Spring Security Http status 406 - java

I'm working on login with http basic, following this http://howtodoinjava.com/2013/04/16/login-form-based-spring-3-security-example/
and it works well, but some of my page give me http status 406 when I try to load them,I try some answer from similar cases but none of them works(maybe because I just implementing them as close as I can)Any suggestion?
thanks
this is my requestController that still work fine
#Controller
#RequestMapping(value = "/request")
public class RequestController {
#Autowired
private UploadFileService uploadFileService;
#RequestMapping(value = "", method = RequestMethod.GET)
public ModelAndView index() {
return new ModelAndView("page/request-view-table-req");
}
#RequestMapping(value = "/upload", method = RequestMethod.POST)
public String upload(#RequestParam("file") MultipartFile file) {
try {
if (file.getOriginalFilename().endsWith("XLS") || file.getOriginalFilename().endsWith("xls")) {
Excel excel = new Excel(file);
excel.convertToUF();
uploadFileService.add(excel.getListUF());
}
return "redirect:/";
} catch (NullPointerException ex) {
return "redirect:/";
}
}
}
this is templateController that return http status 406
#Controller
#RequestMapping(value = "/template")
public class TemplateController {
#Autowired
private RequestTemplateService requestTemplateService;
#RequestMapping(value = "", method = RequestMethod.GET)
#ResponseBody
public ModelAndView templateView(Model model) {
list_all_template(model);
return new ModelAndView("page/template-add");
}
#RequestMapping(value = "/add", method = RequestMethod.GET)
#ResponseBody
public ModelAndView templateAdd(Model model) {
list_all_template(model);
return new ModelAndView("page/template-add");
}
#RequestMapping(value = "/add/new", method = RequestMethod.POST)
#ResponseBody
public String addTemplate(#ModelAttribute RequestTemplate rt, Model model) {
requestTemplateService.add(rt);
list_all_template(model);
return "redirect:/template";
}
#RequestMapping(value="/delete", method = RequestMethod.GET)
#ResponseBody
public ModelAndView deleteSelected (#RequestParam(value = "nama", required = true) String nama,
Model model)
{
delete_by_nama(nama);
list_all_template(model);
return new ModelAndView("page/template-add");
}
#RequestMapping(value="/update", method = RequestMethod.GET)
#ResponseBody
public ModelAndView updateSelected (#RequestParam(value = "nama", required = true) String nama,
#RequestParam(value = "template") String template,
Model model)
{
requestTemplateService.updateByNama(nama, template);
list_all_template(model);
return new ModelAndView("page/template-view");
}
#RequestMapping(value="/view", method = RequestMethod.GET)
#ResponseBody
public ModelAndView viewSelected (#RequestParam(value = "nama", required = true) String nama,
HttpServletRequest request, HttpServletResponse response, Model model)
{
list_all_template(model);
get_template_by_name(model, nama);
return new ModelAndView("page/template-view");
}
public void delete_by_nama(String nama) {
requestTemplateService.deleteByNama(nama);
}
public void get_template_by_name(Model model, String nama) {
List<RequestTemplate> selectedTemplate = requestTemplateService.getByNama(nama);
model.addAttribute("selectedTemplate", selectedTemplate);
}
public void list_all_template(Model model) {
List<RequestTemplate> RequestTemplates = requestTemplateService.findAll();
model.addAttribute("RequestTemplates", RequestTemplates);
}
}
this is my application-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/accessdenied" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" default-target-url="/denied" authentication-failure-url="/accessdenied" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="lokesh" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
this is spring-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<mvc:annotation-driven/>
<mvc:resources mapping="/resources/**" location="/resources/" />
<!-- Scan classpath for annotations (eg: #Service, #Repository etc) -->
<context:component-scan base-package="com.kartuku.somuploader, com.kartuku.somuploader.controller, com.kartuku.somuploader.service, com.kartuku.somuploader.model"/>
<!-- Resolve view name into jsp file located on /WEB-INF -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<!-- MySQL Datasource with Commons DBCP connection pooling -->
<bean class="org.apache.commons.dbcp.BasicDataSource" id="dataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/prosom"/>
<property name="username" value="root"/>
<property name="password" value=""/>
</bean>
<!-- EntityManagerFactory -->
<bean class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" id="entityManagerFactory">
<property name="persistenceUnitName" value="persistenceUnit"/>
<property name="dataSource" ref="dataSource"/>
</bean>
<!-- Transaction Manager -->
<bean class="org.springframework.orm.jpa.JpaTransactionManager" id="transactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory"/>
</bean>
<!-- another bean -->
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="10000000"/>
</bean>
<!-- Enable #Transactional annotation -->
<tx:annotation-driven/>
</beans>


Try removing #ResponseBody from TemplateController. This may not a Spring Security related issue.

