Spring's Security "hasPermission" method has an implementation, which (as I get) is intended for passing class name (targetType) and Object Id (Serializable).
So could you please explain (at least in general) how to do this implementation right?
I've searched for example of passing object ID and found no any (even at Spring's doc).
In my situation I want to check for User's DELETE permission on some of my classes (for instance, "Goal"). All of these classes has universal methods and fields, so I can have universal logic for checking permission inside a PermissionEvaluator.
For doing this I'm intended to pass an Object's ID and Object's class name into PermissionEvaluator and do the check here like this:
#PreAuthorize("hasPermission(#id, 'Goal','DELETE')")
It sounds pretty good till it not comes to the implementation, because I don't really understand how can I get Object's instance by Class name and Id inside Permission evaluator.
#Component
public class CustomPermissionEvaluator implements PermissionEvaluator
#Override
public boolean hasPermission(Authentication authentication, Serializable serializable, String targetType,
Object permission) {
Yes, I can instantiate object by Class.forName(targetType), but how can I get it's instance by Id (serializable) from appropriate Repository then? (I have different repository for every object).
#Autowiring all of my 30 repositories would be the madness.
Implemented my service, which takes Object ID and Object Type and then sends back Object, which I can later unbox. I used dynamic HQL, so no need in 30+ JPA repositories autowiring (my bad, I missed this possibility at the beginning).
#PersistenceContext
EntityManager entityManager;
static String entityClassPath="com.platform.entity.";
public Object getEntity(String className, Long id) {
String classToQuery = capitalize(className);
/* Check if Entity class exists to decide whether to query DB or not */
try {
Class cls = Class.forName(entityClassPath + className);
} catch (Exception e) {
return null;
}
/* Query DB if Entity class exist */
Query query;
try {
query = entityManager.createQuery("SELECT Q FROM " + classToQuery + " Q WHERE Q.id=?1");
query.setParameter(1, id);
return query.getSingleResult();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
Related
I have a Repository interface and name derived query method in it:
int deleteAllBySpaceIdAndUserId(UUID spaceId, UUID userId);
Calling this method results in Select query first and then Delete query.
What is the point of issuing select? Why isn't it evaluated as single query?
Why do i need it to work this (weirdly) way?
Spring Data doesn't execute direct SQL queries to delete an entity, but uses the EntityManager and it's remove method.
As an example you can look in the class org.springframework.data.jpa.repository.support.SimpleJpaRepository, which provides implementations for the default methods (e.g. deleteById etc.):
public void delete(T entity) {
Assert.notNull(entity, "Entity must not be null!");
if (entityInformation.isNew(entity)) {
return;
}
Class<?> type = ProxyUtils.getUserClass(entity);
T existing = (T) em.find(type, entityInformation.getId(entity));
// if the entity to be deleted doesn't exist, delete is a NOOP
if (existing == null) {
return;
}
em.remove(em.contains(entity) ? entity : em.merge(entity));
}
Since the remove method of the EntityManager takes the entity object itself, and not just an ID value or similiar, Spring Data has to execute the find method with the chosen parameters (either ID, or in your case 2 values), to get the actual entity object and then to remove it from the EntityManager.
I have this AccountantRepository class
#Repository("accountantRepository")
#Transactional
public interface AccountantRepository extends JpaRepository<Accountant, Long>
In AccountantServiceImpl
#Service("accountantService")
public class AccountantServiceImpl implements AccountantService{
#Autowired
private AccountantRepository accountantRepository;
#Override
public Accountant saveAccountant(Accountant newAccountant, String role) {
return accountantRepository.save(newAccountant);
}
}
when i do this accountantRepository.save(newAccountant);
how do I obtain the id of the newly created record?
Use the returned instance by JpaRepository.save(). It will contain the id valued.
The CrudRepository.save() method (where save() is declared) specifies :
Use the returned instance for further operations as the save operation
might have changed the entity instance completely.
