Creating Spring Boot MVC application with AWS DynamoDB in 10 mins

-
Image
AWS DynamoDB DB is a serverless NOSQL database. You can understand how to build a spring boot Java web MVC application (Game Leaderboard) reading a AWS DynamoDB in 10 mins. Source of the demo code: https://github.com/babysteps-topro/spring-mvc-dynamodb Command to run the project: mvn spring-boot:run Video explain the table design: https://youtu.be/V0GtrBfY7XM Prerequisite: Install the AWS CLI: https://youtu.be/pE-Q_4YXlR0 Video explain the how to create the table: https://youtu.be/sBZIVLlmpxY
Post a Comment

Writing your spring security expression language annotation - PART 2

-
We are now going into the second part of the tutorial. In this post, it will show you how to add a new custom expression for @PreAuthorize annotation. For example, I will show how to add a adminOnly() expression language to the security expression root.


Step 1: Define your custom security expression root class
You have to first create a new security expression root class. This class should be extended from the abstract class org.springframework.security.access.expression.SecurityExpressionRoot. You can add your custom

This class is similar to org.springframework.security.access.expression.method.MethodSecurityExpressionRoot but with your new custom method added. As an example, I just add a very simple mehod adminOnly() which check if the user has admin role.


public class MyMethodSecurityExpressionRoot extends SecurityExpressionRoot {
 
    private static  Logger logger = LoggerFactory.getLogger(MyMethodSecurityExpressionRoot.class);
 
    private Object filterObject;
    private Object returnObject;
    private Object target;
    
     
    public  boolean adminOnly() {
     logger.debug("haha -- check if this function is used by admin role only");
     return  this.hasAuthority("ADMIN");
    }
    
    public MyMethodSecurityExpressionRoot(Authentication a) {
  super(a);
    }

    public void setFilterObject(Object filterObject) {
        this.filterObject = filterObject;
    }

    public Object getFilterObject() {
        return filterObject;
    }

    public void setReturnObject(Object returnObject) {
        this.returnObject = returnObject;
    }

    public Object getReturnObject() {
        return returnObject;
    }

    void setThis(Object target) {
        this.target = target;
    }

    public Object getThis() {
        return target;
    }

}


Step 2: Define your custom expression handler class
To add custom security expression method, you cannot use the DefaultMethodSecurityExpressionHandler. You need to define a new expression handler class by extends the DefaultMethodSecurityExpressionHandler.

You have to override the createSecurityExpressionRoot() method to create your custom security expression root class.


public class MyMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler implements MethodSecurityExpressionHandler  {

   @Override
   protected SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
  MyMethodSecurityExpressionRoot root = new MyMethodSecurityExpressionRoot(authentication);
         root.setThis(invocation.getThis());
         root.setPermissionEvaluator(getPermissionEvaluator());
         return root;
   }
}


Step 3: Register the custom expression handler in XML


<sec:global-method-security pre-post-annotations="enabled">
  <sec:expression-handler ref="expressionHandler"/>
</sec:global-method-security>

<bean id="expressionHandler" class="org.borislam.security.ExtendedMethodSecurityExpressionHandler">
  <property name="permissionEvaluator" ref="permissionEvaluator"/>
</bean>  

<bean id="permissionEvaluator" class="org.borislam.security.BasePermissionEvaluator"/>



Example usage:

@PreAuthorize("adminOnly()")
 public void doSomething() {
  System.out.println("doSomething!!!"); 
 }

Comments

Post a Comment

Popular posts from this blog

Sample Apps: Spring data MongoDB and JSF Integration tutorial (PART 1)

-
Image
In this year, I will start a new series of “Sample application Tutorials”. In this series of tutorial, a sample case study application will be built with different technologies. In this tutorial, sample JSF application with Spring Data MongoDB will be covered. Table of Contents: 1. Introduction to sample application (MongoShop Product Catalog) 2. MongoDB schema design and data preparation 3. JSF (PrimeFaces) and Spring data MongoDB Integration 4. Enquriy data with spring data repository and mongotemplate 5. Create, Edit and delete data Introduction to sample application (MongoShop Product Catalog) After this tutorial, a sample application (MongoShop Product Catalog) with the following functional requirement will be built: 1. Searching product with different criteria (e.g. sku, product type, title, stc) 2. Create a new product with different category. 3. Edit selected product details 4. Delete selected product from the enquiry screen. Presentation Layer:
Read more

Writing your spring security expression language annotation - PART 1

-
Spring security expression language is very useful. It helps to secure your service/web methods with one line of code. It supports @PreAuthorize and @Secured. In the coming three posts, I will talk about how to add custom behaviour to the @PreAuthorize annotation. Part 1 - Customize "hasPermission()" expression Part 2 - Add new customize method security expression Part 3 - Override default behaviour of spring security expression (e.g. hasRole() , permitAll() ...) In this post, I will discuss how to add custom rule for permission checking in your application. This is somewhat similar to what describe in Sold Craft's post . You can reference it for more details. Step 1: Add configuration in your spring security xml file. You should first add the DefaultMethodSecurityExpressionHandler. It will instantiate a default MethodSecurityExpressionRoot which provides you all the default security expression (e.g. isAutghenticated(), isAnonymous() ,etc ) . Besides, you ha
Read more

Develop Spring boot REST API in AWS - PART 1/4 (CodeBuild + ECR)

-
Image
This is a demo (part 1) of developing spring boot REST API in AWS. It involves the following steps:   (1) Coding of Spring Boot REST API.   (2) Creating Repository in AWS ECR.   (3) Building with AWS CodeBuild.   (4) Pushing docker image to AWS ECR.    In the next part, I will discuss about ECS cluster, ECS service and ECS task. Source Code: https://github.com/babysteps-topro/aws-springboot-pipeline1.git
Read more