Related

Spring #Scheduled does not work appropriate

I have a method that should run at some delay, make request to api and add the new photo to database. So, addPhoto is working fine. It can print some info, make a request, but doesn't add the photo. I checked the database and there are only one photo, that i added manually.
#Component("restBean")
#Service
public class RestService {
private static final String url1 = "https://api.nasa.gov/mars-photos/api/v1/rovers/curiosity/photos?sol=1324&camera=fhaz&api_key=DEMO_KEY";
private PhotoDao photoDao;
#Autowired
public void setPhotoDao(PhotoDao photoDao) {
this.photoDao = photoDao;
}
#Scheduled(fixedRate = 5000)
public void addPhoto() {
System.out.println("TIME HAS COME");
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<Response> response = restTemplate
.getForEntity(url1,
Response.class);
Photo[] photos = response.getBody().getPhotos();
this.photoDao.save(photos[0]);
}
}
I have tested this method and all works except the last string. I checked that i get the response and can get the object from it.
this.photoDao.save(photos[0]);
That's my DAO class
#Repository
public class PhotoDaoImpl implements PhotoDao {
private static final Logger logger = LoggerFactory.getLogger(PhotoDaoImpl.class);
private SessionFactory sessionFactory;
public void setSessionFactory(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
#Override
public void save(Photo photo) {
Session session = this.sessionFactory.getCurrentSession();
session.persist(photo);
logger.info("Photo successfully saved. Photo details: {}", photo);
}
#Override
public Photo findOne(int id) {
Session session = this.sessionFactory.getCurrentSession();
Photo photo = (Photo) session.load(Photo.class, new Integer(id));
logger.info("Photo successfully loaded. Photo details: {}", photo);
return photo;
}
#Override
#SuppressWarnings("unchecked")
public List<Photo> getAll() {
Session session = this.sessionFactory.getCurrentSession();
That's my spring xml configuration
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd">
<!-- This helps in mapping the logical view names to directly view files under a certain pre-configured directory -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/pages/"/>
<property name="suffix" value=".jsp"/>
</bean>
<!-- Database Information -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url"
value="jdbc:mysql://localhost:3306/DayDatabase"/>
<property name="username" value="root"/>
<property name="password" value="root"/>
</bean>
<!-- Hibernate 4 SessionFactory Bean definition -->
<bean id="hibernate4AnnotatedSessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<property name="packagesToScan">
<list>
<value>net.yan.model</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect
</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
</bean>
<!-- It register the beans in context and scan the annotations inside beans and activate them -->
<context:component-scan base-package="net.yan"/>
<!-- This allow for dispatching requests to Controllers -->
<mvc:annotation-driven/>
<mvc:default-servlet-handler/>
<!-- PhotoDao and PhotoService beans -->
<bean id="photoDao" class="net.yan.dao.PhotoDaoImpl">
<property name="sessionFactory" ref="hibernate4AnnotatedSessionFactory"/>
</bean>
<bean id="photoService" class="net.yan.service.PhotoServiceImpl">
<property name="photoDao" ref="photoDao"/>
</bean>
<bean id="restService" class="net.yan.service.RestService">
<property name="photoDao" ref="photoDao"/>
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="hibernate4AnnotatedSessionFactory"/>
</bean>
<task:scheduled-tasks scheduler="myScheduler">
<task:scheduled ref="restBean" method="addPhoto" fixed-delay="5000"/>
</task:scheduled-tasks>
<task:scheduler id="myScheduler"/>
UPD: To be clear, i have another method, that make request and add to database. It's in the same class that doesn't work.
#EventListener(ContextRefreshedEvent.class)
#Transactional
public void contextRefreshedEvent() {
if (this.photoDao.checkDataBase()) {
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<Response> response = restTemplate
.getForEntity(url,
Response.class);
Photo[] photos = response.getBody().getPhotos();
this.photoDao.save(photos[0]);
}
}
UPD2: There's link to full project https://github.com/Kabowyad/Test-Project/tree/api-test/src/main/java/net/yan/service