You can directly take the id from the entity itself. newAccountant.getId()( or what ever be the field) will return the data after save method has been called .
Shown below-
#Override
public int saveAccountant(Accountant newAccountant, String role) {
accountantRepository.save(newAccountant);
return newAccountant.getId();
}
This reference will be available in hibernate session and hibernate will set the id to the persisited object.
I am trying to store my user Object as a singleton with Dagger 2.
#Provides
#Named("me")
#Singleton
User provideUser(PrefsUtil prefsUtil, UserDao userDao) {
int id = prefsUtil.getFromPrefs("me", 0);
if (id == 0){
return new User();
}
try {
return userDao.queryForId(id);
} catch (SQLException e) {
return new User();
}
}
It works fine and injects my classes with User object.
However, after logging in and fetching the user from server and storing it in the place the above method queries it from, it will not take effect because it is a singleton. It will provide me with the null user object. In order for it to take effect you have to quit application and reopen it...
The question is how to update/reinitialize the user object annotated with #Name("me") after the actual data is changed so it injects my other classes with the current user object?
I'm not going to answer your direct question, but give you an advice how to properly implement the functionality that you need.
You are basically trying to implement some kind of UserManager functionality. But instead of encapsulating this logic in a dedicated class, you attempt to delegate the user management responsibilities to DI framework.
This is an abuse of DI framework and very sloppy path to go.
What you need is just this:
#Provides
#Singleton
UserManager provideUserManager(PrefsUtil prefsUtil, UserDao userDao) {
return new UserManager(prefUtils, userDao);
}
And expose the required funcitonality in UserManager:
public class UserManager {
private final PrefsUtil mPrefsUtil;
private final UserDao mUserDao;
public UserManager(PrefsUtil prefsUtil, UserDao userDao) {
mPrefsUtil = prefsUtil;
mUserDao = userDao;
}
public User getCurrentUser() {
int id = mPrefsUtil.getFromPrefs("me", 0);
if (id == 0){
return new User();
}
try {
return mUserDao.queryForId(id);
} catch (SQLException e) {
return new User();
}
}
}
You can see this and this answers in order to get some additional context about DI framework abuse.
You might also want to read this post: Dependency Injection in Android.
Then it no longer may be annotated with Singleton. You have to create your custom Scope.
Then you take responsibility for the object annotated with your custom scope. As soon as your User has been updated you are getting rid of the previous component that provided User object, i.e. nulling it out. Then you are creating a new component and the next time you ask the component to fetch you the User it will create a new one.
Be aware, that any other provider method in the module, that was annotated with your custom scope, will also return newly created object.
Here's a blog post describing how to do that.
I have run into LazyInitializationException and then I ran into the following paragraph from the official doc. Unfortunately, it makes absolutely no sense to me. Please help.
(The code block above the paragraph in the doc.)
#GET
#Timed
#UnitOfWork
public Person findPerson(#PathParam("id") LongParam id) {
return dao.findById(id.get());
}
Important
The Hibernate session is closed before your resource method’s return
value (e.g., the Person from the database), which means your resource
method (or DAO) is responsible for initializing all lazily-loaded
collections, etc., before returning. Otherwise, you’ll get a
LazyInitializationException thrown in your template (or null values
produced by Jackson).
First The Hibernate session is closed before your resource method’s return value. How is this possible? This would have been possible had there been a try-finally block around my resource's return statement, but that is not the case here.
My resource should have been invoked by another method, which I am guessing would open the Hibernate session before my resource method is invoked and would then close the session after my resource method returns. How can it close it before my method returns. I don't get it.
The most important part - which means your resource method (or DAO) is responsible for initializing all lazily-loaded collections, etc., before returning. I have no Hibernate experience. I am using it for the first time now. How do I initialize, or rather what is exactly is meant by "initialize" in context of Hibernate? A code example will help a lot.
PS: This question might look odd, and someone at a cursory glance might even suggest to move it to "English Language and Usage", but please read it carefully. This is a technical question, not paragraph dissection.
