JDBCrealm FORM based problem. But BASIC working perfectly alright! - java-ee-6

I successfully configured Glassfish to work with JDBCrealm using Basic Auth. But it's not working for Jsp page. My jsp page is simple using j_security_check and j_username and j_password. It throws me to UnAuthorizedAccess page (login error page). It's strange that it's working for basic auth and not for form based. What can be potential problem can anybody tell?
Also the structure of JDBCrealm table requirement is so ugly, i mean why is it so unnormalized? what if i want to change the structure? like
Users(Userid int, Username varchar(50), Userpassword varchar(50))
Roles(Roleid int, Rolename varchar(20))
UsersXRoles(UsersXRolesId int, UserId int, RoleId int)
??How should i configure this now?
Thanks in advance :)

I found a library that can do it: http://flexiblejdbcrealm.wamblee.org/

You can create a normalized database and create a view for Glassfish. We have the same layout that you described in your post and our view looks like this:
CREATE OR REPLACE VIEW v_user_role_relation AS
SELECT u.username, u.password, g.groupname
FROM user_group_rel ugr
JOIN users u ON u.user_id = ugr.user_id
JOIN groups g ON g.group_id = ugr.group_id::numeric;
However your other problem may have many reasons. Check if you defined your Realm in the server config and not only in the default config (that happened to me once).

Related

TYPO3: How to display Frontendgroup memberships in backend, felogin Extension

I have a TYPO3 v10 instance. The felogin Extension is installed to manage 4000 users in 100 usergroups, lots of tiny projects.
Is there a feature, a trick, an extension to answer this question, while working in the backend:
For a given frontenduser-group what are the feusers that belong to that group?
There does not seem to be a way to display this in the backend. At least not in the "List" module, after clicking on any frontendgroup-name, then working in any of the standard tabs "
General / Options / Access / Notes / Extended"
Right now I get along with SQL statements like
SELECT * FROM fe_users WHERE usergroup like '%261%';
but this is very inconvenient.
I have migrated the users and groups from one old TYPO3 instance to a newer one, and now I want to enable editors to cross-check and review group memberships themselves.
The Stackoverflow "Similar questions" text-analysis tool points out that my question is indeed similar to this one: Extbase fe_user findByUsergroup - but that question is 4 Years old, and perhaps there has been some progress?
I know of such "included" feature. The listview offers a "ref" (references) column which shows you all references to this group. this might help a bit. but contains pages, content elements... and user records in a mix.
Another option is the export a CSV of the website users with the "Groups, column enabled. This should give them all the data to review the group memberships.
If that is not enough, I would create an custom module to create such a view.
Meanwhile, as a workaround, I have used a nonstandard-SQL feature, the group_concat() function, to copy all frontendusernames of each group into the (empty) "description" field of the fe_groups table.
There they form a comma-separated list. A screenshot illustrates what my backend panel now looks like. See first line:
This method is only feasible of you are running a one-off migration, or if you can practice on a staging server first. You need to have absolute control over the TYPO3 database, and your bosses and editors shouldn't mind and like the final result. Also it overwrites what is in the description column.
Also, frontendusers who are in two or more groups will NOT get added to the csv-lists! Because their usergroupcolumn has values like 262,398 which cannot be INNER JOINed properly with fe_group.uid.
The key benefit of the group_concat() method is that a single SQL UPDATE statement (almost) solves the problem. No custom PHP programming needed.
/* works on mariadb:10.3 */
UPDATE
fe_groups g,
(
SELECT
usergroup,
GROUP_CONCAT(
u.username
ORDER BY
username SEPARATOR ', '
) AS 'usernames'
from
fe_users u
where
usergroup not like '%,%'
group by
usergroup
) AS user_lookup
SET
g.description = user_lookup.usernames
WHERE
user_lookup.usergroup = g.uid
and user_lookup.usergroup not like '%,%';
The code above does not work on mysql 5.7. There I had to try this instead:
/* works on mysql 5-7 */
SET
session group_concat_max_len = 15000;
create temporary table fe_groups_extrainfo
SELECT
usergroup,
GROUP_CONCAT(
u.username
ORDER BY
username SEPARATOR ', '
) AS 'usernames'
from
fe_users u
where
usergroup not like '%,% and uid > 9'
group by
usergroup
limit
0;
insert into
fe_groups_extrainfo
SELECT
usergroup,
GROUP_CONCAT(
u.username
ORDER BY
username SEPARATOR ', '
) AS 'usernames'
from
fe_users u
where
usergroup not like '%,%'
group by
usergroup;
update
fe_groups g
inner join fe_groups_extrainfo x on g.uid = x.usergroup
set
g.description = x.usernames;
Sorry it is not a single SQL Statement as the mariadb-SQL statement but still simpler as programming a custom TYPO3 extension with a complex backend module.
Update 09/2022:
It is essential to update the TYPO3 Reference Index after using this method (direct db-access with SQL-UPDATE statements).
typo3cms referenceindex:update
Otherwise the "Ref" column in the "List" module view would still show a "-" (meaning 0) users belong in this feuser-group. After updating the refindex the "[Ref]" column will then display the approximate count of feusers.

