/**
 * LanguageServiceProvider generated by hbm2java
 */
@Entity
@Table(name = "language_service_provider")
public class LanguageServiceProvider implements java.io.Serializable
{

	private Long idLanguageServiceProvider;
	private String ivrCode;
	private String name;
	private Set<User> users;

	public LanguageServiceProvider()
	{
	}

	public LanguageServiceProvider(String ivrCode, String name)
	{
		this.ivrCode = ivrCode;
		this.name = name;
	}

	@Id
	@GeneratedValue(strategy = IDENTITY)

	@Column(name = "id_language_service_provider", unique = true, nullable = false)
	public Long getIdLanguageServiceProvider()
	{
		return this.idLanguageServiceProvider;
	}

	public void setIdLanguageServiceProvider(Long idLanguageServiceProvider)
	{
		this.idLanguageServiceProvider = idLanguageServiceProvider;
	}

	@Column(name = "ivr_code", length = 16)
	public String getIvrCode()
	{
		return this.ivrCode;
	}

	public void setIvrCode(String ivrCode)
	{
		this.ivrCode = ivrCode;
	}

	@Column(name = "name", length = 128)
	public String getName()
	{
		return this.name;
	}

	public void setName(String name)
	{
		this.name = name;
	}

	@OneToMany(fetch = FetchType.LAZY, mappedBy = "languageServiceProvider")
	public Set<User> getUsers()
	{
		return users;
	}

	public void setUsers(Set<User> users)
	{
		this.users = users;
	}
}

When the server starts I am getting this exception:

Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: BLOB/TEXT column 'language_service_provider' used in key specification without a key length
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_131]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_131]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_131]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_131]
	at com.mysql.jdbc.Util.handleNewInstance(Util.java:425) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.Util.getInstance(Util.java:408) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:943) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2497) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1540) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2595) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1468) ~[mysql-connector-java-5.1.41.jar:5.1.41]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
	at org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:114) ~[tomcat-jdbc-8.5.14.jar:na]
	at com.sun.proxy.$Proxy115.executeUpdate(Unknown Source) ~[na:na]
	at org.hibernate.tool.schema.internal.TargetDatabaseImpl.accept(TargetDatabaseImpl.java:56) ~[hibernate-core-5.0.12.Final.jar:5.0.12.Final]
	... 72 common frames omitted

I looked inside mysql. For some reason a column named language_service_provider is created inside the usr table instead of lsp_id, and it is created as TINYBLOB instead of BIGINT. Is there any way to change this?

Facebook OAuth not returning expected 'email_verified' attribute

I've been trying to implement Spring Lemon into a project. However, when trying authentication through facebook there doesn't seem to be a 'verified' attribute in the response.
As a consequence, a null pointer is thrown in the LemonService class:
java.lang.NullPointerException: null
at com.naturalprogrammer.spring.lemon.LemonService.getOAuth2AccountVerified(LemonService.java:703) ~[spring-lemon-jpa-1.0.0.M8.jar:1.0.0.M8]

Other attributes such as name, email and id are returned by the facebook provider just fine.

I want to use the spring lemon exceptions module in my project. How can I introduce it?

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'lexUtils': Invocation of init method failed; nested exception is org.springframework.context.NoSuchMessageException: No message found under code 'com.naturalprogrammer.spring.notFound' for locale 'zh_CN'.

Login doesn't support UTF-8

Hi!
I faced the following issue using spring-lemon's authentication module. I've overriden the user model object and I added a 'username' column to it, and I use this as username at login.
When I add a user with special character (like ő or ű, these are often used characters in Hungarian), the authentication fails with the following response:
{"timestamp":1464383714327,"status":500,"error":"Internal Server Error","exception":"java.io.CharConversionException"
,"message":"Not an ISO 8859-1 character: ő","path":"/userCrudBoot2/login"}

However, I can save or retrieve data with these characters without any problem, the request with the url "/api/core/context" comes back with a perfect response (the characters are all correct), only the login cannot handle them. Also, some of the characters in the response of the login don't cause the error mentioned above, but in the response I see diamond characters with question mark (characters like 'ö' or 'ü'). Again, requesting the context it gives them back all correct.

I tried to override the AuthenticationSuccessHandler, and I replaced this line:
"response.setContentType(MediaType.APPLICATION_JSON_VALUE);" whit this:
"response.setContentType("application/json;charset=UTF-8");"
but it didn't help.

Also, the authentication doesn't make difference - for example- between "admin" and "ádmin", what can be a problem in Hungarian.

What can be the problem?
Thank you in advance!

Replace all LecUtils.TOKEN_REQUEST_HEADER_NAME with HttpHeaders.AUTHORIZATION

Configure Jacoco or some code coverage plugin

Configure Jacoco plugin in lemon-demo-jpa and lemon-demo-reactive projects.

LemonTokenAuthenticationFilter invalid implementation

The implementation of LemonTokenAuthenticationFilter is not correct. In stateless application you should not use AuthenticationManager to authenticate user on every request. User already authenticated himself through the authentication provider once they first logged in and generated JWT token. Correct filter should build an authentication token from parsed JWT from the request header.

Calling authenticate sends a successful authentication event on success, which is used to save security audit (AuthenticationEventPublisher). Your filter currently would log as many successful authentication log messages as there were requests.

How to test spring lemon with auto configuration?

I try to learn from spring-lemon by writing some test cases for it. But both MockMailSender and SmtpMailSender are created in the applicationContext. It seems like that the LemonAutoConfiguration class is not to be loaded. Could you provide some example of test a auto configuration project?

Here is my configuration:

@SpringBootApplication
public class LemonTest implements ApplicationContextAware{
    private ApplicationContext context;

    public static void main(String[] args){
        SpringApplication.run(LemonTest.class, args);
        System.out.println("haha");
    }

    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
    }
}

@RunWith(SpringRunner.class)
@SpringBootTest
public class InitTest {
    @Autowired
    private MailSender mailSender;

    @Test
    public void test(){
        assertNotNull(mailSender);
    }
}

Rename AuthenticationSuccessHandler to LemonAuthenticationSuccessHandler

Rename AuthenticationSuccessHandler to LemonAuthenticationSuccessHandler, because AuthenticationSuccessHandler is the name of a super interface. Then, let authenticationSuccessHandler in LemonAutoConfiguration return AuthenticationSuccessHandler -- the interface.

	// TODO: Can't return a mono, as below
	// So, sorry, no reactive auditing until Spring Data supports it
	// return LecrUtils.currentUser();