I am doing a small RESTfull API tutorial project as an information portal. I wrote the front by myself (html + css + js + a little burstrap). Rest chose because of the increasing popularity, since studying, then learning what is needed at the current time.
In general, I will pass to the essence of the problem: a site is a few pages with articles, general information, pictures, etc. - in short, nothing supernatural, and there is no magic logic. I decided to implement an administrator, because someone has to edit these articles, and then I rested.
I don’t understand how to implement it correctly? All I found was about spring security and the distribution of roles to users, but I don't need any users, I only need the site admin. How is this implemented correctly? Which way should I look?
P.S. Several people advised me not to use spring for this, but to take something simpler, such as django or flask, but I am studying Java and would like to master spring.
How about considering spring boot admin https://codecentric.github.io/spring-boot-admin/current/ ?
I also used spring boot admin. it is powerful
Your question is not a coding question, it's an application design question.
The solution is actually embedded in your question,
All I found was about spring security and the distribution of roles to users
You can create a page from which the admin can log in and edit whatever needed, you will have to design the admin panel and stuff like that.
The users' creation and login mechanism is a well-documented subject.
check here for example.
Check this for the JWT solution.
Related
I want to make a web-based application using spring-boot with zk as backend and frontend, but I still haven't found a good tutorial.
Spring boot itself is a convention based framework to setup/configure an application(-server). It has examples for many ways to load/store data, each with their own tutorials, so you have to at least choose the persistence technology most suitable for your scenario ... be it spring data, jdbc, restful or nosql or webservice based ... you name it. Then someone might be able to point you to a dedicated tutorial.
From the ZK perspective all that doesn't really matter. Being a front end framework it doesn't make any persistence assumptions. I.e. you can load/save data from/to any source in your controller/viewmodel code (delegating to your spring-services / repositories). Here an example project, demonstrating how a spring service can be wired and used inside MainViewModel.
Now it's up to you to decide and implement what the spring service will do, when its methods are called. For your CRUD scenario you'll most likely need methods to create, read, update and delete your data objects.
E.g. Spring data provides standard interfaces for that e.g. CrudRepository
Before you decide to use spring-data you should definitely read and understand the common concepts first. After that the integration into spring-boot should feel less mystical (we've all been there), and you can pick the options you want, instead of a tutorial someone put together - most likely under different assumptions unsuitable to your situation.
I suppose that you have fundamental skills in Java and in web development. If you do, but you are starting with spring boot I recommend starting with spring boot by reading articles in baeldung.com and mkyong.com for specific things.
To get a general perspective of spring boot I recommend that you read the book "spring boot in action" by Craig Walls:
You can purchase it online or find it in here.
Spring Security is great when the developer wants to secure his web app.
However, what about creating the account? and "forgot password"? most login pages have these links as well as the username and password fields. Spring's default login-page does not have these links... in the good case, it can support "remember me"...
Does Spring supports these flows, of Create Account, Forgot Password and Change Password?
If the answer is yes, can you please point me to some documentations?
I've searched this issue but could not find anything.
Thanks!
You are completely right. AFAIK there is no "generic" package that implements these flows. I've searched a lot for this kind of code a while ago, and found nothing. I think that #luizcarlosfx is right, that each application has its own needs, therefore it is hard to write something generic that fits all needs.
EDIT:
I saw comments like "It's not so difficult to implement". True. But you have to make sure you take care of all cases. For example, what happens if a user tries to create account that is already exists? what happens if a user tries to create account that is already exists but inactive? what about the policy of the password? (too long/too short/how many capital etc) what about sending the email with the activation link to the user? how fo you create this link? how do you encrypt it? what about the controller that will receive the click on the link and activate the account? and more and more...
However, I took it a step forward and tried to code something that will answer most flows - registration, forgot-password, change password etc, and something that will be secured enough so applications will be able to use it without the fear that it will be easily hacked.
I have implemented a JAVA project for this use case. It is open source, based on Spring-Security. A release version is on Maven-Central, so you do not need to compile it, but instead you can fetch it as maven-dependency to your project!
<dependency>
<groupId>com.ohadr</groupId>
<artifactId>authentication-flows</artifactId>
<version>1.5.0-RELEASE</version>
</dependency>
I think it answers your question...
There are explanations for everything (and if something is missing - let me know...)
You can find here an example for a client application's code (i.e. the usage).
This is the main page of the project plus a demo, and another demo is here (but this is an app that after upgrading to version 1.6.1 requires login with email with "nice" domain - nice.com. so you cannot really use it for demo; use the first example).
This is a client web-app that uses the auth-flows, with the README with all explanations.
Hope that helps!
I think appfuse is a tool for what you want. This lines are from it's documentation:
AppFuse comes out of the box with features that many applications need, including:
Authentication and authorization
User management
Remember Me (which saves your login information so you don't
have to log in every time)
Password reminder
Signup and registration
SSL switching
E-mail
Extension-less URLs File upload
Generic CRUD backend
Full Eclipse, IDEA and NetBeans support
Fast startup and no deploy with Maven Jetty Plugin
Testable on multiple appservers and databases with Cargo and profiles
I am going to develop small ERP System. The product has only one major requirement to support multiple databases.
