Search in sources :

Example 1 with ValidationErrorsVm

use of org.summerb.webappboilerplate.model.ValidationErrorsVm in project summerb by skarpushin.

the class ControllerExceptionHandlerStrategyLegacyImpl method buildJsonError.

/**
 * This peace of crap needs to be removed. Because in case of JSON it's rest
 * API, there is no place for {@link ModelAndView}. Response should be pure JSON
 * content.
 *
 * So instead of implementing it here it's better to just re-throw exception and
 * let {@link RestExceptionTranslator} handle it and gracefully convert it into
 * json description of error happened
 */
protected ModelAndView buildJsonError(Throwable ex, HttpServletRequest req, HttpServletResponse res) {
    String msg = exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale());
    NotAuthorizedException nae;
    FieldValidationException fve;
    AccessDeniedException ade;
    boolean translateAuthExc = Boolean.TRUE.equals(Boolean.valueOf(req.getHeader(RestExceptionTranslator.X_TRANSLATE_AUTHORIZATION_ERRORS)));
    if ((nae = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class)) != null) {
        NotAuthorizedResult naeResult = nae.getResult();
        res.setStatus(isAnonymous() ? HttpServletResponse.SC_UNAUTHORIZED : HttpServletResponse.SC_FORBIDDEN);
        if (translateAuthExc) {
            return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
        } else {
            respondWithJson(naeResult, res);
            return null;
        }
    } else if ((ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class)) != null) {
        res.setStatus(isAnonymous() ? HttpServletResponse.SC_UNAUTHORIZED : HttpServletResponse.SC_FORBIDDEN);
        if (translateAuthExc) {
            return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
        } else {
            respondWithJson(new NotAuthorizedResult(getCurrentUser(), SecurityMessageCodes.ACCESS_DENIED), res);
            return null;
        }
    } else if ((fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class)) != null) {
        res.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        ValidationErrorsVm vepm = new ValidationErrorsVm(fve.getErrors());
        return new ModelAndView(jsonView, ControllerBase.ATTR_VALIDATION_ERRORS, vepm.getMsg());
    }
    log.warn("Failed to process request", ex);
    res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    return new ModelAndView(jsonView, ControllerBase.ATTR_EXCEPTION, msg);
}
Also used : FieldValidationException(org.summerb.validation.FieldValidationException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ValidationErrorsVm(org.summerb.webappboilerplate.model.ValidationErrorsVm) ModelAndView(org.springframework.web.servlet.ModelAndView) NotAuthorizedResult(org.summerb.security.api.dto.NotAuthorizedResult) NotAuthorizedException(org.summerb.security.api.exceptions.NotAuthorizedException)

Example 2 with ValidationErrorsVm

use of org.summerb.webappboilerplate.model.ValidationErrorsVm in project summerb by skarpushin.

the class LoginController method processRegisterForm.

@RequestMapping(method = RequestMethod.POST, value = SecurityActionsUrlsProviderDefaultImpl.REGISTER)
public String processRegisterForm(@ModelAttribute(ATTR_REGISTRATION) Registration registration, Model model, HttpServletRequest request) {
    if (!isAutoTestMode) {
        CaptchaController.assertCaptchaTokenValid("register", registration.getCaptcha(), request);
    }
    try {
        // Create user
        User user = usersServiceFacade.registerUser(registration);
        model.addAttribute(ATTR_REGISTERED, true);
        if (isDevMode) {
            String activationAbsoluteLink = absoluteUrlBuilder.buildExternalUrl(securityActionsUrlsProvider.buildRegistrationActivationPath(user, null));
            model.addAttribute(UserAccountChangeHadlersDefaultImpl.ATTR_ACTIVATION_LINK, activationAbsoluteLink);
        }
    } catch (FieldValidationException fve) {
        model.addAttribute(ControllerBase.ATTR_VALIDATION_ERRORS, new ValidationErrorsVm(fve.getErrors()));
    }
    return views.registerForm();
}
Also used : FieldValidationException(org.summerb.validation.FieldValidationException) User(org.summerb.users.api.dto.User) ValidationErrorsVm(org.summerb.webappboilerplate.model.ValidationErrorsVm) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with ValidationErrorsVm

use of org.summerb.webappboilerplate.model.ValidationErrorsVm in project summerb by skarpushin.

the class LoginController method processPasswordChangeForm.

@Secured({ "ROLE_USER" })
@RequestMapping(method = RequestMethod.POST, value = SecurityActionsUrlsProviderDefaultImpl.CHANGE_PASSWORD)
public String processPasswordChangeForm(@ModelAttribute(ATTR_PASSWORD_CHANGE) PasswordChange passwordChange, Model model, HttpServletRequest request) throws UserNotFoundException {
    try {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        usersServiceFacade.changePassword(auth.getName(), passwordChange);
        model.addAttribute(ATTR_PASSWORD_CHANGED, true);
    } catch (FieldValidationException fve) {
        model.addAttribute(ControllerBase.ATTR_VALIDATION_ERRORS, new ValidationErrorsVm(fve.getErrors()));
    }
    return views.changePassword();
}
Also used : FieldValidationException(org.summerb.validation.FieldValidationException) Authentication(org.springframework.security.core.Authentication) ValidationErrorsVm(org.summerb.webappboilerplate.model.ValidationErrorsVm) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

FieldValidationException (org.summerb.validation.FieldValidationException)3 ValidationErrorsVm (org.summerb.webappboilerplate.model.ValidationErrorsVm)3 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 Secured (org.springframework.security.access.annotation.Secured)1 Authentication (org.springframework.security.core.Authentication)1 ModelAndView (org.springframework.web.servlet.ModelAndView)1 NotAuthorizedResult (org.summerb.security.api.dto.NotAuthorizedResult)1 NotAuthorizedException (org.summerb.security.api.exceptions.NotAuthorizedException)1 User (org.summerb.users.api.dto.User)1