I am trying to learn how to build a forum from an available source. However the problem I have is the function to reply to comments and answer questions. When I reply to my question or comment, notify me that "vkhacbao answered vkhacbao's question" (vkhacbao is the account I log into). How can I block or set the condition so that when I comment, it's not sent to myself. Please help me, I tried everything for 3 days but with no success. Thanks very much
Code:
CommentController.java
#Controller
public class CommentController {
#Resource
private UserMapper userMapper;
#Resource
private CommentMapper commentMapper;
#Resource
private QuestionMapper questionMapper;
#Resource
private NotificationMapper notificationMapper;
#ResponseBody
#RequestMapping(value = "/comment",method = RequestMethod.POST)
public Object post(#RequestBody CommentCreateDto commentCreateDto,
HttpServletRequest request){
//把User写进session
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return "login";
}
User user = null;
for (Cookie cookie : cookies) {
if (cookie.getName().equals("token")) {
String token = cookie.getValue();
user = userMapper.findBytoken(token);
if (user != null) {
request.getSession().setAttribute("user", user);
//获取未读的消息数量
int unreadnum=notificationMapper.getunreadcount(user.getId());
request.getSession().setAttribute("unreadnum",unreadnum);
}
break;
}
}
//把评论插入数据库
Comment comment=new Comment();
comment.setParent_id(commentCreateDto.getParent_id());
comment.setContent(commentCreateDto.getContent());
comment.setType(commentCreateDto.getType());
comment.setCreatetime(System.currentTimeMillis());
comment.setCommentor(user.getId());
commentMapper.insert(comment);
if (commentCreateDto.getType()==2){
//把回复评论的通知插入数据库
Notification notification=new Notification();
notification.setNotifier(comment.getCommentor());
Comment comment2=commentMapper.getparentbyid(commentCreateDto.getParent_id());
notification.setReceiver(comment2.getCommentor());
notification.setOuterid(commentCreateDto.getParent_id());
notification.setType(notificationEnum.NOTIFICATION_COMMENT.getType());
notification.setCreatetime(System.currentTimeMillis());
notification.setStatus(NotificationStatusEnum.UNREAD.getStatus());
notificationMapper.inserts(notification);
//增加评论数
commentMapper.updatecommentcount(commentCreateDto.getParent_id());
}
else {
//把回复问题的通知插入数据库
Question question=questionMapper.getbyId(commentCreateDto.getParent_id());
Notification notification=new Notification();
notification.setNotifier(user.getId());
notification.setReceiver(question.getCreateid());
notification.setOuterid(commentCreateDto.getParent_id());
notification.setType(notificationEnum.NOTIFICATION_QUESTION.getType());
notification.setCreatetime(System.currentTimeMillis());
notification.setStatus(NotificationStatusEnum.UNREAD.getStatus());
notificationMapper.inserts(notification);
//增加问题回复量
questionMapper.updatecomment(commentCreateDto.getParent_id());
}
ResultDto resultDto=new ResultDto();
return resultDto.success();
}
#ResponseBody
#RequestMapping(value = "/comment/{id}",method = RequestMethod.GET)
public ResultDto<List<CommentDto>> comments(#PathVariable(name = "id") int id,
HttpServletRequest request){
//查找type=2,即是回复评论的评论
List<Comment> comments = commentMapper.getCommentByid(id,2);
List<CommentDto> commentDto=new ArrayList<>();
//找到User
Cookie[] cookies = request.getCookies();
User user = null;
for (Cookie cookie : cookies) {
if (cookie.getName().equals("token")) {
String token = cookie.getValue();
user = userMapper.findBytoken(token);
break;
}
}
//把二级评论和对应的User写进每个CommentDto集合中
for (Comment comment:comments){
CommentDto dto=new CommentDto();
BeanUtils.copyProperties(comment,dto);
dto.setUser(user);
commentDto.add(dto);
}
ResultDto resultDto=new ResultDto();
//返回数据给前端
return resultDto.success(commentDto);
}
}
NotificationController.java
#Controller
public class NotificationController {
#Resource
private NotificationMapper notificationMapper;
#Resource
private CommentMapper commentMapper;
#GetMapping("/notification/{action}")
public String notification(#PathVariable("action")int id,
HttpServletRequest request){
//将通知设置为已读
notificationMapper.updatestatus(id);
//获取type,检验是回复评论还是回复问题
int type=notificationMapper.gettypebyid(id);
int outerid=notificationMapper.getouteridbyid(id);
int questionid;
if(type== notificationEnum.NOTIFICATION_QUESTION.getType()){
questionid=outerid;
}else {
questionid=commentMapper.getparentidbyid(id);
}
return "redirect:/question/"+questionid;
}
}
QuestionController.java
#Controller
public class QuestionController {
#Resource
private QuestionService questionService;
#Resource
private UserMapper userMapper;
#Resource
private CommentService commentService;
#Resource
private NotificationMapper notificationMapper;
#GetMapping("/question/{id}")
public String question(#PathVariable(name = "id")int id,
Model model,
HttpServletRequest request){
//查找cookies,观察是否有token存在
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return "login";
}
User user = null;
for (Cookie cookie : cookies) {
if (cookie.getName().equals("token")) {
String token = cookie.getValue();
user = userMapper.findBytoken(token);
if (user != null) {
request.getSession().setAttribute("user", user);
//获取未读的消息数量
int unreadnum=notificationMapper.getunreadcount(user.getId());
request.getSession().setAttribute("unreadnum",unreadnum);
}
break;
}
}
Questiondto questiondto=questionService.getbyid(id);
//增加阅读数
questionService.increaseview(id);
model.addAttribute("questionDto",questiondto);
//展示回复数据
List<CommentDto> comments=commentService.getByid(id);
model.addAttribute("comments",comments);
//相关问题
String[] tags=questiondto.getTag().split(",");
StringBuilder msg=new StringBuilder();
for (String tag:tags){
msg.append(tag);
msg.append("|");
}
String result=msg.substring(0,msg.length()-1);
List<Question> relativequestion =questionService.getbytag(id,result);
model.addAttribute("relativequestion",relativequestion);
return "question";
}
}
Assuming the owners of the original message and the commenter are in the CommentController class, it would be this section
if (commentCreateDto.getType()==2){
Comment comment2=commentMapper.getparentbyid(commentCreateDto.getParent_id());
if ( !comment2.getCommentor().equals(comment.getCommentor()) ) {
Notification notification=new Notification();
notification.setNotifier(comment.getCommentor());
notification.setReceiver(comment2.getCommentor());
notification.setOuterid(commentCreateDto.getParent_id());
notification.setType(notificationEnum.NOTIFICATION_COMMENT.getType());
notification.setCreatetime(System.currentTimeMillis());
notification.setStatus(NotificationStatusEnum.UNREAD.getStatus());
notificationMapper.inserts(notification);
commentMapper.updatecommentcount(commentCreateDto.getParent_id());
}
}
Unfortunately, if that doesn't work for you, you'll need to learn more about the language and the code to determine where to make the change.
Related
In Spring boot application. When session timeout, logout the user and redirect to login page. When the user logs in again then navigate to the last visited page. I am using JDBC HttpSession. Please help me with how to handle this.
