Vaadin 22 with Spring MVC and Spring Security - spring-mvc

I am trying to get a basic Vaadin22 app running with Spring MVC and Spring Security. The vaadin docs seem to allude that this is possible,
If an application is based on Spring Boot, this mechanism can be enabled by using a set of annotations and with minimum Spring Security configurations. However, it is also possible to use it in Vaadin Spring applications that are not based on Spring Boot, with some extra configurations.
I have started with skeleton-starter-flow v22, forked to here and added basic Spring integration (see here). I have then attempted to add Spring Security.
I initially extended Vaadin's VaadinWebSecurityConfigurerAdapter (see here), but when I run the app it fails because there are missing autowired dependencies.
Next, I forced some component scanning to detect the missing dependencies (see here), but now there is a ClassNotFoundException because there is a dependency on the Spring Boot class, ServletRegistrationBean
Finally, I abandoned Vaadin's VaadinWebSecurityConfigurerAdapter and instead extended Spring's WebSecurityConfigurerAdapter (see here). Now the app runs, but I am not seeing the default login screen that Spring is supposed to provide by default.
Any assistance greatly appreciated.
Note: The app can be run using,
mvn jetty:run

So it seems that Vaadin's VaadinWebSecurityConfigurerAdapter is intended for use with Spring Boot (which I'm trying to avoid). In order to get basic Spring Security working, I extended Spring's WebSecurityConfigurerAdapter instead, but I was missing an implementation of Spring's AbstractSecurityWebApplicationInitializer which registers the appropriate security filter. See here for the working solution.
The problem with this, is that I will not get Vaadin's View-Based Access Control. In order to get this, I will need to start using/migrating functionality from VaadinWebSecurityConfigurerAdapter.

Related

Spring Boot Servlet 4 support

Which version of Spring Boot will (or does) officially support Servlet 4 spec? Where can one see the new features that come with it documented?
Thank you.
Spring Framework 5 supports the Servlet 4 spec (see SPR-12674).
Not a lot of new features related to that, really. You can now inject a PushBuilder as a controller method argument if it is available (HTTP/2 enabled, supported by the client, etc).
Note that you need to use a Servlet 4 based container to use those features (see SPR-15593), or you'll need to fall back on container specific APIs which have been available for quite a while now.
Spring Framework does the job here, so there isn't anything special scheduled for now in Spring Boot 2.0; don't hesitate to open enhancement requests on the dedicated issue tracker if you've got ideas.

Is there a way to use AssertJ assertions with Spring MVC Test?

I have been using AssertJ for some time in my projects. Recently I started using Spring MVC Test for testing Spring MVC controllers.
But I am not getting how to use AssertJ with it. All examples I see online all use Hamcrest with Spring MVC Test.
Below is an example using the Hamcrest API.
mockMvc
.perform(get("/user?operation=userList"))
.andExpect(status().isOk())
.andExpect(model().attribute(UserController.MODEL_ATTRIBUTE_USER_LIST, userList))
.andExpect(view().name(UserController.VIEW_USER_LIST))
.andExpect(model().attribute(UserController.MODEL_ATTRIBUTE_USER_LIST, hasSize(2)))
.andExpect(model().attribute(UserController.MODEL_ATTRIBUTE_USER_LIST, hasItem(
allOf(
hasProperty("id", is(1L)),
hasProperty("description", is("Lorem ipsum")),
hasProperty("title", is("Foo"))
)
)))
.andExpect(model().attribute(UserController.MODEL_ATTRIBUTE_USER_LIST, hasItem(
allOf(
hasProperty("id", is(2L)),
hasProperty("description", is("Lorem ipsum")),
hasProperty("title", is("Bar"))
)
)));
Update
If you would like to vote for inclusion of support for AssertJ assertions with MockMvc, please see the related Spring JIRA issue: SPR-16637.
Generally speaking, you may choose whatever assertion framework you like when testing with Spring.
However, the particular scenario you are describing involves the API of the Spring MVC Test framework. The methods in question are designed to be used with the Hamcrest Matcher API. It is therefore not possible to use AssertJ within those method calls.
Regards,
Sam (author of the Spring TestContext Framework)
I've put together a library that offers AssertJ assertions for MockMvc but also for ResponseEntity (returned by TestRestTemplate): https://github.com/ngeor/yak4j-spring-test-utils
There has recently been an issue raised on the Spring Boot project to discuss adding support for AssertJ assertions with MockMvc, it might be worth keeping an eye on it. You can view the issue here: https://github.com/spring-projects/spring-boot/issues/5729
It looks like the initial concept created by Phil Webb involves wrapping the MockMvc to provide support for AssertJ assertions.