Edit:
Added the code block from the doc else it won't make sense anyone. Also I removed one paragraph from my question, which became clear to me, immediately after posting the question.
First The Hibernate session is closed before your resource method’s
return value. How is this possible? This would have been possible had
there been a try-finally block around my resource's return statement,
but that is not the case here.
I know nothing about Dropwizard. So let's see the source (I change it a bit).
From UnitOfWorkAwareProxyFactory
class UnitOfWorkAwareProxyFactory {
public <T> T create(Class<T> clazz) {
final ProxyFactory factory = new ProxyFactory();
factory.setSuperclass(clazz);
final Proxy proxy = (Proxy) factory.createClass().newInstance();
proxy.setHandler(new MethodHandler() {
#Override
public Object invoke(Object self, Method overridden,
Method proceed, Object[] args) {
final UnitOfWork unitOfWork = overridden.getAnnotation(UnitOfWork.class);
final UnitOfWorkAspect unitOfWorkAspect = new UnitOfWorkAspect(sessionFactories);
try {
unitOfWorkAspect.beforeStart(unitOfWork);
Object result = proceed.invoke(self, args);
unitOfWorkAspect.afterEnd();
return result;
} catch (Exception e) {
unitOfWorkAspect.onError();
throw e;
}
}
});
return (T) proxy;
}
}
if you have a class
class PersonDao {
#UnitOfWork
public Person findPerson(LongParam id) {
return dao.findById(id.get());
}
}
You can do something like this
UnitOfWorkAwareProxyFactory factory = new UnitOfWorkAwareProxyFactory();
PersonDao proxy = factory.create(PersonDao.class);
when you do
Person person = proxy.findPerson(1L);
that line becomes
unitOfWorkAspect.beforeStart(unitOfWork);
Object result = findPerson.invoke(proxy, 1L);
unitOfWorkAspect.afterEnd();
return result;
Methods unitOfWorkAspect.beforeStart(unitOfWork) and unitOfWorkAspect.afterEnd() from the source UnitOfWorkAspect
class UnitOfWorkAspect {
public void beforeStart(UnitOfWork unitOfWork) {
session = sessionFactory.openSession();
configureSession();
beginTransaction();
}
public void afterEnd() {
try {
commitTransaction();
} catch (Exception e) {
rollbackTransaction();
throw e;
} finally {
session.close();
}
}
}
The most important part - which means your resource method (or DAO) is responsible for initializing all lazily-loaded collections, etc., before returning. I have no Hibernate experience. I am using it for the first time now. How do I initialize, or rather what is exactly is meant by "initialize" in context of Hibernate?
Initialize in this context means the collection data should be loaded from a database. Some methods of an initialization
1.Use an eager loading, for an example
class User {
#ManyToMany(fetch = FetchType.EAGER)
private List<Role> roles;
}
Hibernate will load roles via joins or subselects, when you get a User entity.
Use Hibernate.initialize(user.getRoles())
Use join fetch in HQL — from User user left join fetch user.roles
Use Criteria with setFetchMode()
Use fetch profiles, entity graphs. Don't know can entity graphs be used with a session, it is a JPA feature: http://docs.jboss.org/hibernate/orm/5.1/userguide/html_single/chapters/fetching/Fetching.html
If you don't need to fetch collections, you can use a partial objects loading with transforming to the root entity: How to transform a flat result set using Hibernate
I'm new to using JPA and trying to transition my code from JdbcTemplate to JPA. Originally I updated a subset of my columns by taking in a map of the columns with their values and created the SQL Update string myself and executed it using a DAO. I was wondering what would be the best way to do something similar using JPA?