#GetMapping("/")
public String home(Model model, HttpSession session) {
#SuppressWarnings("unchecked")
List<String> messages = (List<String>) session.getAttribute("MY_SESSION_MESSAGES");
if (messages == null) {
messages = new ArrayList<>();
}
model.addAttribute("sessionMessages", messages);
System.out.println("Session Det ------------------" + model.toString());
return "index";
}
#PostMapping("/persistMessage")
public String persistMessage(#RequestParam("msg") String msg, HttpServletRequest request) {
#SuppressWarnings("unchecked")
List<String> msgs = (List<String>) request.getSession().getAttribute("MY_SESSION_MESSAGES");
if (msgs == null) {
msgs = new ArrayList<>();
request.getSession().setAttribute("MY_SESSION_MESSAGES", msgs);
}
msgs.add(msg);
request.getSession().setAttribute("MY_SESSION_MESSAGES", msgs);
return "redirect:/";
}
#PostMapping("/destroy")
public String destroySession(HttpServletRequest request) {
request.getSession().invalidate();
return "logout";
}
#InjectMocks
private UserServiceImpl userService;
#Mock
private UserRepository mockUserRepository;
//private UserServiceImpl userServiceImpl;
#Before
public void initMocks() throws Exception {
MockitoAnnotations.initMocks(this);
mockUserRepository = Mockito.mock(UserRepository.class);
}
#Test
public void testCreateUser() {
User user = createUser();
Mockito.doReturn(user).when(mockUserRepository).findByEmail(user.getEmail());
Mockito.when(mockUserRepository.save(user)).thenReturn(user);
userService.createUser(user);
}
private User createUser() {
User user = new User();
user.setFirstName("Shreya");
user.setLastName("Mahajan");
user.setEmail("shreya.mahajan#nitorinfotech.com");
user.setRole("admin");
user.setPassword("shreya123");
return user;
}
This is my actual service method. while testing it gives me null on variables existingUser and response
#Override
public ResponseVO createUser(User user) {
ResponseVO responseVO = new ResponseVO();
User existingUser = userRepository.findByEmail(user.getEmail());
if(user.getEmail() != null){
if(existingUser != null){
responseVO.setStatusCode("500");
responseVO.setMessage("user Already Exists");
}else{
User response = userRepository.save(user);
if(response == null){
responseVO.setStatusCode("400");
responseVO.setMessage("Failure");
}else{
responseVO.setStatusCode("200");
responseVO.setMessage("Success");
}
}
}
return responseVO;
}
I am trying to write a test case and mock methods findByEmail() and save() but while mocking i am not receiving the user object in return mentioned in thenreturn() and doreturn().
Can anyone please help.
Here are somethings you can try:
Please remove mockUserRepository = Mockito.mock(UserRepository.class); as its redundant.
Instead of
Mockito.doReturn(user).when(mockUserRepository).findByEmail(user.getEmail());
do this
Mockito.doReturn(user).when(mockUserRepository).findByEmail(Mockito.any());
I have a server that is just an API endpoint, no client front-end, no jsp, no html. It uses Spring Boot and I'm trying to secure it with Shiro. The relevent parts of my SpringBootServletInitializer look like this. I'm trying to get Shiro to return a 403 response if it fails the roles lookup as defined in BasicRealm. Yet it seems to default to redirecting to a non-existent login.jsp and no matter what solution I seem to use. I can't override that. Any help would be greatly appreciated.
#SpringBootApplication
public class RestApplication extends SpringBootServletInitializer {
...
#Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
Map<String, String> filterChain = new HashMap<>();
filterChain.put("/admin/**", "roles[admin]");
shiroFilter.setFilterChainDefinitionMap(filterChain);
shiroFilter.setSecurityManager(securityManager());
return shiroFilter;
}
#Bean
public org.apache.shiro.mgt.SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm());
CookieRememberMeManager rmm = new CookieRememberMeManager();
rmm.setCipherKey(Base64.decode("XXXXXXXXXXXXXXXXXXXXXX"));
securityManager.setRememberMeManager(rmm);
return securityManager;
}
#Bean(name = "userRealm")
#DependsOn("lifecycleBeanPostProcessor")
public BasicRealm userRealm() {
return new BasicRealm();
}
#Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
public class BasicRealm extends AuthorizingRealm {
private static Logger logger = UserService.logger;
private static final String REALM_NAME = "BASIC";
public BasicRealm() {
super();
}
#Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String userid = upToken.getUsername();
User user = Global.INST.getUserService().getUserById(userid);
if (user == null) {
throw new UnknownAccountException("No account found for user [" + userid + "]");
}
return new SimpleAuthenticationInfo(userid, user.getHashedPass().toCharArray(), REALM_NAME);
}
#Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
String userid = (String) principals.getPrimaryPrincipal();
if (userid == null) {
return new SimpleAuthorizationInfo();
}
return new SimpleAuthorizationInfo(Global.INST.getUserService().getRoles(userid));
}
}
OK, here is how I solved it. I created a class ...
public class AuthFilter extends RolesAuthorizationFilter {
private static final String MESSAGE = "Access denied.";
#Override
protected boolean onAccessDenied(final ServletRequest request, final ServletResponse response) throws IOException {
HttpServletResponse httpResponse ;
try {
httpResponse = WebUtils.toHttp(response);
}
catch (ClassCastException ex) {
// Not a HTTP Servlet operation
return super.onAccessDenied(request, response) ;
}
if (MESSAGE == null) {
httpResponse.sendError(403);
} else {
httpResponse.sendError(403, MESSAGE);
}
return false; // No further processing.
