I was trying to create a login application, I thought I did everything right but I can't in any way pass the login from in the localhost. I attach here the screens. I've tried instantiating some beans of my user class in the db to try and use their attributes for a login but I can't get it to work.
my main(https://i.stack.imgur.com/RUMYe.png)
your text(https://i.stack.imgur.com/63Bhh.png)
your text(https://i.stack.imgur.com/swuZR.png)
your text(https://i.stack.imgur.com/TOQqM.png)
your text(https://i.stack.imgur.com/fAIw3.png)
your text(https://i.stack.imgur.com/eCEwL.png)
your text(https://i.stack.imgur.com/OpQah.png)
Related
By example, have a simple login and logout application in Java Spring Boot 3, and i need create the test class, in my project has tree .java files, AuthLoginController.java, AuthLoginOAUTHController.java and AuthLogoutController.java, in test package i create two files, the login controller and logout controller, the login controller return a JWT. The problem is when need test logout controller, need the JWT for call the logout but the login only can call from login controller, can not call login and logout in same class, the test unit 5 require use same class name and same function name, but need correlationate two functions in a unique flow (login and logout).
The problem is similar for others controllers. What is the best practice for create the test?, create java files without controller name and call individual request for each? or create a super global map as application context setting and set/get values for each function forcing the order in each test?
It looks like a business or functional test from the description.
So, the test case must not be specific to a controller class.
If you want to test both Login and Logout in a test case, then the test case should only deal with the URLs of login and Logout. Not controller classes themselves.
Another option is to auto-wire both login and logout controllers.
Check out the guide here. Test Web MVC
The application is deployed and in operation. The user, named John, comes to the login page - "my-site.com/login.xhtml", and logs in. We get the data about it from the database and must redirect it to the main page of the application - "my-site.com/main.xhtml". At the same time, in the address bar it should have a URL consisting of the data (its name) that we just received from the database, like this - "my-site.com/john".
There are wonderful prettyfaces and rewrite libraries that are designed to solve such problems, but unfortunately for redirection they need to know what URL to display (user name) during the deployment of the application, but of course we do not know it until the user is logged in.
Please help me to implement this?
you can follow this tutorial and use variable templating and query parameters.
https://github.com/ocpsoft/rewrite/blob/master/README.md
as copied from above link and modified:
return ConfigurationBuilder.begin()
.defineRule()
.when(Direction.isInbound().and(Path.matches("/{p}")))
.perform(Forward.to("/main.xhtml?user={p}"));
and let a Cdi bean handle the user parameter.
I am facing a problem and hope that someone can give me some advice.
I have a restful Spring application which allows HTTP-requests. I am using spring security and offer oauth2. In my basic service, called by a controller, I am fetching the currently logged user via:
SecurityUser loggedUser = (SecurityUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
So far, that's all working fine. Furthermore, I am using events and event listeners implementing the org.springframework.context.ApplicationListener interface. I configured the application event multicaster the way that events are handled asynchronously (using a SimpleAsyncTaskExecutor).
The (obvious) problem arises when I try to use my service (and methods which rely on the currently logged user) in my listeners. They cannot access the context as they are working asynchronous. Hence, I cannot fetch the current user.
Can you give any advice how to solve the problem? Are there more options than to
save and extend the context somehow so that the async listeners can
still access it? if so, how to do it?
change all the services methods to hand over the user via a parameter
(instead of the service fetching the current user itself) and store
its id e.g. in the event.
Thank you very much. Myself
You can use a DelegatingSecurityContextAsyncTaskExecutor instead of a SimpleAsyncTaskExecutor. The problem is that you only can get the user's context when the user is logged.
I have a web app that uses a Java Bean for login functions right now and all of the JSP pages check the Bean to make sure the user is logged in. I am also introducing some AJAX functionality now with servlets and I see that of course those exchanges don't check authentication. I'm wondering how I should handle this. For example, I don't want someone to be able to logout, hit back button, then submit something with the AJAX functions successfully.
I can't access the bean from the servlet to check the login (totally wrong context and static vs non-static). I guess I could set a flag with the user entry in the database table denoting logged in or not. Then I can detect timeout logoffs and update the flag as well. But that way would require extra database accesses every time something is done. It would duplicate functionality in some way, but I guess I could perhaps use that just for the AJAX stuff. One difference with that would be the user would not be able to be logged in on multiple places at once as currently.
How is this kind of thing normally done?
Thanks for any help!
You could use session to store that flag instead of the database, and when the user logs out you should remove that flag and destroy the session. In login method
HttpSession session = req.getSession(true);
session.setAttribute("loggedIn",true)
And in your AJAX code
if(eq.getSession(true).getAttribute("loggedIn")==true)
doWork();
else
error("not logged in");
The webcontainer will handle timeouts for you, keep track of each user and his session, and so on.
But I would recommend that you use a standard for managing authntication
I am used to web MVC where this would happen each event/request:
Clicks link for site.com/login
Router would figure out where the user is going
Dispatcher would load up the Login controller
I am attempting MVC in Java and I have hit a little bump with the flow of things.
The user clicks a button to open a new window, the controller catches this event. We are currently in the controller so is this the place where you dispose/hide the current window and load up the new controller which will in turn display the new requested window?
It is the only place I can think of or are there better ways to accomplish this? Something does not seem right about it to me.
Any help would be great thanks.
Use case for login is different from regular controller. Login should be called anytime unauthenticated user tries to access secure pages. So for login controller you could pass the url of the page user tries to access, so the Login Controller could redirect to it after Login is processed.
For regular controllers, depending on what they do you could return all the model and the view for the new page in the same controller which processes the request (This is especially true for GET requests). For post you could either return the model or redirect.