Vasilis Souvatzis

Ranch Hand
+ Follow
since Mar 23, 2014
Vasilis likes ...
Netbeans IDE Chrome Java
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
1
In last 30 days
0
Total given
0
Likes
Total received
6
Received in last 30 days
0
Total given
10
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Vasilis Souvatzis

The ApplicationScoped annotation seems strange I know, but it's the same in the official tutorial. Haven't tried with a DatabaseIdentityStore though, had to go directly to a custom one because they wanted some other stuff to happen prior to authentication.

I think the issue is at the user checking logic and I'll check it tomorrow. When I'm calling the validate credentials method, first I check if it's the admin username to log them in from the database directly. If it's not, I'm calling the database to see if the user is present. If yes, I log them in. If not, I call an external service to get the user's data, persist them in the database and then log them in with the database. With some logging, I realized that when the user managed to login with the previous person's credentials, the Identity Store didn't kick in, the backing bean got the credentials but probably the session had it from the previous attempt and so log that person in. I'll definitely change the logic tomorrow and see if it helps.

So maybe invalidate the session whenever I redirect to the login page? Or when a person tries to reach a resource out of their role? That's why I'm not sure if it's more of a JSF issue or Security. That's probably on me though, I highly doubt the Java guys hadn't thought of that.

Regarding the roles yes, they can change and in fact they do change in the database. Every user except the admin can change roles. When I fetch the user in the identity store I check their role and then pass the role you see in the CredentialValidationResult. So even if they change roles, they'll still be redirected to the correct resource. That's the idea of course, not sure if they've tested this.

I'll dive into the docs and see what I can find, hopefully I'll have an answer in the next couple of days...
5 years ago
JSF
Enabling the custom form authentication with JSF2.3


LoginBackingBean.java


IdentityStore.java (some code ommited)


I tried nullifying the user and password in the @PostConstruct of LoginBackingBean in case that was what kept the values but it's not.
5 years ago
JSF
Hi folks! I'm building an EE8 app and am using the new Security API with JSF. I have an issue with authorization and am not quite sure if it's mostly JSF-related or Security-related.

I'm using a custom IdentityStore to query the database against the provided email and password. Of course the users are categorized by roles (admin, moderator, user for example) and each of these roles have their secured resources declared in web.xml.

The whole auth process works beautifully if done correctly, the user logs in, if tries to access other role resource WildFly blocks him, if unauthorized user tries to access WildFly again blocks them... Logout works nicely as well...

But when a user tries to access another resource and gets blockes if they go back (in the browser) and put their credentials, they'll log in as another user.

The issue happens like this when I'm testing:
1. log in as admin
2. try to access moderator resources
3. WildFly throws forbidden
4. go back in browser and logout
5. try to access moderator resources
6. my code sends you back to login.xhtml
7. put user credentials
8. tries to redirect you to the moderator resource
9. go back in browser
10. put admin credentials
11. you are logged in as moderator

I'm thinking that at some point (perhaps when WildFly throws the Forbidden page and I press back) I'm not invalidating the session or not emptying the email and password fields correctly. Since it tries to redirect you to the forbidden resource after you've put wrong credentials I guess JSF is keeping something in the session right?

I'm posting this and coming back to post some code.
5 years ago
JSF
I guess I've been trying to adapt to the previous platform instead of letting JSF do its thing. In fact I have a couple of use cases coming up that will benefit a lot from JSF validation...

Regarding security, I played a bit with the new Security API and it's awesome. A lot easier to authenticate and authorize than before. And I believe that since JQuery calls are included in the secure web resources (along with the views), they're secured by default. So I won't be needing any tokens to go along with the calls.

I think it's time to actually go the JSF way and stop re-using blindly the current resources.
5 years ago
JSF
HI Tim, so sorry for the late response once again, the last couple of months have been overwhelming with the project and I'm all over the place.

I did find a dirty work-around to this, by POSTing the ID to the backend, navigating to the other page and GETing the results I want through an endpoint.

I remember you telling me again about the JSF DataModel and I'll be damned still haven't tried that out. Will do so though as soon as I finish this post, may as well save me headaches from now on. The process you mention about editing entries was more or less what I had in mind as well, that's what I was used to. Will definitely switch to it if I go the JSF Datatable way. I'll do my best to include a Datatable, I know it's really powerful.

