Java EE 6 form-authentication and FacesContext.isUserInRole - java-ee-6

I'm using a form-based authentication (with a JDBC-realm) to authenticate users in my EE application. I created a /home/* section, which is only accessible if a user is in the role USER or ADMIN.
Everything is working fine, but the problem is that when I use the FacesContext.getCurrentInstance().getExternalContext().isUserInRole(role)-Method (for example to decide whether some UI-components are shown on the gui or not), the return value always is false.
I have absolutely no idea why the method always returns false. What am I missing?
The most confusing thing is, that I have implemented the exact same behaviour in another project (on the same glassfish-server-instance) and it works there.

I just found the problem: I forgot to add the #DeclareRoles() annotation.
You have to Declare the roles you want to use somewhere in your application. I for example use a SingletonEJB in which I declare the roles I'm using (using the DeclareRoles-Annotation).
Example:
#Singleton
#LocalBean
#DeclareRoles({ "ADMIN", "USER" })
public class Application {
}

Related

Browse Database EF ASP.Net Core MVC

I'm playing around with a web application using the above and visual studio 2016 community. I've pretty much still got the default project using Individual User Account as the authentication. So it's built all the views and models around authentication and I can register accounts and log in. I'm now wanting to add some attributes to the default and running into some unknowns.
First question is about writing some non-default attributes. I've looked into how it's writing the default attributes (email and phone) and there are actually methods in the UserManager library class to update these attributes
public virtual Task<IdentityResult> SetEmailAsync(TUser user, string email);
and
public virtual Task<IdentityResult> SetPhoneNumberAsync(TUser user, string phoneNumber);
Obviously I can't add methods for my own attributes like SetTagLineAsync... because this is a library class. I found it a little strange that they have such specific methods in a library but anyway I have the user object in context in my controller (which you can see above in the virtual methods) and I think I should be able to just update that object and call this method
public virtual Task<IdentityResult> UpdateAsync(TUser user);
And it'll update the user in the database to use the attributes I've set on the user. But this leads into my second question, because I'm not certain how this works yet I would want to try the above method and then go check in the database if it did update the attribute I wanted.
Second question: How do I view the projects database? There is obviously a database that was created with the project template and it is persistent because if I run the web app and register, when I run it again I can log in as that user. When I make a change to the ApplicationUser class I also have to add a migration and update the database through package manager console. I can see in my app settings
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-MyApp-3B07911E-A6DD-4B3E-A533-57B04E37B791;Trusted_Connection=True;MultipleActiveResultSets=true"
I don't have SQL server installed if that matters, just whatever sql stuff was installed with VS. In other projects i just go to Server Explorer and my database appears under Data Connections. I've tried to add the data connection but when I do, I add the server name (localdb) – i also tried without the brackets – and then when I try to select a database name it throws connection errors. I've also tried doing this while the webapp is open by disconnecting the debugger and trying the same process in case it only exists while it's running but same thing. Any ideas?
Obviously I can't add methods for my own attributes like SetTagLineAsync...
You can add your own method(s) inheriting from UserManager class.
UpdateAsync vs. SetXXXAsync methods
SetXXXAsync methods are more complex and have additional logic inside. For example SetEmailAsync and SetPhoneAsync are not only setting Email and Phone property/column, but also EmailConfirmed = false and PhoneConfirmed = false. Both are also setting new security stamp that is used to indicate, if user changed profile. In that case he/she needs to perform new login on (other) devices(rejecting cookies that was set before the change happened). Which is useful security feature. It will be really bad if you change your password, but cookies set with old one will still work.
public virtual async Task<IdentityResult> SetPhoneNumberAsync(TUser user, string phoneNumber)
{
ThrowIfDisposed();
var store = GetPhoneNumberStore();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
await store.SetPhoneNumberAsync(user, phoneNumber, CancellationToken);
await store.SetPhoneNumberConfirmedAsync(user, false, CancellationToken);
await UpdateSecurityStampInternal(user);
return await UpdateUserAsync(user);
}
How do I view the projects database?
You have to use (localdb)\MSSQLLocalDB as server name.
LocalDb is development database and may be installed during Visual Studio installation.
Related links:
Introduction to Identity on ASP.NET Core
UserManager class (source code)
What is ASP.NET Identity's IUserSecurityStampStore interface?
How to connect to LocalDB in Visual Studio Server Explorer?
Introducing LocalDB, an improved SQL Express

