naturalprogrammer / spring-lemon Goto Github PK
View Code? Open in Web Editor NEWHelper library for Spring Boot web applications
License: Other
Helper library for Spring Boot web applications
License: Other
Currently we are calling the decorate
method of User
manually. Why not have a @PoasLoad
method for it?
Howdy, i installed the apk on my device with all possibile permissions and the device appears offline in the l3mon manager when i tried it on an emulator it worked, i'm running the server on a virtual machine perhaps that's it, if not any other ideas?
@EnableTransactionManagement on LemonAutoConfiguration seems redundant. Remove it and test that transactions are working properly.
What about Spring Cloud cooperation? I mean Spring Lemon its more for monolith, or it have some ineraction with Spring Cloud
Unfortunately custom redirects stopped working for me.
I'm no longer able to do custom redirects like this:
GET /oauth2/authorization/google?lemon_redirect_uri=http://your-front-end-app-url/dynamic-social-login-success?token=
The cookie is being set correctly in the browser.
I'm currently on the RC1 release.
Allow application developers to restrict the number of maximum login sessions for a user by using a property such as lemon.security.max-sessions: 5
. A default, say 5, can be set.
Coding this feature will also allow us to go a step further and force logout a user when an admin alters his roles.
References:
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#concurrent-sessions
spring-projects/spring-boot#1537
https://jira.spring.io/browse/SEC-3069
I think we need to add some code to LemonSecurityConfig
, like this:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
...
.sessionManagement()
.maximumSessions(10)
.sessionRegistry(sessionRegistry());
...
}
/**
* Until https://jira.spring.io/browse/SEC-2855
* is closed, we need to have this custom sessionRegistry
*/
@Bean
public SessionRegistry sessionRegistry() {
SessionRegistry sessionRegistry = new SessionRegistryImpl();
return sessionRegistry;
}
/**
* Register HttpSessionEventPublisher. Note that it is declared
* static to instantiate it very early, before this configuration
* class is processed.
*
* See http://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html
* for how to add a ServletContextListener.
*
* See http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/context/annotation/Bean.html
* for how static instantiation works.
*/
@Bean
public static ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
But, for scaling up, won't we need to have our own SessionRegistry
implementation, say JPA based, instead of SessionRegistryImpl
, which is the in-memory based? I also noticed that SessionRegistryImpl
only listens to SessionDestroyedEvent
. Should not it be listening to SessionCreatedEvent
as well? Need to study more.
Hello, I really like what you are trying to do in this project but unfortunately, I could not manage to run any of the application. Neither the JPA one nor the reactive one. Is it possible that you make a standalone project (not modular) which just start running with mvn spring-boot: run command? I would highly appreciate that. Thanks.
As per this post and the documentation, Spring Boot 1.3 should make it easier to configure CORS.
I tried to configure it this way:
@Configuration
@ConditionalOnProperty(name="lemon.cors.allowedOrigins")
public class CorsConfig extends WebMvcConfigurerAdapter {
private final Log log = LogFactory.getLog(getClass());
@Autowired
LemonProperties properties;
@Override
public void addCorsMappings(CorsRegistry registry) {
log.debug("Configuring CORS");
Cors cors = properties.getCors();
registry.addMapping("/**")
.allowedOrigins(cors.getAllowedOrigins())
.allowedMethods(cors.getAllowedMethods())
.allowedHeaders(cors.getAllowedHeaders())
.exposedHeaders(cors.getExposedHeaders())
.maxAge(cors.getMaxAge())
.allowCredentials(true);
}
}
But it did not work for security related requests, e.g. /login and /logout. Looking at Spring Security code, I felt that DefaultCorsProcessor.handleInternal
is not getting called for these.
I then found a CorsFilter
, whose JavaDoc says
This is an alternative to Spring MVC Java config and XML namespace CORS configuration, useful for applications depending only on spring-web (not on spring-webmvc) or for security constraints requiring CORS checks to be performed at Filter level.
I then tried to configure it as a highest ordered filter, like this:
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter extends CorsFilter {
private final Log log = LogFactory.getLog(getClass());
@Autowired
public SimpleCorsFilter(CorsConfigurationSource configSource) {
super(configSource);
log.debug("Created SimpleCorsFilter");
}
}
Still no luck. Maybe we should wait for sometime till things stabilize.