Show attributes depending on user Jasperserver 8.0.0

I have made the following query:
SELECT pa.attrvalue, pa.attrname
FROM jiprofileattribute pa, jiuser u
WHERE pa.principalobjectclass = 'com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser' AND pa.principalobjectid = u.id AND
ORDER BY pa.attrname
The problem is that it returns all the attributes of all the users, and I need them to be from the respective user, I am using the community jasperserver so using tenantid is not an option for me, is there any trick to achieve this?

Row-level-security based on relation table data

I am getting into Supabase and to practice I am making a suuuper simplified website-builder.
However I am having troubles with the row-level-security policies.
I have three tables:
user → with users' information like first name, last name, etc.
website → all websites
user_website → Contains the information which website belongs to which person (since a website can be owned/editted by multiple users)
user
user_id
...
website
website_id
...
user_website
user_id
website_id
user_role
...
I didn't find any useful resource, because honestly I still lack the knowledge to know how to search properly for what I need.
I only found simple expressions like (uid() = user_id), but since the "permissions" are stored in another table, I don't know how to access that.
I used queries like the following but it didn't work as intended:
SELECT
*
FROM
user_website as uw
JOIN website as w
ON uw.website_id = w.website_id
WHERE
uw.user_id = auth.uid()
Help is much appreciated – thanks!
You could define a policy like that:
CREATE POLICY may_edit ON website
FOR UPDATE TO PUBLIC
USING (EXISTS
(SELECT 1 FROM user_website
WHERE user_website.website_id = website.website_id
AND user_website.user_id = uid()
)
);
Here, uid() is a function that returns your current user ID.
This policy will let everyone modify their own website.
I called a friend for help and he pointed out a section in the Supabase docs about "policies with joins" ... yet it still didn't work for me.
The reason was that the RLS-policy on the table website references the table user-website, which didn't allow users yet to access anything.
Solution
RLS-policy for select on website:
auth.uid() in (
select user_id from user_website
where website_id = website.website_id
)
RLS-policy for select on user-website:
auth.uid() = user_id

laravel 5.2 user login redirect with condition

I am making Dating website using laravel 5.2
I have Tables in database
--user
--profile
--education
--Occupation
--Marital Status
--Parents Details
Each of the table has user_id as forigen key of User table.
All models have been created and hasMany and belongsTo relation has been added respectively.
My question is when user login, I would like user to land to specific create controller if table is unfilled or form is not filled. For EX- profile.create, education.create , occupation.create.
Or is there any efficient way I can handle this situation.
Thanks in advance, I hope you got it. Let me know if you still need any more info.
The most simple idea below:
Create a column full_profile (tinyint, length 1) in your table which indicates the profile is full. Default it's 0.
After a validations are true, set the value of the full_profile to 1.
Ok, now it's simple:
User logs in
Check the value of full_profile. If 0, redirect to form, if 1, redirect to dashboard?

Session based table zend framework

may I know how to create a session-based table using Zend Framework? It is because I am required to develop a shopping cart for my project in college.
Can anyone help me to solve this problem? Thanks a lot.
There is a component in ZF for storing sessions in the database, see: http://framework.zend.com/manual/en/zend.session.savehandler.dbtable.html
once you have that setup you just store your shopping cart data in the session using Zend_Session_Namespace as normal.
You might want to have 'virtual tables', which ideally we use for shopping carts.
Having sessions structured into tables, well, that is kinda mess?
Anyways,
The code should be:
$DBconfig = $this->getAdapter()->getConfig();
$db = Zend_Db::factory('PDO_MYSQL', $DBconfig);
$sql = "CREATE TEMPORARY TABLE virtual_table ("`id` INT(11) NOT NULL AUTO_INCREMENT,
`product` VARCHAR(255), `productQty` INT(5) )";
// Setting values
$sql = "INSERT INTO virtual_table "......
and so on...
Results can be stored in Sessions using Zend_Session_Namespace
Here is a link to a wonderful article, which you might want to refer being a beginner in ZF?