feat(app): add flash message, solve security errors.

Author: sergio11

src/main/java/controllers/admin/PostController.java

@@ -6,13 +6,16 @@
 package controllers.admin;
 
 import exceptions.PostNotFoundException;
+import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import javax.validation.Valid;
 import models.Post;
 import models.User;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.support.ReloadableResourceBundleMessageSource;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.Errors;
@@ -21,6 +24,7 @@
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import services.PostService;
 import services.security.CurrentUser;
 import services.security.CurrentUserAttached;
@@ -38,6 +42,8 @@ public class PostController {
 
     @Autowired
     private PostService postService;
+    @Autowired
+    private ReloadableResourceBundleMessageSource messageSource;
 
     @GetMapping("/all")
     public String all(@CurrentUser User activeUser, Model model){
@@ -68,8 +74,11 @@ public String showDeletePostForm(@PathVariable Long postId, Model model) {
     }
 
     @PostMapping("/delete")
-    public String processDelete(@ModelAttribute Post post, Model model) {
+    public String processDelete(@ModelAttribute Post post, RedirectAttributes model) {
         postService.delete(post);
+        List<String> successMessages = new ArrayList();
+        successMessages.add(messageSource.getMessage("message.post.remove.success", new Object[] {}, Locale.getDefault()));
+        model.addFlashAttribute("successFlashMessages", successMessages);
         return "redirect:/admin/posts/all";
     }
 
@@ -80,12 +89,16 @@ public String showCreatePostForm(Model model){
     }
 
     @PostMapping("/save")
-    public String processPost(@ModelAttribute @Valid Post post, Errors errors, @CurrentUserAttached User activeUser){
+    public String processPost(@ModelAttribute @Valid Post post, Errors errors, 
+            @CurrentUserAttached User activeUser, RedirectAttributes model){
         if(errors.hasErrors()){
             return "admin/post/create";
         }
         post.setAuthor(activeUser);
         postService.create(post);
+        List<String> successMessages = new ArrayList();
+        successMessages.add(messageSource.getMessage("message.post.save.success", new Object[] {post.getId()}, Locale.getDefault()));
+        model.addFlashAttribute("successFlashMessages", successMessages);        
         return "redirect:/admin/posts/all";
     }
 }

src/main/java/controllers/admin/SignupController.java

@@ -6,12 +6,14 @@
 package controllers.admin;
 
 import exceptions.UserAlredyExistsException;
+import java.util.Locale;
 import javax.validation.Valid;
 import models.Role;
 import models.User;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.support.ReloadableResourceBundleMessageSource;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.Errors;
@@ -22,7 +24,8 @@
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import repositories.RolesRepository;
 import services.UserService;
-
+import java.util.List;
+import java.util.ArrayList;
 /**
  *
  * @author sergio
@@ -37,6 +40,8 @@ public class SignupController {
     private UserService userService;
     @Autowired
     private RolesRepository rolesRepository;
+    @Autowired
+    private ReloadableResourceBundleMessageSource messageSource;
 
     @GetMapping("/signup")
     public String showSignupForm(Model model){
@@ -52,8 +57,10 @@ public String processSignup(@ModelAttribute @Valid User user, Errors errors, Red
                 Role role = rolesRepository.findByName("ROLE_BLOG_CONTRIBUTOR");
                 user.addRole(role);
                 userService.registerNewUserAccount(user);
-                model.addFlashAttribute("message", user);
-                viewName = "redirect:/admin";
+                List<String> successMessages = new ArrayList();
+                successMessages.add(messageSource.getMessage("message.signup.success", new Object[]{ user.getUsername() }, Locale.getDefault()));
+                model.addFlashAttribute("successFlashMessages", successMessages);
+                viewName = "redirect:/admin/login";
             }catch(UserAlredyExistsException e){
                 logger.error("Email alredy exists");
                 errors.rejectValue("email", "user.exists");

src/main/java/models/Role.java

@@ -8,17 +8,22 @@
 import com.fasterxml.jackson.annotation.JsonIdentityInfo;
 import com.fasterxml.jackson.annotation.ObjectIdGenerators.IntSequenceGenerator;
 import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
+import javax.persistence.ManyToMany;
 import javax.persistence.Table;
+import org.springframework.security.core.GrantedAuthority;
 
 @Entity
 @Table(name = "roles")
 @JsonIdentityInfo(generator=IntSequenceGenerator.class, property="@id")
-public class Role implements Serializable {
+public class Role implements Serializable, GrantedAuthority  {
 
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
@@ -27,6 +32,9 @@ public class Role implements Serializable {
     @Column(nullable = false, unique = true)
     private String name;
 
+    @ManyToMany(mappedBy = "roles", fetch = FetchType.EAGER)
+    private Set<User> users = new HashSet();
+    
     private String description;
 
     public Role(){}
@@ -64,6 +72,23 @@ public void setDescription(String description) {
         this.description = description;
     }
 