I have planned to use
Front side: JSP+JSTL+JQuery [I have good command on that] + I have create my own custom component for re-useability and full control of my component.
Back-end: Using hibernate[ORM] framework [due to Cross database] and I have also good knowledge of it.
I am happy with above and feeling confident to build product, soon.
BUT
My friend made me unhappy ;)
My friend suggest me that you should use spring MVC with hibernate, because when your product become large,it create a problem in future due to many developers involvement.So, you should use framework , so that every developer follow the pattern and then your product remain stable.
But I am already follow hibernate pattern :)
I have no any knowledge of Spring MVC. When I search about spring MVC , I found it is a different thing than my requirement and also find Cross database context issue, if I use Spring MVC with hibernate.
Either should I used spring MVC or not. If yes, I have to learn then Spring MVC and
I do not want to waste my time, if spring is not suitable for me.
That's why I am consulting that forum , to go for right direction.
Actually, Spring MVC does not interfere with any of the components you have chosen already. It just introduces a way to structure your frontend - backend interface in a standard way (MVC pattern).
I actually run the very same setup and is very happy with it. (Jquery, JSP, Spring MVC, Hibernate).
Other than structure, you will get easy return of invested time in Spring MVC when you want to do Ajax heavy things (as I assume you want in an ERP app). It's trivial to build AJAX/JSON stuff with jQuery and SpringMVC.
Using Spring MVC will make your application structured. This will help in future maintenance.
Your code will look clean and you can separate your code into components and Spring will help you wire them together and you might decide to combine them in different ways, or wish to make it easy to swap out one component for another depending on different settings or environments. This would be great for multiple databases when used with hibernate.
Learning spring will not take much time if you have a good knowledge of Java EE.
I'm interested in porting an existing application which was written using Spring/Struts2/Hibernate to GAE. I didn't read many successful stories about that so first of all I'm wondering if it is wise to use any of them there. I want to get rid of hibernate and to use the google data store instead since it's obvious hibernate is not a good choice on GAE. So my main questions refers to Struts2(webworks)/Spring. My app uses simple JSP pages, no other template mechanism.
My question refers to the following aspects:
Currently each page has struts actions associated. Each request is taken by struts dispatcher an then it is dispatched to specific action class after which it invokes a specific jsp, according to the config file.
Everything is instantiated by Spring(actions, factories, hibernate layers,...)
The security is managed through a Spring Security(former acegi).
My first impression is that I should get rid of Spring because GAE should manage all the objects in order to work in a distributed environment. I have a few antagonistic thoughts regarding Struts. However, if I get rid of them ,I'm not sure if I should do it and in case I will, what to choose instead. Is GAE good enough to provide all the things I needed? I assume instantiation should be handled by GAE to have a truly sclalable solution. What about session management, security & user privileges? GAE provides good mechanism to manage them behind the scene or I should manually handle them like in a classic jsp solution? Will I end in having a huge web.xml?
Are there any frameworks that fits well in GAE and which can replace Spring/Struts? I would be interested to find out from someone who experienced those problems in GAE.
Here is a list of frameworks which are known to work or to have issues:
http://code.google.com/p/googleappengine/wiki/WillItPlayInJava
In general Hibernate will not work, but you could potentially use Java Persistence instead. Struts should be OK, but Spring Security is not fully compatible while other Spring parts are fine.
As far as I know, Struts is generally a layer over standard Servlet API - so it should be running without many changes. Spring also is not a problem, in fact, on the web there are many blog entries about spring on GAE. Hibernate - yeah, better use JPA.
If you want to rewrite whole app, you can always go with GWT, even with Spring ( GWT/GAE Spring IoC powered )
I know there are many security frameworks and "building" a security framework is a bad idea.
In the recent project I have worked on, I used spring security to secure the web application. In the process, I over rided/tweaked some spring security classes to fit my requirement.
My management now wants me to "takeout" the things I did and distribute it as a re usable code in an internal portal.
Now, Is this is a fair thing to ask? I tried to explain them it's just some classes build on spring security and nothing special. But they are insisting on "creating" this framework.
Is this a fair requirement ? Any ideas on how to start ? I understand that getting started with spring security is not very easy.
If I am building this, what are the functions I need to provide?
If they need you to "takeout" the things you did then they should know what they want the framework to do. So Its probably better to ask them for requirements directly.
Regarding:
Is this a fair requirement ?
The answer is probably no. If they want you to do something they should give you specific requirements.
Just Yesterday I asked wheter someone knows a security-library which provides security-apis but at a bit lowerlevl than spring-security. Meaning a library which I call instead of a framework where I have to organize the code according to it (ie using a spring context).
So something I would need are apis for example to create safe remember-me tokens, do basic and dighest authentication, connecting to ldap - or just simply where I could use spring-security but without the spring-container).