Primefaces is definitely my preferred way, if it's skinned the way I want it I'll include it, since it seems easy to change the JQuery version if my project uses another. We're actively using JQuery everywhere so hopefully that will do the trick. I've tried to skin it differently in the past but I failed, most probably wasn't doing it right.

It's not that I necessarily want to use the client for the DB stuff, but eventually we'll go for tokens to accompany the calls to the backend. That's what they're using for the current PHP platform and also what I was instructed to do. We'll probably switch the UI to something else at some point, that's why I don't want to include JSF that much.

I'll do some quick examples tonight and post back when I give it a go at work too.

Tim thanks so much for the advice, sadly I don't have a senior dev at work and it's easy to get overwhelmed with all I'm supposed to do.
5 years ago
JSF
Good evening! This question may not be 100% JSF after all but I'm not sure how to approach it. It may turn out to be a Javascript question, not sure I'm afraid.

At work, I'm building a JavaEE 8 webapp and I'm using Facelets for templating. I'm using JSF components as little as possible, because I'm taking the HTML code from another project and I don't want to heavily couple the front with the back.

I have a case where in a page I'm showing all the registered users in a table. Naturally, I want to click on a user's name and navigate to a profile page where it shows the user's information.

This is easy with a JSF Datatable, put a setPropertyActionListener and update the backing bean's target value with the current value of the datatable variable.

In my case though, the datatable is created entirely on the client with the DatatableJS library (if i remember correctly) and I'm pulling all the user data with JQuery.

Now, is there a way to update a backing bean value (let's say it holds the user's ID), so if I then go to the profile page it can show me the user's data?

I don't really want to create the table with a JSF Datatable, the JQuery implementation has a nice search input, pagination and sorting out of the box, don't want to have to implement these myself. I'm also a bit reluctant to use Primefaces Datatable although it has these features, because I don't know if it will look how we want it with our CSS...
5 years ago
JSF
I know I started on the wrong foot with JSF three years ago, I had to write my thesis project and needed to have results as soon as possible. So I heavily relied on online code to make things work because I was on a deadline. Having no help from my supervisor didn't help also. So yes, I was exposed to a lot of old/old fashioned code. Most probably my misuse of EL comes from parameterized method calling, I used it weirdly in my thesis and probably stuck to me.

Lately I've been trying to shake off this misunderstanding and misuse, I like JSF and am quite productive with it although server-rendered frontends have moved aside last few years.

So far my approach to transactions seems to be working and the stock quantity is handled correctly. I will probably have to revisit it once I add online payments though, maybe keep the albums in a "reserved" state and remove them from stock or return them if the payment succeeds or not.
5 years ago
JSF
Well... I knew I was doing something wrong but didn't expect to be so far out. I had completely mistaken how to use EL properly, I've seen code online to directly call beans and logic so I assumed it's OK to do so. That's why Al asked why I was calling the DB from the view.

And in fact I was uncertain if my approach was good because for each item in the datatable I would query the DB to get the stock, for many albums and/or users I would strain the app-DB communication. Besides, now that I think of it I haven't seen online stores live updating the remaining quantities. It most likely occurs at some page update or something.


Actually I think I can just use the Stock entities. Since the Stock is referencing the Album with a OneToOne association, instead of getting the albums and then asking for the stock of each album, I can retrieve just the stocks and they contain the albums anyway. This way I'm getting the data and the view is just referencing them in the datatable. If this doesn't work (out of the top of my head I don't see why it shouldn't) I can make a POJO with the album and its quantity for the datatable alone.

You mention transactions to ensure data integrity. I'm assuming a Stateless bean is enough right? Their methods initiate separate transactions if I'm not mistaken, so the purchases will not have problems. It's highly unlikely that two or more people will start their transactions at the exact same millisecond, therefore it's not easy for someone to over-purchase. And if the stock decreases before a user places an order, then yes I can use the messages to notify them.
5 years ago
JSF
Well, my reasoning is that if I query the DB for the stock, every user will always have the remaining quantity.

If user A buys the last item before user B completes the purchases, user B cannot proceed since there is no more stock available, A was faster and bought the last item.

Otherwise I'll probably have to check on purchase if there is stock and proceed with the purchase or cancel it.

Is there some other way I should be doing it?

----------------------

I realized this though; the getStock() method is called 4 times for each album when I enter the store view! I have two calls in the view (what I posted above), but it sysouts 4 times for each album.

