CODEWITHSUNDEEP
javaspringrestspring-mvcspring-data-rest
ALM
ALM

Reputation: 2705

Adding a @HandleBeforeSave method to my @RepositoryEventHandler class removes the underlying @Entiry from my REST API

Problem

I am using spring and in the process I have added a @RepositoryEventHandler(User.class) for updates (PUT) when I go to modify a user.

I would like to be able to set who is making the edits to the User.

I created a @HandleBeforeCreate which works fine for HTTP POST's but as soon as I add the @HandleBeforeSave the User REST API is no longer available. I do not see a stack trace being created.

Question

Am I missing something with regards to creating the @HandleBeforeSave

@RepositoryEventHandler

@Component
@RepositoryEventHandler(User.class)
public class SpringDataRestEventHandler {

    private final UserRepository userRepository;

    @Autowired
    public SpringDataRestEventHandler(UserRepository userRepository) {
        this.userRepository = userRepository;
    }

    @HandleBeforeCreate
    public void applyUserInformationUsingSecurityContext(User user) throws  {


        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        User manager = this.userRepository.findByUserName(name);

        if (!manager.hasRole("ROLE_MANAGER")) {
            throw new Exception("No manager found for user on applyUserInformationUsingSecurityContext.");
        }
        user.setManager(name);

    }

    @HandleBeforeSave
    public void applyManagerFromSecurityContext(User user)  {

        System.out.println("calling before save");
    }
}

SecurityConfiguration

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Autowired
  private SpringDataJpaUserDetailsService userDetailsService;

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .userDetailsService(this.userDetailsService)
        .passwordEncoder(MCBPasswordEncoder.PASSWORD_ENCODER);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .antMatchers("/built/**", "/main.css").permitAll()
        .anyRequest().authenticated()
        .and()
      .formLogin()
        .defaultSuccessUrl("/", true)
        .permitAll()
        .and()
      .httpBasic()
        .and()
      .csrf().disable()  // TODO enable for production
      .logout()
              .invalidateHttpSession(true)
              .deleteCookies("JSESSIONID")
        .logoutSuccessUrl("/");
  }

}

Upvotes: 2

Views: 897

Answers (1)

ALM
ALM

Reputation: 2705

In the end the problem was actually related to the 2 repositories I created for the User @Entity. I was getting weird results where the API would show up (with the one repo) and disappear with the other repo.

I have since fixed this by

  • Use only one repo instead of two Extend Repository instead that JPARepository
  • Copy and paste methods that i needed from PagingAndSortingRepository.
  • Added @PreAuthorize accordingly to specific methods, not to the class. This was the initial problem as I split it out when I wanted to manipulate the repo outside of the REST api.

Upvotes: 1

Related Questions