NPE SessionFactory in Spring/Hibernate integration

I'm a newbie in Spring and Hibernate and I'm having a NPE in this line:
Session session = getSessionFactory().getCurrentSession();
This is my UserDAO class
public class UserDAO implements IUserDAO{
private SessionFactory sessionFactory;
public SessionFactory getSessionFactory() {
return sessionFactory;
}
public void setSessionFactory(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
#Override
public Integer updateUser(User user) {
// TODO Auto-generated method stub
return null;
}
#Override
public User searchUserIfExists(String username, String password) {
Session session = getSessionFactory().getCurrentSession();
Query query = session.createQuery(SEARCH_USER_ACCT);
query.setParameter("username", username);
query.setParameter("password",password);
List<User> userList = query.list();
System.out.println(userList.size());
User user = null;
return user;
}
And this is my UserController
#SessionAttributes(value = {"userSession"})
#Controller
public class UserController {
private IUserDAO userDAO;
#Autowired
public UserController(IUserDAO userDAO) {
this.userDAO = userDAO;
}
#RequestMapping(value = "/processLogin.htm", method=RequestMethod.POST)
public String login(#ModelAttribute User user,#RequestParam("username") String username,
#RequestParam("password") String password,
HttpServletRequest request, HttpServletResponse response){
userDAO = new UserDAO();
User userOb = userDAO.searchUserIfExists(username, password);
if(userOb != null){
ModelAndView modelAndView = new ModelAndView();
String role = userOb.getUserRole();
switch(role){
case "admin":
modelAndView.addObject("userSession", userOb);
modelAndView.addObject("userId", userOb.getUserId());
modelAndView.setViewName("/adminPage_admin");
break;
case "customer":
modelAndView.addObject("userSession", userOb);
modelAndView.addObject("userId", userOb.getUserId());
modelAndView.setViewName("/customerpage_customer");
break;
}
}
return "";
}
}
This is my xml configuration for spring
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<!-- Enable #Controller annotation support -->
<mvc:annotation-driven />
<mvc:default-servlet-handler/>
<!-- Map simple view name such as "test" into /WEB-INF/test.jsp -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/jsp" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<!-- Scan classpath for annotations (eg: #Service, #Repository etc) -->
<context:component-scan base-package="com.nacv2.*"/>
<context:spring-configured/>
<!-- JDBC Data Source. It is assumed you have MySQL running on localhost port 3306 with
username root and blank password. Change below if it's not the case -->
<bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/db_nac"/>
<property name="username" value="root"/>
<property name="password" value=""/>
<property name="validationQuery" value="SELECT 1"/>
</bean>
<!-- Hibernate Session Factory -->
<bean id="mySessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="myDataSource"/>
<property name="packagesToScan">
<array>
<value>com.nacv2.model.*</value>
</array>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.show_sql">${hibernate.show_sql}</prop>
<prop key="hibernate.connection.pool_size">${hibernate.connection.pool_size}</prop>
</props>
</property>
</bean>
<bean id="userDAO" class="com.nacv2.dataaccess.UserDAO">
<property name="sessionFactory" ref="mySessionFactory"/>
</bean>
<!-- Hibernate Transaction Manager -->
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="mySessionFactory"/>
</bean>
<!-- Activates annotation based transaction management -->
<tx:annotation-driven transaction-manager="transactionManager"/>
</beans>

Your problem is actually on this line:
userDAO = new UserDAO();
You have correctly wired Spring and Hibernate, but then you go and create a new object outside their knowledge, which won't know about the injected dependencies. Just use the one that's already been autowired for you.