}
}
... and then in my shiroFilter() method above I added this code ...
Map<String, Filter> filters = new HashMap<>();
filters.put("roles", new AuthFilter());
shiroFilter.setFilters(filters);
... hope this helps someone else.
In Shiro 1.4+ you can set the login url in your application.properties:
https://github.com/apache/shiro/blob/master/samples/spring-boot-web/src/main/resources/application.properties#L20
Earlier versions you should be able to set ShiroFilterFactoryBean.setLoginUrl("/login")
https://shiro.apache.org/static/current/apidocs/org/apache/shiro/spring/web/ShiroFilterFactoryBean.html
I am trying to create login function and I want to save in the session specific data to use in future requests of the user is it possible?
In the loginUser, first if is always false even if the user already logged
and same in the updatePassword .
I need to save the attribute from the function loginUserToSession. Any idea why it doesn't work ?
here is my code
Resource
#Path("/logIn")
#Singleton
public class UserResource extends baseResource<UserDao, UserEntity>
{
#Path("/authenticateUser")
#GET
#UnitOfWork
public String loginUser(#Context HttpServletRequest req #QueryParam("callback") String callback, #QueryParam("loginInfo") LoginInfo loginInfo) throws JsonProcessingException
{
if(SessionManager.isUserConnected(req))
{
return ResourceResponse.getResourceJsonString("null", callback, "true", ErrorMessageEnum.SUCCESS);
}
String userName = loginInfo.username;
String plainTextPassword = loginInfo.password;
UserEntity user = objectDao.logIn(userName, plainTextPassword);
if(user != null)
{
SessionManager.loginUserToSession(req, user.getUserId(), userName);
return ResourceResponse.getResourceJsonString(user.getUserStatus(), callback, "true", ErrorMessageEnum.SUCCESS);
}
return ResourceResponse.getResourceJsonString("null", callback, "false", ErrorMessageEnum.LOGIN_FAILED);
}
#Path("/updatePassword")
#GET
#UnitOfWork
public String updatePassword(#Context HttpServletRequest req, #QueryParam("callback") String callback, #QueryParam("oldPwd") String oldPwd, #QueryParam("newPwd") String newPwd) throws JsonProcessingException
{
if(SessionManager.isUserConnected(req))
{
short userId = SessionManager.getUserId(req);
ObjectDaoResponse res = objectDao.updatePassword(userId, oldPwd, newPwd);
return ResourceResponse.getResourceJsonString(res.getObjectJsonString(), callback, res.getSuccess(), res.getCode());
}
else
{
return ResourceResponse.getResourceFailResponseString(callback, ErrorMessageEnum.USER_NOT_CONNECTED);
}
}
}
SessionManager.java
public static void loginUserToSession(HttpServletRequest req, short userId, String userName)
{
if(req == null)
{
return;
}
HttpSession session = req.getSession(true);
session.setAttribute(ATTRIBUTE_USER_NAME, userName);
session.setAttribute(ATTRIBUTE_USER_ID, userId);
session.setAttribute(ATTRIBUTE_USER_CONNECTED, true);
}
public static boolean isUserConnected(HttpServletRequest req)
{
if(req == null)
{
return false;
}
HttpSession session = req.getSession(false);
if(session != null)
{
boolean userConnected = (boolean) session.getAttribute(ATTRIBUTE_USER_CONNECTED);
if(userConnected)
{
return userConnected;
}
System.out.Println("session.getAttribute(ATTRIBUTE_USER_CONNECTED)== null");
}
return false;
}
Please change into Resource like this:
public String loginUser(#Context HttpServletRequest req #QueryParam("callback") String callback, #QueryParam("loginInfo") LoginInfo loginInfo) throws JsonProcessingException
{
if(SessionManager.isUserConnected(req))
{
return ResourceResponse.getResourceJsonString("null", callback, "true", ErrorMessageEnum.SUCCESS);
}else{
String userName = loginInfo.username;
String plainTextPassword = loginInfo.password;
UserEntity user = objectDao.logIn(userName, plainTextPassword);
if(user != null)
{
SessionManager.loginUserToSession(req, user.getUserId(), userName);
return ResourceResponse.getResourceJsonString(user.getUserStatus(), callback, "true", ErrorMessageEnum.SUCCESS);
}
}
}
Above was the flow error , whatever i got, Now you have to setattribute into session scope then use this:
HttpSession session = request.getSession();
session.setAttribute("UserName", "Usename_Value");
Or for request Scope use this:
request.setAttribute("attributeName",yourStringVAlue);
It turns out that for some reason google postman don't send the HttpServletRequest as it should be. so jersey translate it like new user and create an empty new HttpServletRequest. Conclusion do not test your server side with Google's postman
when i try to send the request from my client it work fine.
I have an spring mvc web application in which users login to session "session.setAttribute" classically. Whenever I need loggedin user data I use this data.
Now I want to add android app and what I want to learn do I have to add additional methods for each android request and send user data within it?
Or Is there away to make a request to same methods.
What is the consept for this kind of cloud apps? Do I have to write different methods for android requests? Because it is not possible session.getAttribute when wemake an android request, it returns null.
User user = userService.getByUserNameAndPassword(userName, password);
if (user != null) {
if (user.isActive()) {
Account account = new Account(user, request.getRemoteAddr());
HttpSession httpSession = request.getSession(true);
AccountRegistry.add(httpSession);
httpSession.setAttribute(Constant.ACCOUNT, account);
result.put(Constant.REF, Constant.SUCCESS);
}
public class Account {
private UserRightsHandler userRightsService = null;
private User user;
private String ipAddress;
private boolean admin;
public Account(User user, String ipAddress) {
this.user = user;
this.ipAddress = ipAddress;
userRightsService = new UserRightsHandler(user);
setAdmin(userRightsService.isAdmin());
}
public UserRightsHandler getUserRightsService() {
return userRightsService;
}
public User getUser() {
return this.user;
}
public String getIpAddress() {
return ipAddress;
}
public boolean isAdmin() {
return admin;
}
private void setAdmin(boolean admin) {
this.admin = admin;
}
}
public class AccountRegistry {
private static final Map<String, HttpSession> sessions = new HashMap<String, HttpSession>();
public static void add(HttpSession session) {
sessions.put(session.getId(), session);
}
public static void remove(HttpSession session) {
if (session != null) {
sessions.remove(session.getId());
session.setAttribute(Constant.ACCOUNT, null);
session.invalidate();
}
}
public static HttpSession getByHttpSessionID(String httpSessionID) {
Set<String> keys = sessions.keySet();
Iterator it = keys.iterator();
while (it.hasNext()) {
String sID = (String) it.next();
HttpSession session = sessions.get(sID);
if (sID.equals(httpSessionID)) {
return session;
}
}
return null;
}
public static void removeByHttpSessionID(String httpSessionID) {
HttpSession session = getByHttpSessionID(httpSessionID);
remove(session);
}
public static Account getCurrentAccount() {
HttpServletRequest request = ContextFilter.getCurrentInstance().getRequest();
HttpSession session = request.getSession();
return (Account) session.getAttribute(Constant.ACCOUNT);
}
}
#RequestMapping(value = "/changeStatus", method = RequestMethod.POST)
public #ResponseBody
String changeStatus(HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {
User editor = AccountRegistry.getCurrentAccount().getUser();
}
You can ask user send their user and password at the start of Android app via custom authenticate request like /appLogin then if it is correct creditentals you can return a key to user (to app) and store it to some variable during app run. Then when user want to do something send a request to server you can send it to a function with mapping like /appExampleService then you can check at that function this key and device valid depending on how you handle custom login process then this function call existing function that is used for web browsers that have mapping /exampleService. For example;
#JsonSerialize
#RequestMapping("/appExampleService")
public int someServiceForAppClient(
#RequestParam(value = "key", required = true) String apikey,
#RequestParam(value = "param", required = true) String someParam{
String name=userDAO.getUsernameFromApiKey(apikey);
return someService(someParam, name);
}
#JsonSerialize
#RequestMapping("/exampleService")
public int someServiceForWebClient(
#RequestParam(value = "param", required = true) String someParam) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String name = auth.getName();
return someService(someParam, name);
}
public int someService(String someParam,String name){
return doBusiness(someParam, name);
}
userDAO is just something I created for to get info of user with given key. And there is a service for App login as well which return that key to user when he started the app send his username and pass