Regarding the debugger, I tried it but I cannot bypass the correct calls to the Stock Service, in order to go the other page and see why it crashes.
5 years ago
JSF
I don't get why it doesn't give a result the second time though.

When I have the following, it works without an issue


When I put

Why would it produce a result perfectly fine in the Stock column, but not in the validator? Both calls are in the same view.
5 years ago
JSF
Good afternoon! I'm building an e-shop record store for a friend, he'll be selling his used vinyls. For some of the records he has multiple copies of, so there is a Stock quantity and naturally people cannot buy more copies than the available stock.

In the Cart bean, I have a column that shows the quantity people want, and the available stock from the database: (disregard for a minute the maximum=3 in the validator)

This works and I can see the available stock in the next column. The getStock() method takes the album id and returns an int.

Considering I want people to enter quantities up to the available stock, the following seems logical to me:


It's the exact same EL expression I'm using in the next column to display the available stock, only this time I want to retrieve the maximum value from the DB.

The application crashes though with the following stack:

I guess it passes a null value to the getStock() method, because the EJB that fetches the Stock entity from the DB, returns no result.

The StockService.findByID is:


What can I do to fix this? Considering that in one occasion it works and in the other it doesn't. Does the validator run before the other expressions so it rightfully passes a null value?
5 years ago
JSF
Fantastic! This is great help thank you very much! I've read about REST design but it's much more understandable with my own code

OK so I'll have two final Controllers, one serving the /persons path and one serving the /appointmentsByDay. Much better organized!

I've known about subresources but wasn't sure how they worked. Your outline is invaluable! Current project is in Spring Boot 2.0 and it definitely has subresources.

In fact I think I'll refactor straight to subresources because (if I'm not mistaken) I'm more or less reusing the same controllers I have now.

Thanks for the hands-on help
5 years ago
Good evening! I'm finally building a REST application and could use some help regarding the API design, or rather lack there of.

What I have so far works and makes sense for me, but I doubt it's a "good" design and should ask for proper help anyway. At least start now before adding error handling etc

class Person : person entity holding info
class Measurement : @ManyToOne to Person, a person can have many measurements, in the person's profile i can see all their measurements
class Appointment: @OneToOne to Person, a person can have (or not) an appointment

Measurement and Appointment are the owner entities and it's a unidirectional association

Requirements:
I want to see all the persons in the database, then navigate to each profile
In the person's profile I can see their measurements, I can add or remove measurements
In the person's profile I can see if they have an appointment, if yes navigate to it
I want to see all appointments in a page, regardless of persons
Each appointment will show the person's info and nothing more

PersonController:
HTTPEndpointMethod
GET/personsfindAll
PST/personscreatePerson
GET/persons/{id}findByID
DEL/persons/{id}deletePerson

MeasurementController:
HTTPEndpointMethod
GET/persons/{id}/measurementsfindMeasurements
PST/persons/{id}/measurementsaddMeasurement
DEL/persons/{id}/measurements/{mid}removeMeasurement

AppointmentController:
HTTPEndpointMethod
GET/appointmentsfindAllAppointments
GET/appointments/{id}findAppointmentByID
DEL/appointments/{id}removeAppointment
GET/appointments/todaygetTodaysAppointments
GET/appointments/tomorrowgetTomorrowsAppointments
GET/persons/{pid}/appointmentfindByPersonID
PST/persons/{pid}/appointmentcreateAppointment


With the above "design", the UI in my mind works. I've read though that all resources should be under the same path, and here I have /persons endpoints in other controllers. Should this be redesigned or it's OK according to the requirements? Perhaps move the /persons/{id}/appointment endpoints in the PersonController and just leave the /appointments/... endpoint in the AppointmentController?
5 years ago
I just tried to pass null and it worked... It hadn't even occur to me to pass a null entity, it's quite obvious now that I see it clearly.

Thanks Rob
6 years ago
I'm a bit confused about passing info into a service with query parameters...

I have this service:

and if I send the following with Postman it works

I built it this way because I'm creating two objects (Customer and Coffee) and POSTing separately to their own services.

I made a simple JSF UI to take the input from the form and POST the service using the Client API. I think this time I'm confused because I don't really need the Response of the service, the POST will happen and the view will be refreshed to show the additions.

I thought something like this but I don't know what entity to put in the post method argument:

Should I create an object and pass that as a post entity argument?
6 years ago