Spring Internalization to print country in the right language

When I want to access at the page with address?language=en or language=fr, I use the following controller :
public class AddressController {
private static Logger logger = Logger.getLogger(AddressController.class);
#RequestMapping(value="/address",method=RequestMethod.GET)
public ModelAndView init(HttpServletRequest r){
ApplicationContext context = new FileSystemXmlApplicationContext("/WEB-INF/spring-servlet.xml");
SessionLocaleResolver resolver = (SessionLocaleResolver) context.getBean("localeResolver");
String[] locales = resolver.resolveLocale(r).getISOCountries();
//String[] locales = Locale.getISOCountries();
Map<String,String> countryList = new HashMap<String,String>();
for(String countryCode : locales){
Locale loc = new Locale(resolver.resolveLocale(r).getLanguage(),countryCode);
countryList.put(loc.getDisplayCountry(), loc.getDisplayCountry());
logger.info(loc.getDisplayCountry());
}
Map<String,String> tree = new TreeMap<String,String>(countryList);
ModelAndView modelAndView = new ModelAndView("address");
modelAndView.addObject("address",new Address());
modelAndView.addObject("countriesList", tree);
return modelAndView;
}
}
spring-servlet.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="com.application.myGoogleAppEngine.controller" />
<!-- <mvc:annotation-driven /> -->
<!-- Register the messageBundle.properties -->
<bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource" id="messageSource">
<property value="classpath:MessageBundle,classpath:Messages" name="basenames" />
<property value="UTF-8" name="defaultEncoding" />
</bean>
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="fr" />
</bean>
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language" />
</bean>
<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
<ref bean="localeChangeInterceptor" />
</property>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property value="org.springframework.web.servlet.view.JstlView" name="viewClass" />
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
When I access to the controller by calling /address?language=en or /address?language=fr, I notice with the Logger in the loop 'for(String countryCode : locales)' that every country names print in french and not in english.
Do you have any solutions ?

Why don't you use the request parameter 'language' to create the the countries list? The SessionLocaleProvider will always return the same language as long as the session stays alive.
The following code sample takes the parameter to construct a list of localized country names:
#Controller
public class CountriesController {
#RequestMapping(value="/countries", method=RequestMethod.GET)
public ModelAndView getCountries(#RequestParam("language") String language){
List<String> countries = new ArrayList<>();
Locale locale = new Locale(language);
String[] isoCountries = Locale.getISOCountries();
for (String isoCountry : isoCountries) {
Locale countryLoc = new Locale(language, isoCountry);
String name = countryLoc.getDisplayCountry(locale);
if (!"".equals(name)) {
countries.add(name);
}
}
ModelAndView model = new ModelAndView("countries");
model.addObject("model", countries);
return model;
}
}

Struts 2, Spring Plugin + Shiro integration: Autowiring issue

I have an issue with Struts2(2.3.15.1) Spring plugin. I use Shiro for security, and configure it with Annotations. The code looks like this:
public class Order2Action extends BaseAction {
#Autowired private UserDAO userDAO;
private static final Logger log = LoggerFactory.getLogger(Order2Action.class);
#Action(value = "list2",
results = {#Result(name = SUCCESS, location = "list.jsp")}
)
#RequiresRoles(ROLE_DATA_OPERATOR)
public String showOrderList() throws InterruptedException {
log.info("UserDAOImpl {}", userDAO);
return SUCCESS;
}
}
In this case UserDAO is not injected to Action. But if I comment out the string "#RequiresRoles(ROLE_DATA_OPERATOR)" - UserDAO is injected to Action.
What could be the problem here?
My ApplicationContext conf looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<!-- enable processing of annotations such as #Autowired and #Configuration -->
<context:annotation-config/>
<context:component-scan base-package="ee"/>
<bean id="makuDataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
...
</bean>
<!--Shiro security configuration -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/maku/auth/login"/>
<property name="unauthorizedUrl" value="/maku/auth/unauthenticated"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="cacheManager" ref="shiroCacheMan"/>
<property name="realm" ref="jdbcRealm"/>
</bean>
<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="dataSource" ref="makuDataSource"/>
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.PasswordMatcher"/>
</property>
</bean>
<bean name="shiroCacheMan" class="org.apache.shiro.cache.ehcache.EhCacheManager"/>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- Enable Shiro Annotations for Spring-configured beans. Only run after -->
<!-- the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
</beans>
UserDAO:
public interface UserDAO {
User getByUsername(String username);
}
#Repository
public class UserDAOImpl extends AbstractJDBCDAO implements UserDAO {
#Override
public User getByUsername(String username){
return makuTmpl.queryForObject("select id, username, fullname from users where username=?",
new RowMapper<User>() {
#Override
public User mapRow(ResultSet rs, int i) throws SQLException {
User u = new User();
u.setId(rs.getLong( 1 ));
u.setUsername(rs.getString(2));
u.setFullname(rs.getString(3));
return u;
}
}, username);
}
}

