SivaLabs

In our previous post Manage Privileges – List all privileges we have implemented the functionality to show list of permissions. In this post we will implement Role management such as listing all Roles, creating new Role, editing Role permissions etc. Basically a Role is nothing a but group of Permissions assigned so that giving access to a set of action to user will become easy by assigning Roles. In this post we are going to see lot of code snippets, so I would suggest to clone the repo https://github.

This is the simplest usecase of entire JCart admin application :-). We need to show list of permissions configured in our system. In our system each permission is more like access to a particular screen. For example, If a user has MANAGE_CATEGORIES permission then only he can access “Categories” screen. So these set of permission are something like implemented features set, hence we don’t need any provision to add/update/delete permissions dynamically.

Now we have completed Iteration-1 tasks. Iteration-1 includes so many tasks to establish the foundation like configuring Spring Security, Thymeleaf settings, UI layout setup etc. I hope from now on we can put more focus on actual tasks implementation rather than infrastructure setup. Though majority of the infrastructure setup is in place now, we will implement Role Based Access Control (RBAC) security using User-Role-Permission model before jumping on to Category/Product management.

In this post we will setup SonarQube and Jenkins to perform code quality check and continuous integration. Install and configure SonarQube There are many code quality checking tools like PMD, Firebug but SonarQube brings them all under one roof and gives better view of code quality. Let us install and configure SonarQube for our JCart application. Download SonarQube from http://www.sonarqube.org/downloads/. Extract it run sonarqube-5.2/bin/windows-x86-64/StartSonar.bat. By default SonarQube uses in-memory H2 database to store all the metrics.

So far our JCart application is running on Tomcat default port 8080 using HTTP protocol. In this article we will configure to use HTTPS by using Self Signed Certificate. For real projects you would have to buy certificate from a Trusted Authority. I would like to run ShoppingCart site on https://host:8443 and if anyone tries to access it from http://host:8080 it should redirect to https://host:8443. Similarly I would like to run Administration site on https://host:9443 and if anyone tries to access it from http://host:9090 it should redirect to https://host:9443.

Once the Admin User clicked on Password Reset Link that we sent via Email, we will validate the Token and if is valid then we will show a form to enter New Password, otherwise shows an error. @Controller public class UserAuthController extends JCartAdminBaseController { ... @RequestMapping(value="/resetPwd", method=RequestMethod.GET) public String resetPwd(HttpServletRequest request, Model model, RedirectAttributes redirectAttributes) { String email = request.getParameter("email"); String token = request.getParameter("token"); boolean valid = securityService.verifyPasswordResetToken(email, token); if(valid){ model.

We will provide a link to Forgot Password in Login page and create jcart-admin/src/main/resources/templates/public/forgotPwd.html template as follows: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" layout:decorator="layout/guestLayout"> <head> <title>Forgot Password</title> </head> <body > <div layout:fragment="content"> <form action="forgotPwd" th:action="@{/forgotPwd}" method="post"> <input type="email" class="form-control" name="email" placeholder="Email"/> <button type="submit" class="btn btn-primary btn-block btn-flat" th:text="#{label.submit}">Submit</button> </form> </div> </body> </html> When Admin user enters the email address and submit we will generate a token, store it in our DB and generates a Reset Password Link and send it to their email.

We are going to implement Admin User Forgot Password functionality where we need to send the Password Reset link to User email address. So let us look at how to configure Email server and send emails. Spring provides support for sending Emails using JavaMailSender. SpringBoot makes it even easier by providing a starter for emailing support. As we need Emailing feature in both Admin and ShoppingCart modules, we will implement the emailing functionality in jcart-core module.

Our JCart Administration site should only be accessible to authorized users only. So, we are going to use SpringSecurity to define the security constraints. Let us add the following spring-security dependencies to jcart-admin/pom.xml. <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency> If we have predefined set of Roles then we can specify the URL patterns and its required Roles something like this: http .authorizeRequests() .antMatchers("/login","/login/form**","/register","/logout").permitAll() .antMatchers("/admin","/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() But we need provision to dynamically create new roles as well, hence we can’t statically define constraints using role names.

As I am not really a good UI designer I searched for a free good looking UI website Admin templates and I found this fantastic template https://almsaeedstudio.com/preview. We will be using this template for our Administration web application. We are going to use Thymeleaf templates for our View layer. Thymeleaf offers facelets style templating mechanism. Basically we need 2 layout templates, one for unauthorized views like Login/ForgotPassword etc and another for authorized users.