Raging Goblin

3 April 2013

Spring Roo 4: User management

Filed under: Java,Spring Roo — Raging Goblin @ 19:48
Tags: ,

Up until now, users are created from a sql script. In this post we are going to provide user management by Roo itself. Role management can be added in the same way if needed, but out of laziness, I won’t show you that.

With the usual ‘web mvc scaffold’ command user management is created by Roo:

focus --class ~.domain.LogUser
web mvc scaffold --class ~.web.LogUserController --backingType ~.domain.LogUser

Unfortunately the views won’t render properly as Spring Roo does not know how to render a LogUserRole to String due to the fact that we did only scaffold the LogUser stuff. If you try to view the LogUser items you will be left with a ‘org.springframework.core.convert.ConverterNotFoundException:’. The ApplicationConversionServiceFactoryBean is responsible for registering formatters, so we add a formatter:

protected void installFormatters(FormatterRegistry registry) {
  super.installFormatters(registry);
  registry.addConverter(getLogUserRoleToStringConverter());
}

public Converter<LogUserRole, String> getLogUserRoleToStringConverter() {
  return new org.springframework.core.convert.converter.Converter<LogUserRole, String>() {
    public String convert(LogUserRole role) {
      return new StringBuilder().append(role.getRoleName()).toString();
    }
  };
}

There is no need to show the password of a LogUser as it is encrypted anyway. So remove it from the views by setting ‘z’ to ‘user-managed’ and ‘render’ to ‘false’ in the same fashion as we did in Spring Roo 1: The basics.

Now, take care that the password gets encrypted before storing it in the database. Copy LogUserController.create from the aspect to the controller and wait a little to let Roo do its household. Then change it to:

@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String create(@Valid LogUser logUser, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) {
  if (bindingResult.hasErrors()) {
    populateEditForm(uiModel, logUser);
  }

  try {
    String hashedPassword = sha256(logUser.getPassword());
    logUser.setPassword(hashedPassword);
    uiModel.asMap().clear();
    logUser.persist();
    return "redirect:/logusers/" + encodeUrlPathSegment(logUser.getId().toString(), httpServletRequest);
  } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
  } catch (UnsupportedEncodingException e) {
    e.printStackTrace();
  }

  return "logusers/create";
}

private String sha256(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException {
  MessageDigest digest = MessageDigest.getInstance("SHA-256");
  digest.update(password.getBytes("UTF-8"));
  byte[] hash = digest.digest();
  StringBuffer sb = new StringBuffer();
  for (int i = 0; i < hash.length; i++) {
    sb.append(Integer.toString((hash[i] & 0xff) + 0x100, 16).substring(1));
  }
  return sb.toString();
}

At last, create at least one user (admin/admin) by sql to be able to login:

INSERT INTO `logbook`.`log_user_role` (`id`, `role_name`, `version`) VALUES (NULL, ‘ADMINSTRATOR’, NULL);
INSERT INTO `logbook`.`log_user_role` (`id`, `role_name`, `version`) VALUES (NULL, ‘USER’, NULL);
INSERT INTO `logbook`.`log_user` (`id`, `enabled`, `password`, `username`, `version`) VALUES (NULL, b’1′, ‘8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918’, ‘admin’, NULL);

Remember to not delete all users and you will have a decent way of creating LogUsers.

Advertisements

2 Comments »

  1. […] user management functionality introduced in the previous post is not meant to be accessed by all users. This is the reason why we introduced the LogUserRole. […]

    Pingback by Spring Roo 5: Role based views | Raging Goblin — 6 April 2013 @ 20:19 | Reply

  2. […] will also add the Gender to the user management. The problem with this is the representation which is ugly and most certainly not usable in a multi […]

    Pingback by Spring Roo 6: Representation of enums and internationalization | Raging Goblin — 18 April 2013 @ 20:34 | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: