Announcement Announcement Module
Collapse
No announcement yet.
PoC for Roo Security Addon - User Registration, Forgot Password, Change Password, DB Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • PoC for Roo Security Addon - User Registration, Forgot Password, Change Password, DB

    Hi All,
    I created a Spring Roo Addon which injects security into existing Spring Roo Project. Currently this is in very early stage, you need to see the video to understand how to inject the addon and how to use the application after addon is inject.

    Again, disclaimer this email is to only share my concept of Typical Security system required by Roo based web applications. (this leans towards passive code generation)

    TypicalSecurity is a Spring Roo add on which injects following features in a Spring Roo App with single command
    1. Databased User Role Security
    2. Forgot Password
    3. Change Password
    4. User Registration with recaptcha and sending activation email
    5. User Activation

    Please note the project is far from stable, the default path works for now

    http://code.google.com/p/spring-roo-...ical-security/
    http://code.google.com/p/spring-roo-...GettingStarted

    The YouTube Video for the same is here - http://www.youtube.com/my_videos_tim...id=Y-kuYj8vsYU


    Cheers,
    Rohit

  • #2
    I tried the you tube link above, but it asked for login to you tube.

    After visiting your google code project site, the link to the video work.

    http://www.youtube.com/watch?v=Y-kuYj8vsYU

    Good job on the Addon! How long did it take you?

    Comment


    • #3
      Hi Rohit,

      I tried the add-on...
      It works like a charm. Congrats!


      jD

      Comment


      • #4
        very cool, thanks Rohit

        The link for video is http://www.youtube.com/watch?v=Y-kuYj8vsYU&feature=404

        Comment


        • #6
          Originally posted by drinks.sobe View Post
          I tried the you tube link above, but it asked for login to you tube.

          After visiting your google code project site, the link to the video work.

          http://www.youtube.com/watch?v=Y-kuYj8vsYU

          Good job on the Addon! How long did it take you?
          It look me around a week to understand the framework, but to code it, it was only a weekend.

          Comment


          • #7
            Originally posted by krimple View Post
            Awesome - are you submitting it as a Roo official add-on to the Roobot?

            Ken
            Hi Krimple,
            Yes that is a plan, but I can't promise a timeline for the same. I will keep you posted

            Cheers,
            Rohit

            Comment


            • #8
              Hurdles?

              What were the main hurdles while developing this add-on?

              I'll check it out! A very nice initiative. Thank you!

              Comment


              • #9
                Good job! I have dreamed of smth similar to this ever since i first tried out "security setup" command.

                I haven't jet had the time to try it out, but I have a comments regarding command that your addon provides.

                1) Is there a good reason why "Typicalsecurity setup" command is not in lowercase as every other roo command I have seen so far?

                2) Wouldn't it would be good idea to make this "typicalsecurity" command fragment available after user has typed security?
                Analogically to default "security setup" i would suggest smth similar to following:
                "security typical setup"
                I guess then it would more intuitive for roo users - after telling/typing into roo shell "security" roo can suggest(after hitting TAB key or in STS Ctrl+Space) users which flavour of security should be set up.
                I guess you only need to change 1 line in TypicalsecurityCommands.java:
                @CliCommand(value = "security typical setup", help = "Setup Typicalsecurity addon")

                Maybe help text should also reveal what this plugin does - for example that user management is DB-based "Setup DB-based Typicalsecurity addon that ..."

                Anyway, what ever you decide based on my comments I hope that this plugin finally "lands" next to current roo default addons that come with the release

                BR,
                Ats.

                Comment


                • #10
                  I have More or less the same things planned "What you stated here".

                  Here is a short roadmap
                  1. Break up TypicalSecurity into following commands to something of following
                  - Typicalsecurity setup --type database
                  This adds database based AuthenticationProvider
                  - Typicalsecurity add forgotpassword
                  - Typicalsecurity add changepassword
                  - Typicalsecurity add userregistration --useCaptcha true

                  and in future
                  - Typicalsecurity thirdpartylogin google
                  - Typicalsecurity thirdpartylogin facebook


                  2. About the name, my first release is a PoC, I need to find time to get it to production taking care of many things along with the name and following
                  - Activation Email must use the context path of the application
                  - User Registration must take user to a "Registration successful Page" before taking to Login screen
                  - Enable encrypted passwords
                  - Put Proper Error messages for failure pages
                  - Support i18n for all generated pages

                  So lots of do, I will keep you guys posted. Any more suggestions on functionality is more than welcome

                  Cheers,
                  Rohit

                  Comment


                  • #11
                    Hi

                    I'm getting this error when trying to test on tomcat, any idea why?