spring roo frontend twitter-bootstrap integration

I want to develop a pretty standard webproject with all basic functionalities such as landingpage, user registration, login and so on.
Since I'm familiar with Java and Spring, I set up the a project with Spring Roo including DBRE from an MySql database, MVC and Spring security.
Right now I'm wondering how to go on with the UI. I would like integrate a template from twitter-bootstrap and I already downloaded a working example project (no apache tiles structure). I'm not very familiar with Apache tiles and frontend design in general so my question is, what would be the best way to integrate it and bypass the standard CRUD design?
Is it only necessary to design a new default-layout and reuse existing .jspx files? Also is it possible to take the existing bootstrap.jsp template which uses sitemesh from the bootstrap-example as a new template and reuse existing .jspx files?
Reuse is important since there are still entities which will change in future.
Appreciate any help!
I haven't personally used twitter-bootstrap, but I am fairly familiar with the Spring Roo structure.
My first bit of advice would be to just simply not use their UI stuff. Nothing says you have to generated your Controllers with scafolding, which takes the scafolded classes and auto-generates the CRUD methods and UI peices for you. In fact, in my last 4 projects, I did all the UI coding myself (I still used Tiles w/JSPs, and let Roo make all the relavent tiles configs and resource bundles). You can ALWAYS generate a plan Controller and use Roo for everything except the View pieces.
I don't see why you couldn't use the bootstrap.jsp you speak of. The Tiles implementation is done using the TilesViewResolver, I believe, which should be configured in the application_context.xml (or whatever Roo calls the context XML file). Just replace the TileViewResolver setup with something else. I would suggest reading up on Chapter 17.5 Resolving Views in the Spring Reference guide. I think for JSPs you want to use InternalResourceViewResolver.

Ant and XML-based Spring security integration (without using annotations)

I am newbie to Spring .I built a spring MVC application which is XML based and I used JAR files using Spring Framework MVC application step-by-step.
Now I have to integrate spring security in it. I found many tutorials for spring security, but all are made using annotations. And in the MVC tutorial it uses Ant and XML. I am just lost in this part. Should I have to convert my whole application using annotations or what to do?
Is there any way using spring security without annotations? May be this question is not logical. But guide me and help me solve my confusion.
Or is there any tutorial help me in this regard, please let me know. Thank you
I'm not sure what you mean with "change my application to annotation base", but you will have to add some anotations above your methods like this:
#Secured("isAuthenticated() and hasRole('PERMISSION_BUY_ITEMS')")
public void buyItem(int itemId, int userId) {
// you buy stuff login
}
This way in order to access your method the user should be logged in (authenticated) and have the permission BUY_ITEMS.
You don't have to do this for all your methods.
If you do not need permission/role based authorization you can just use authentication based expressions like isAuthenticated(), isAnonymous() and permitAll out of the box without any custom implementation.

Spring MVC (xml config nightmare?) vs spring roo?

I am just delving into the spring mvc (or spring roo), from what i have read it appears that spring MVC can be a nightmare to configure. I have to configure XML files, is this the web.xml file??? Or something different?
Is it still a nightmare or has it been improved?
Is there no editor for these XML files? I am using eclipse IDE
Spring roo apparently does spring mvc without XML config worries.
I would love anyone to explain the differences..
Thanks in advance
First Spring MVC is not a nightmare to configure, you just have to know what you are doing.
For that I would suggest you to download Spring IDE, which have a lot of XML editors that make you life easier if you are not experienced with Spring XMLs.
Basicly you have to configure 2 things
Web.xml ( this one is not because of spring it's Java EE, but you
need to include some spring MVC configs in it )
applicationContext.xml( this is where you define what you want from Spring )
servlet-context.xml ( this is also from spring MVC and have some servlet definitions as well as some routing ones)
one you get to know them you will find it easy to configure and very flexible.
One thing to notice Spring and Spring MVC are different things, I advise you to learn both of them.
Also Spring Roo is a code generator, for Cruds, simple things and setup projects it's great but if you need to build a reasonable big app that will need support it's always easier to create everything youself because it's easier to support when you know the code, so use it with care.
I'd add that Spring XML configuration can be as simple as a few lines, with the bulk of work done via annotations. It may not always be preferable to do it that way, but it's an option. Configuration can be divided between mechanisms when it makes sense to do so.
You might want to spend some time with the Spring documentation, at least regarding the components you're using. If you think configuring it is a nightmare, wait until you have to diagnose a problem brought about by magic based on convention without understanding how the underlying framework(s) work.

Resources