E.g. com.naturalprogrammer.spring.invalidLink should become com.naturalprogrammer.invalidLink
Hi
I tried to use cookie from LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME
but this is not working..
How to use this?
I created a host on google cloud to test the system, everything works fine until the client connects and the it gets disconnected and goes offline. I have no idea why it does that or maybe google is doing deep packet inspection and dropping the packets for l3mon.
I also observed there is no means to trouble shoot your connected devices and see if its from the client or the server. also there is no means to delete added clients
spring-lemon-exceptions isn't published in Maven Central (why not?). There's an SO question about this in 2016 https://stackoverflow.com/q/36316717/839733.
The Maven repo shown in the docs returns 404.
https://github.com/naturalprogrammer/spring-lemon/wiki/Spring-Lemon-Exceptions-Guide#adding-to-your-spring-boot-project
<repositories>
<repository>
<id>naturalprogrammer</id>
<url>https://naturalprogrammer.github.io/mvn-repository</url>
</repository>
...
</repositories>
Makes me question whether there is a serious commitment to maintaining this project, or it's just someone's weekend project.
Spring Lemon already comes with a rich set of exception handlers:
Spring Lemon exception handler hierarchy <--- Broken link
AbstractUser
pretty much bars applications from using their own ID generator, as it extends LemonEntity
> AbstractPersistable
, with the latter defining the ID member and JPA annotations. It would be much preferable to provide an interface VS AbstractUser
or otherwise not include the id
member definition within it or it's superclasses. In short, users should be able to:
// OR: implements LemonUser<Integer>
public class User extends AbstractUser<Integer> {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
}
.failureHandler(new SimpleUrlAuthenticationFailureHandler()) no longer return JSON. Instead, it return a html page.
Try a post to /api/core/login with wrong credential return a HTML instead of JSON
LemonAuthenticationFailureHandler need to be implemented
Description Resource Path Location Type
The type UserDto is not generic; it cannot be parameterized with arguments MatapaService.java /matapa/src/main/java/mahi/tanvi/pandu line 48 Java Problem
How to integrate the spring-Lemon-exceptions module in the spring gateway?
My suggestion to solve the lack of support in Spring Data:
https://juliuskrah.com/blog/2018/02/15/auditing-with-spring-data-jpa/#comment-4848839807
Hello
First of all thanks for the awesome library.
Please help me in adding or updating parameters for login. I have read about custom login pages. I can't seem to understand how to do that here.
Thanks
Abhinav
I am using spring lemon for user registration. It used to work fine, but for some reason I started getting some cryptic exceptions. It seems like I don't follow some kind of constraint on the user data but I have no idea which one. This is the stack trace:
javax.validation.ConstraintViolationException: null
at org.springframework.validation.beanvalidation.MethodValidationInterceptor.invoke(MethodValidationInterceptor.java:136) ~[spring-context-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69) ~[spring-security-core-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) ~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) ~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) ~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) ~[spring-aop-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at com.speakez.iqr.server.services.MyService$$EnhancerBySpringCGLIB$$ac63ae44.signup(<generated>) ~[classes/:1.0.0]
at com.naturalprogrammer.spring.lemon.LemonController.signup(LemonController.java:103) ~[spring-lemon-0.12.0.jar:0.12.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) ~[servlet-api.jar:na]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-websocket.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at com.naturalprogrammer.spring.lemon.security.LemonTokenAuthenticationFilter.doFilter(LemonTokenAuthenticationFilter.java:95) ~[spring-lemon-0.12.0.jar:0.12.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:197) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at com.naturalprogrammer.spring.lemon.security.LemonTokenAuthenticationFilter.doFilter(LemonTokenAuthenticationFilter.java:95) ~[spring-lemon-0.12.0.jar:0.12.0]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) ~[spring-security-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60) ~[spring-security-oauth2-2.0.13.RELEASE.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at com.naturalprogrammer.spring.lemon.security.LemonCorsFilter.doFilterInternal(LemonCorsFilter.java:86) ~[spring-lemon-0.12.0.jar:0.12.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.8.RELEASE.jar:4.3.8.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108) [spring-boot-1.5.3.RELEASE.jar:1.5.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.15]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [catalina.jar:8.5.15]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.15]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [catalina.jar:8.5.15]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.15]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [catalina.jar:8.5.15]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) [catalina.jar:8.5.15]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.15]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:8.5.15]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-coyote.jar:8.5.15]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.15]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-coyote.jar:8.5.15]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-coyote.jar:8.5.15]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.15]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_131]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_131]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.15]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]
Is Spring Boot have some planes about integration of Spring Lemon?