GWT activities and places. External link always start default place

I have lost all the morning searching for this problem on internet and nobody seems to face this problem.
My GWT application navigate very well. But as a logic requirement on my application it generates an email with a link to my application. The link is something like this:
http://server#place:token
Well, it navigate always to the same DefaultPlace i declare on initialization.
I have write a lot of logs in the client side. And it ignores completely the request. Even if i type this url in the browser, it loads default place.
My application navigates very well between places internally but now i realize that it happens not only with one particular place, but any place.
Could some one help me to realize what would be the problem. I could write the code if any want to see.
This is my PlacehistoryMapper:
#WithTokenizers({DefaultPlace.Tokenizer.class,
AuthenticationPlace.Tokenizer.class,
ProcessSnCallbackPlace.Tokenizer.class,
GatherUserInfoPlace.Tokenizer.class,
LoadProfilePlace.Tokenizer.class,
RegisterPlace.Tokenizer.class})
public interface AppPlacesHistoryMapper extends PlaceHistoryMapper
}
This is my ActivityMapper in getActivity override:
#Override
public Activity getActivity(Place place) {
Provider provider = getProvider(place);
if (provider == null) {
browserUtils.log("Error: " + place.getClass().getCanonicalName() + " Place is not mapped.");
return null;
}
return (Activity) provider.get();
}
And all activities all injected by GIN and works fine. But always when debug the default place is the only i see in those line. However if i change the place by goTo it works fine.
Thanks in advance.
Cheers
Albert.

How to add short description in ATG Component?

How to add short description for component property in ATG.
Ex: If we see loggingDebug property in a Nucleus componenet Short description will shown as True if debug log events should be generated. How to create such description for my property in component>
Simple Answer:
You cannot add a description for an individual property.
You can add a description for a component by specifying a $description in the .properties file
More Complex Answer:
For viewing in the dyn/admin screens, each Nucleus component is associated with an Admin Servlet. It is the Admin Servlet of the component that renders the admin screen (not a JSP or JHTML page).
For a given component, the admin interface determines the admin servlet to use for rendering the screen by querying the component.
ATG packages a number of admin servlets with the platform. The default one is ServiceAdminServlet and is associated with the GenericService. So anything that extends from GenericService - most of the components you write - gets an admin screen that is rendered by ServiceAdminServlet. There is a different one for the Repository class - which is why the admin screen for a repository component looks different to that for most other components.
You can implement your own admin interface for your components by implementing your own AdminServlet class, and overwriting the getAdminService() method (defined in the AdminableService interface) on your component to return an instance of your custom admin servlet.
However, GenericService already implements the interface, and provides a convenient extensible hook method createAdminServlet(), and it is preferable to extend ServiceAdminServlet than creating your own AdminServlet from scratch.
The ServiceAdminServlet class defines a printAdmin(...) method which you override to output the custom HTML needed.
Caveat:
In my original answer, I had missed out the More Complex section, because I think that it is far more effort for little gain. However, I have updated my answer to be more complete.
I have been working, very hands-on, with the ATG platform since 1998, and never once have I had reason to create my own admin interface.
I think what you need is create the MyComponentBeanInfo.java.
if you look inside the ATG_PATH\DAS\src\Java\atg\droplet, will see something like this: Component.java and your descriptor ComponentBeanInfo.java.
i have searched in oracle docs and i found this link:Oracle Docs: BeanInfo Example
inside in your componente will be:
paramDescriptors[0] = new ParamDescriptor("myProperty",
"this is my short description",
DynamoServlet.class,
false, true, outputDescriptors);
beanDescriptor = new BeanDescriptor(MyComponent.class);
beanDescriptor.setShortDescription("A custom servlet bean.");
beanDescriptor.setValue("paramDescriptors", paramDescriptors);
beanDescriptor.setValue("componentCategory", "Servlet Beans");

Grails, extending with Rest

I have an existing domain, controller, view (auto generated for the latter) which works as expected in the browser.
It also works in curl if I have a URL of the .../user/show/1 or .../user/show ie I use an action which goes against REST principles.
So, I have added to the URLMappings file
"/rest/user/$id?"(resource: "user")
which uses the auto generated controller.
The now works with curl and .../rest/user/1 but not .../rest/user - it runs the show method rather than the index method. But .../user does go to index and return a list.
Though the browser continues to work, I notice that the URLs are of the rest/user variety.
So I get the feeling I have not really understood this. Can I have two rules in the URLMappings file that point to the same place? According to the Grails 2.4.4 docs, a url with no id will use the index() method yet ..../rest/user is not - it goes to show().
What I have works but I am pretty sure I have not done it right.
Regards,
John
I think grails creates Restful UserController for your domain. But if you already have got the UserController your own controller is used. You have to make it RESTFul. Take a look into 9.1.5.1 Extending the RestfulController super class
Also try to create urlmapping your controller manaully.

Similar path in Jersey with empty parameters

I'm having an issue with Jersey, I have two path, let's say
user/comments/{username}
and
user/{username}
The first gives you the comments from an user, the second one shows you the profile of the user.
If someone use an empty parameter in the first url as user/comments/ obviously the second method is called and you get the profile of the user "comments".
There's a way where you can "reserve" to jersey some parameter or it's more a design problem and I should refactor the paths?
I'd use the following paths, which correctly represent the user -> comment hierarchy and also avoid the name collision issue:
user/{username}/comments
and
user/{username}
You can check in the second method if the user is "comments" and call the first one instead of the behavior. I never heard of jersey with an defined procedure to check this.
Of course, everything will work till the user that registered with the appropriate "comments" login sends you a mail complaining about your site not working; so yes, I think the best option would be to refactor it...