                    [INFO] Preparing tomcat:run
                    [INFO] [aspectj:compile {execution: default}]
                    [ERROR] The method setActivationDate(Date) is undefined for the type UserModel
                    [ERROR] The method setActivationDate(null) is undefined for the type UserModel
                    [WARNING] advice defined in org.springframework.mock.staticmock.AnnotationDriv enStaticEntityMockingControl has not been applied [Xlint:adviceDidNotMatch]
                    [WARNING] advice defined in org.springframework.mock.staticmock.AbstractMethod MockingControl has not been applied [Xlint:adviceDidNotMatch]
                    [WARNING] advice defined in org.springframework.scheduling.aspectj.AbstractAsy ncExecutionAspect has not been applied [Xlint:adviceDidNotMatch]
                    [INFO] ------------------------------------------------------------------------
                    [ERROR] BUILD ERROR
                    [INFO] ------------------------------------------------------------------------
                    [INFO] Compiler errors :
                    error at userModel.setActivationDate(new Date());
                    ^^^^^^^
                    /mydir/web/SignUpController.java:57:0::0 The method setActivationDate(Date) is undefined for the type UserModel
                    error at userModel.setActivationDate(null);
                    ^^^^
                    /mydir/src/main/java/org/fingerprintsoft/community/web/SignUpController.java:79:0::0 The method setActivationDate(null) is undefined for the type UserModel

                    Comment


                    • #12
                      run the following from roo

                      entity -class ~.model.UserModel
                      field date --fieldName activationDate --type java.util.Date

                      and rerun the test

                      Comment


                      • #13
                        Originally posted by ahsin01 View Post
                        run the following from roo

                        entity -class ~.model.UserModel
                        field date --fieldName activationDate --type java.util.Date

                        and rerun the test

                        Thanks.

                        The only other thing I had to do was to remove the following lines from
                        ForgotPasswordController and SignUpController
                        @Autowired
                        private transient SimpleMailMessage simpleMailMessage;

                        public void sendMessage(String mailTo, String message) {
                        simpleMailMessage.setTo(mailTo);
                        simpleMailMessage.setText(message);
                        mailSender.send(simpleMailMessage);
                        }

                        It seems to be working now as expected.

                        I also checked out the latest files and built the jar locally.

                        Comment


                        • #14
                          Hi naeem.ally,

                          i am working on fixing the bug/error in code,

                          i am not able to produce that error ,so can you please provide me steps to reproduce that bug.

                          Regards
                          Piyush

                          Comment


                          • #15
                            Originally posted by piyushpalod View Post
                            Hi naeem.ally,

                            i am working on fixing the bug/error in code,

                            i am not able to produce that error ,so can you please provide me steps to reproduce that bug.

                            Regards
                            Piyush
                            Hi

                            I installed the latest STS sts-2.5.2.RELEASE with roo 1.1.1
                            I then followed the steps in your guide.
                            The only change was that I compiled your jar locally (no changes from my side)
                            osgi start --url file:///tmp/security/spring-roo-addon-typical-security-read-only/target/com.xsoftwarelabs.spring.roo.addon.typicalsecurity-0.1.3.BUILD-SNAPSHOT.jar

                            I then got the error

                            error at userModel.setActivationDate(new Date());
                            ^^^^^^^
                            /mydir/web/SignUpController.java:57:0::0 The method setActivationDate(Date) is undefined for the type UserModel
                            error at userModel.setActivationDate(null);
                            ^^^^
                            /mydir/src/main/java/org/fingerprintsoft/community/web/SignUpController.java:79:0::0 The method setActivationDate(null) is undefined for the type UserModel

                            which was resolved by
                            entity -class ~.model.UserModel
                            field date --fieldName activationDate --type java.util.Date

                            I then got the error

                            ERROR org.springframework.web.servlet.DispatcherServlet - Context initialization failed
                            org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'forgotPasswordController': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Could not autowire field: private transient org.springframework.mail.SimpleMailMessage org.fingerprintsoft.community.web.ForgotPasswordCo ntroller.simpleMailMessage; nested exception is org.springframework.beans.factory.NoSuchBeanDefini tionException: No matching bean of type [org.springframework.mail.SimpleMailMessage] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Aut owired(required=true)}

                            I resolved this by removing

                            @Autowired
                            private transient SimpleMailMessage simpleMailMessage;

                            as it didn't seemed to be used anywhere.

                            Comment

                            Working...
                            X