And about Kotlin, could i use it with my Kotlin Spring Boot App?
Running tests on lemon-demo-reactive
requires mongodn to be running locally, and even then fails when run first time, If you run it second time, it passes.
Looks like it requires lemontest
database to pre-exist. Couldn't we fix it by creating it beforehand? Or better yet, would be great if we could point it to an in-memory DB, or Docker or do something robust about it.
Technical hint: See the @SpringBootTest
annotations on AbstractTests
, and also MyTestUtils.initDatabase
.
Hi!
I have seen the Role
interface in com.naturalprogrammer.spring.lemon.commons.security.UserDto.UserUtils
, I would like to be able to add more roles or customize the interface.
What could I do?
A hug!
Presently CORS is configured for controllers, but not at filter level. I think best would be to wait for this ticket to have it enabled at ease: spring-projects/spring-security#4832
After changing the client ID and secret the code returned by google is little different and social API is throwing 401.
Any help would be appreciated. Do let me know if any other info is required. Thanks in advance.
Hi,
I added another entity class to my project which is based on lemon-demo, and I am trying to add a ManyToOne relationship between the User class and the new class (LanguageServiceProvider).
User.java:
package com.naturalprogrammer.spring.lemondemo.entities;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.validation.constraints.Size;
import org.hibernate.validator.constraints.NotBlank;
import com.fasterxml.jackson.annotation.JsonView;
import com.naturalprogrammer.spring.lemon.domain.AbstractUser;
@Entity
@Table(name = "usr")
public class User extends AbstractUser<User, Long>
{
private static final long serialVersionUID = 2716710947175132319L;
public static final int NAME_MIN = 1;
public static final int NAME_MAX = 50;
public User()
{
}
public User(String email, String password, String name)
{
this.email = email;
this.password = password;
this.name = name;
}
@JsonView(SignupInput.class)
@NotBlank(message = "{blank.name}", groups = { SignUpValidation.class, UpdateValidation.class })
@Size(min = NAME_MIN, max = NAME_MAX, groups = { SignUpValidation.class, UpdateValidation.class })
@Column(nullable = false, length = NAME_MAX)
private String name;
private LanguageServiceProvider languageServiceProvider;
public String getName()
{
return name;
}
public void setName(String name)
{
this.name = name;
}
@ManyToOne
@JoinColumn(name = "lspId")
public LanguageServiceProvider getLanguageServiceProvider()
{
return languageServiceProvider;
}
public void setLanguageServiceProvider(LanguageServiceProvider languageServiceProvider)
{
this.languageServiceProvider = languageServiceProvider;
}
}
LanguageServiceProvider.java:
package com.naturalprogrammer.spring.lemondemo.entities;
// Generated Jun 8, 2017 9:59:22 AM by Hibernate Tools 5.2.3.Final
import static javax.persistence.GenerationType.IDENTITY;
import java.util.Set;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToMany;
import javax.persistence.Table;
/**
* LanguageServiceProvider generated by hbm2java
*/
@Entity
@Table(name = "language_service_provider")
public class LanguageServiceProvider implements java.io.Serializable
{
private Long idLanguageServiceProvider;
private String ivrCode;
private String name;
private Set<User> users;
public LanguageServiceProvider()
{
}
public LanguageServiceProvider(String ivrCode, String name)
{
this.ivrCode = ivrCode;
this.name = name;
}
@Id
@GeneratedValue(strategy = IDENTITY)
@Column(name = "id_language_service_provider", unique = true, nullable = false)
public Long getIdLanguageServiceProvider()
{
return this.idLanguageServiceProvider;
}
public void setIdLanguageServiceProvider(Long idLanguageServiceProvider)
{
this.idLanguageServiceProvider = idLanguageServiceProvider;
}
@Column(name = "ivr_code", length = 16)
public String getIvrCode()
{
return this.ivrCode;
}
public void setIvrCode(String ivrCode)
{
this.ivrCode = ivrCode;
}
@Column(name = "name", length = 128)
public String getName()
{
return this.name;
}
public void setName(String name)
{
this.name = name;
}
@OneToMany(fetch = FetchType.LAZY, mappedBy = "languageServiceProvider")
public Set<User> getUsers()
{
return users;
}
public void setUsers(Set<User> users)
{
this.users = users;
}
}
When the server starts I am getting this exception:
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: BLOB/TEXT column 'language_service_provider' used in key specification without a key length
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_131]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_131]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_131]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_131]
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.Util.getInstance(Util.java:408) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:943) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2497) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1540) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2595) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1468) ~[mysql-connector-java-5.1.41.jar:5.1.41]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:114) ~[tomcat-jdbc-8.5.14.jar:na]
at com.sun.proxy.$Proxy115.executeUpdate(Unknown Source) ~[na:na]
at org.hibernate.tool.schema.internal.TargetDatabaseImpl.accept(TargetDatabaseImpl.java:56) ~[hibernate-core-5.0.12.Final.jar:5.0.12.Final]
... 72 common frames omitted
I looked inside mysql. For some reason a column named language_service_provider is created inside the usr table instead of lsp_id, and it is created as TINYBLOB instead of BIGINT. Is there any way to change this?
I've been trying to implement Spring Lemon into a project. However, when trying authentication through facebook there doesn't seem to be a 'verified' attribute in the response.
As a consequence, a null pointer is thrown in the LemonService class:
java.lang.NullPointerException: null
at com.naturalprogrammer.spring.lemon.LemonService.getOAuth2AccountVerified(LemonService.java:703) ~[spring-lemon-jpa-1.0.0.M8.jar:1.0.0.M8]
Other attributes such as name, email and id are returned by the facebook provider just fine.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'lexUtils': Invocation of init method failed; nested exception is org.springframework.context.NoSuchMessageException: No message found under code 'com.naturalprogrammer.spring.notFound' for locale 'zh_CN'.
Hi!
I faced the following issue using spring-lemon's authentication module. I've overriden the user model object and I added a 'username' column to it, and I use this as username at login.
When I add a user with special character (like ő or ű, these are often used characters in Hungarian), the authentication fails with the following response:
{"timestamp":1464383714327,"status":500,"error":"Internal Server Error","exception":"java.io.CharConversionException"
,"message":"Not an ISO 8859-1 character: ő","path":"/userCrudBoot2/login"}
However, I can save or retrieve data with these characters without any problem, the request with the url "/api/core/context" comes back with a perfect response (the characters are all correct), only the login cannot handle them. Also, some of the characters in the response of the login don't cause the error mentioned above, but in the response I see diamond characters with question mark (characters like 'ö' or 'ü'). Again, requesting the context it gives them back all correct.
I tried to override the AuthenticationSuccessHandler, and I replaced this line:
"response.setContentType(MediaType.APPLICATION_JSON_VALUE);" whit this:
"response.setContentType("application/json;charset=UTF-8");"
but it didn't help.
Also, the authentication doesn't make difference - for example- between "admin" and "ádmin", what can be a problem in Hungarian.
What can be the problem?
Thank you in advance!
Configure Jacoco plugin in lemon-demo-jpa and lemon-demo-reactive projects.
The implementation of LemonTokenAuthenticationFilter is not correct. In stateless application you should not use AuthenticationManager to authenticate user on every request. User already authenticated himself through the authentication provider once they first logged in and generated JWT token. Correct filter should build an authentication token from parsed JWT from the request header.
Calling authenticate sends a successful authentication event on success, which is used to save security audit (AuthenticationEventPublisher). Your filter currently would log as many successful authentication log messages as there were requests.
I try to learn from spring-lemon by writing some test cases for it. But both MockMailSender and SmtpMailSender are created in the applicationContext. It seems like that the LemonAutoConfiguration class is not to be loaded. Could you provide some example of test a auto configuration project?
Here is my configuration:
@SpringBootApplication
public class LemonTest implements ApplicationContextAware{
private ApplicationContext context;
public static void main(String[] args){
SpringApplication.run(LemonTest.class, args);
System.out.println("haha");
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.context = applicationContext;
}
}
@RunWith(SpringRunner.class)
@SpringBootTest
public class InitTest {
@Autowired
private MailSender mailSender;
@Test
public void test(){
assertNotNull(mailSender);
}
}
Rename AuthenticationSuccessHandler to LemonAuthenticationSuccessHandler, because AuthenticationSuccessHandler is the name of a super interface. Then, let authenticationSuccessHandler in LemonAutoConfiguration return AuthenticationSuccessHandler -- the interface.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.