Spring MVC & Freemarker session attribute not exposed

I've got a problem with Freemarker's viewResolver with Spring - session attributes are not exposed to view, as it is in Spring's InternalResourceViewResolver.
Now, important part is: when I change from Spring's resolver to Freemarker's one, session attribute is not passed, it's null. When Spring's resolver is working, session is passed.
My code:
dispatcher-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
<bean id="userSession" class="com.revicostudio.web.session.UserSession" scope="session">
</bean>
<context:component-scan base-package="com.revicostudio.web" />
<mvc:annotation-driven />
<!--
<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<property name="templateLoaderPath" value="/WEB-INF/ftl/"/>
<property name="freemarkerVariables">
<map>
<entry key="xml_escape" value-ref="fmXmlEscape"/>
</map>
</property>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<property name="cache" value="true"/>
<property name="prefix" value=""/>
<property name="suffix" value=".jsp"/>
<property name="exposeSpringMacroHelpers" value="true"/>
<property name="exposeRequestAttributes" value="true"/>
<property name="allowRequestOverride" value="false" />
<property name="exposeSessionAttributes" value="true"/>
<property name="allowSessionOverride" value="false" />
<property name="exposePathVariables" value="true"/>
</bean>
<bean id="fmXmlEscape" class="freemarker.template.utility.XmlEscape"/>-->
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/ftl/" />
<property name="suffix" value=".jsp" />
<property name="exposeContextBeansAsAttributes" value="true" />
</bean>
</beans>
LoginController.java:
#Controller
#RequestMapping("/login")
#SessionAttributes("userSession")
public class LoginController {
#Autowired
private UsersDatabaseService usersDatabaseService;
#RequestMapping(method = RequestMethod.POST)
public String login(
#ModelAttribute UserLoginCredentials userLoginCredentials,
UserSession userSession,
final RedirectAttributes redirectAttributes)
{
int failedLoginAttempts = userSession.getFailedLoginAttempts();
if (failedLoginAttempts < LoginConfig.maxLoginTries ||
System.currentTimeMillis()-userSession.getFailedLoginsWaitTimeStart() > LoginConfig.failedLoginsWaitMinutes*60*1000) {
if (usersDatabaseService.isValidPassword(userLoginCredentials.getUsername(), userLoginCredentials.getPassword())) {
userSession.setUser(usersDatabaseService.getUser(userLoginCredentials.getUsername()));
userSession.setFailedLoginsWaitTimeStart(System.currentTimeMillis());
}
else {
failedLoginAttempts++;
if (failedLoginAttempts == LoginConfig.maxLoginTries) {
redirectAttributes.addFlashAttribute("error",
"You've entered invalid username or password more than "
+ LoginConfig.maxLoginTries + " times. Try again in "
+ LoginConfig.failedLoginsWaitMinutes +" minutes.");
}
else {
redirectAttributes.addFlashAttribute("error", "Invalid username or password");
userSession.setFailedLoginAttempts(failedLoginAttempts);
System.out.println(failedLoginAttempts);
}
}
}
else {
redirectAttributes.addFlashAttribute("error",
"You've entered invalid username or password more than "
+ LoginConfig.maxLoginTries + " times. Try again in "
+ LoginConfig.failedLoginsWaitMinutes +" minutes.");
}
return "redirect:/";
}
}
IndexController:
#Controller
#RequestMapping("/index")
public class IndexController {
#RequestMapping(method=RequestMethod.GET)
public String getIndex(Model model) {
return "index";
}
#ModelAttribute("userRegisterCredentials")
public UserRegisterCredentials getUserRegisterCredentials() {
return new UserRegisterCredentials();
}
#ModelAttribute("userLoginCredentials")
public UserLoginCredentials getUserLoginCredentials() {
return new UserLoginCredentials();
}
}
index.jsp:
<body>
<!-- Code for Freemarker -->
<#if error??>
${error}
</#if>
<#if userSession??>
${userSession}
</#if>
<#if !(userSession??)>
b
</#if>
<!-- Code for JSTL -->
${userSession}

You have a session problem because of that redirectAttributes.addFlashAttribute(). which means addFlashAttribute actually stores the attributes in a flashmap (which is internally maintained in the users session and removed once the next redirected request gets fulfilled),
Just try without redirectAttributes.addFlashAttribute() you will get session.
May be this will help you

Categories