+    public Set<User> getUsers() {
+        return users;
+    }
+
+    public void setUsers(Set<User> users) {
+        this.users = users;
+    }
+    
+    public void addUser(User user){
+        users.add(user);
+    }
+    
+    @Override
+    public String getAuthority() {
+        return name;
+    }
+    
     @Override
     public String toString() {
         return "Role{" + "id=" + id + ", name=" + name + ", description=" + description + '}';

src/main/java/models/User.java

@@ -22,9 +22,7 @@
 import org.hibernate.validator.constraints.Email;
 import org.hibernate.validator.constraints.NotBlank;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.util.StringUtils;
 
 @Entity
 @Table(name = "users")
@@ -65,7 +63,7 @@ public class User implements Serializable, UserDetails {
     private String fullName;
 
     @OneToMany(mappedBy = "author", fetch = FetchType.EAGER)
-    private Set<Post> posts = new HashSet<Post>();
+    private Set<Post> posts = new HashSet();
 
     @Column(nullable = true)
     private Date lastLoginAccess;
@@ -76,7 +74,7 @@ public class User implements Serializable, UserDetails {
       name="USER_ROLES",
       joinColumns=@JoinColumn(name="USER_ID", referencedColumnName="ID"),
       inverseJoinColumns=@JoinColumn(name="ROLE_ID", referencedColumnName="ID"))
-    private Set<Role> roles;
+    private Set<Role> roles = new HashSet();
 
     public User() {}
 
@@ -184,12 +182,12 @@ public void setRoles(Set<Role> roles) {
 
     public void addRole(Role role){
         this.roles.add(role);
+        role.addUser(this);
     }
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        String userRoles = StringUtils.collectionToCommaDelimitedString(roles);
-        return AuthorityUtils.commaSeparatedStringToAuthorityList(userRoles);
+        return roles;
     }
 
     @Override

src/main/java/services/security/CustomUserDetailsService.java

@@ -6,15 +6,15 @@
 package services.security;
 
 import java.io.Serializable;
-import java.util.List;
 import models.User;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import repositories.UserRepository;
-import repositories.RolesRepository;
 
 /**
  *
@@ -24,6 +24,7 @@
 public class CustomUserDetailsService implements UserDetailsService, Serializable {
 
     private final UserRepository userRepository;
+    private static Logger logger = LoggerFactory.getLogger(CustomUserDetailsService.class);
 
     @Autowired
     public CustomUserDetailsService(UserRepository userRepository) {
@@ -36,6 +37,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
         if (null == user) {
             throw new UsernameNotFoundException("No user present with username: " + username);
         }
+        logger.info("Usuario obtenido: " + user.toString());
         return user;
     }
 }

src/main/webapp/WEB-INF/i18n/messages.properties

@@ -69,6 +69,8 @@ post.delete.title = \u00bfDeseas eliminar este art\u00edculo?
 #### Error Page ####
 error.back.home = Regresar a la p\u00e1gina de inicio
 #### Flash Messages ####
-message.signup.success = Bienvenido {user}! Tu cuenta ha sido creada con \u00e9xito.
+message.signup.success = Bienvenido {0}! Tu cuenta ha sido creada con \u00e9xito inicia sesi\u00f3n para continuar.
+message.post.save.success = La informaci\u00f3n del post {0}, ha sido guardada con \u00e9xito.
+message.post.remove.success = El art\u00edculo ha sido eliminado con \u00e9xito.
 user.exists =  Ya existe un usuario con este correo electr\u00f3nico o nombre de usuario.
 app.dateformat=dd-MMM-yyyy

src/main/webapp/WEB-INF/templates/admin/login.html

@@ -17,6 +17,11 @@ <h6 th:text="#{login.sign.in}">Sign In</h6>
                                 <div th:if="${param.logout}" th:text="#{login.logged.out}" class="alert alert-success"> 
                                     You have been logged out.
                                 </div>
+                                <div th:if="${not #lists.isEmpty(successFlashMessages)}" class="alert alert-success">
+                                    <ul>
+                                        <li th:each="message:${successFlashMessages}" th:text="${message}"></li>
+                                    </ul>
+                                </div>
                                 <div class="social">
                                     <a class="face_login" href="#">
                                         <span class="face_icon">

src/main/webapp/WEB-INF/templates/admin/post/all.html

@@ -13,7 +13,12 @@
                     <div class="panel-title" th:text="#{posts.all.title}">Posts</div>
                 </div>
                 <div class="panel-body">
-                    <a href="#" th:href="@{/admin/posts/create}" th:text="#{posts.all.create}" class="btn btn-primary btn-lg text-uppercase">Create new Post</a>
+                    <div th:if="${not #lists.isEmpty(successFlashMessages)}" class="alert alert-success">
+                        <ul>
+                            <li th:each="message:${successFlashMessages}" th:text="${message}"></li>
+                        </ul>
+                    </div>
+                    <a href="#" th:href="@{/admin/posts/create}" th:text="#{posts.all.create}" class="btn btn-primary text-uppercase">Create new Post</a>
                     <br />
                     <table id="posts" cellpadding="0" cellspacing="0" border="0" class="table table-striped table-bordered">
                         <thead>