EDIT:
How would I transform this code from my DAO to something equivalent in JPA?
public void updateFields(String userId, Map<String, String> fields) {
StringBuilder sb = new StringBuilder();
for (Entry<String, String> entry : fields.entrySet()) {
sb.append(entry.getKey());
sb.append("='");
sb.append(StringEscapeUtils.escapeEcmaScript(entry.getValue()));
sb.append("', ");
}
String str = sb.toString();
if (str.length() > 2) {
str = str.substring(0, str.length() - 2); // remove ", "
String sql = "UPDATE users_table SET " + str + " WHERE user_id=?";
jdbcTemplate.update(sql, new Object[] { userId },
new int[] { Types.VARCHAR });
}
}
You have to read more about JPA for sure :)
Once entity is in Persistence Context it is tracked by JPA provider till the end of persistence context life or until EntityManager#detach() method is called. When transaction finishes (commit) - the state of managed entities in persistence context is synchronized with database and all changes are made.
If your entity is new, you can simply put it in the persistece context by invoking EntityManager#persist() method.
In your case (update of existing entity), you have to get a row from database and somehow change it to entity. It can be done in many ways, but the simpliest is to call EntityManager#find() method which will return managed entity. Returned object will be also put to current persistence context, so if there is an active transaction, you can change whatever property you like (not the primary key) and just finish transaction by invoking commit (or if this is container managed transaction just finish method).
update
After your comment I can see your point. I think you should redesign your app to fit JPA standards and capabilities. Anyway - if you already have a map of pairs <Attribute_name, Attrbute_value>, you can make use of something called Metamodel. Simple usage is shown below. This is naive implementation and works good only with basic attributes, you should take care of relationships etc. (access to more informations about attributes can be done via methods attr.getJavaType() or attr.getPersistentAttributeType())
Metamodel meta = entityManager.getMetamodel();
EntityType<User> user_ = meta.entity(User.class);
CriteriaBuilder cb = entityManager.getCriteriaBuilder();
CriteriaUpdate<User> update = cb.createCriteriaUpdate(User.class);
Root e = update.from(User.class);
for( Attribute<? super User, ?> attr : user_.getAttributes() ) {
if (map.containsKey(attr.getName())) {
update.set(attr, map.get(attr));
}
}
update.where(cb.equal(e.get("id"), idOfUser));
entityManager.createQuery(update).executeUpdate();
Please note that Update Criteria Queries are available in JPA since 2.1 version.
Here you can find more informations about metamodel generation.
Alternatively to metamodel you can just use java reflection mechanisms.
JPA handles the update. Retrieve a dataset as entity using the entitymanager, change the value and call persist. This will store the changed data in your db.
In case you are using Hibernate(as JPA provider), here's an example
Entity
#Entity
#Table(name="PERSON")
public class Person {
#Id #GeneratedValue(strategy=GenerationType.IDENTITY)
private int id;
#Column(name="NAME", nullable=false)
private String name;
other fields....
}
DAO
public interface PersonDao {
Person findById(int id);
void persist(Person person);
...
}
DaoImpl
#Repository("personDao")
public class PersonDaoImpl extends AnAbstractClassWithSessionFactory implements PersonDao {
public Person findById(int id) {
return (Person) getSession().get(Person.class, id);
}
public void persist(Person person){
getSession().persist(person);
}
}
Service
#Service("personService")
#Transactional
public class PersonServiceImpl implements PersonService {
#Autowired
PersonDao personDao;
#Override
public void createAndPersist(SomeSourceObject object) {
//create Person object and populates with the source object
Person person = new Person();
person.name = object.name;
...
personDao.persist(person);
}
#Override
public Person findById(int id) {
return personDao.findById(id);
}
public void doSomethingWithPerson(Person person) {
person.setName(person.getName()+" HELLO ");
//here since we are in transaction, no need to explicitly call update/merge
//it will be updated in db as soon as the methods completed successfully
//OR
//changes will be undone if transaction failed/rolledback
}
}
JPA documentation are indeed good resource for details.
From design point of view, if you have web interfacing, i tends to say include one more service delegate layer(PersonDelegateService e.g.) which maps the actual data received from UI to person entity (and viceversa, for display, to populate the view object from person entity) and delegate to service for actual person entity processing.