I have a spring boot application secured with spring security.
Every thing works fine. but if a user account is locked, how can I display message as Account locked, instead of Invalid user name and password.
My login form
<div class="panel-body">
<div class="row text-center">
<div th:if="${param.error}">Invalid user name and password.</div>
<div th:if="${param.logout}">You have been logged out.</div>
</div>
<div class="row">
<form class="form-horizontal" role="form" th:action="#{/login}" method="post">
<div class="form-group">
<label class="col-md-4 control-label"> User Name </label>
<div class="col-md-6"><input type="text" name="username" />
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label"> Password </label>
<div class="col-md-6"><input type="password" name="password" />
</div>
</div>
<div class="form-group">
<div class="col-md-offset-4 col-md-6">
<input type="submit" value="Sign In" class="btn btn-primary" />
</div>
</div>
</form>
</div>
</div>
Security config
#Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
#Autowired
MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
#Override
public void configure(WebSecurity web) throws Exception {
String[] unsecuredResources = { "/css/**", "/js/**", "/img/**", "/fonts/**" };
web.ignoring().antMatchers(unsecuredResources);
}
#Override
protected void configure(HttpSecurity http) throws Exception {
String[] unSecuredUrls = { "login.html", "/login", "/home", "/appPwd.html", "/partials/pwdRequest.html" };
http.authorizeRequests().antMatchers(unSecuredUrls).permitAll();
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl("/", true)
.successHandler(myAuthenticationSuccessHandler)
/* .failureHandler(myAuthenticationFailureHandler) */.and().logout().permitAll();
}
}
You need to extract the reason for the failure from Spring security. The following code will work.
<div class="error" th:if="${param.error}"
th:with="errorMsg=${session['SPRING_SECURITY_LAST_EXCEPTION'].message}">
Reason: <span th:text="${errorMsg}">Wrong input!</span>
</div>
Related
My application using vue3 to build devise sign up page and i'm using axios request to create user.
In registration controller, i found that params has added added an extra field name called registration data.
<ActionController::Parameters {"user"=>{"name"=>"name", "email"=>"mail", "phone"=>"123", "type"=>0}, "controller"=>"users/registrations", "action"=>"create", "registration"=>{"user"=>{"name"=>"name", "email"=>"mail", "phone"=>"123", "type"=>0}}}
It contains params[:user], that looks weird to me. Can someone explain?
"registration"=>{"user"=>{"name"=>"name", "email"=>"mail", "phone"=>"123", "type"=>0}
My form code:
methods: {
signUp: function(e) {
e.preventDefault();
let user_params = {
user: {
name: this.name,
email: this.email,
phone: this.phone,
type: this.type,
}
}
this.$http.post('/users', user_params)
.then(response => {
this.$emit('next');
}).catch(err => {
this.error = err.response.data;
});
},
}
And in view
<form>
<div class="col-md-6 col-sm-8 col-10 mt-5 mx-auto text-center">
<div class="checked-circle mx-auto">
<img :src="checkedStepImg" class="w-100 h-100">
</div>
<div class="title mt-5"> Let sign up for your account </div>
<div class="mt-3 text-red" v-if="error">{{ error }} </div>
<div class="row mt-3">
<div class="col-6">
<input class="form-control shadow-none rounded-0" placeholder="Name" v-model="name">
</div>
<div class="col-6">
<input class="form-control shadow-none rounded-0" placeholder="Email" v-model="email">
</div>
</div>
<div class="row mt-3">
<div class="col-6">
<div class="input-group">
<span class="input-group-text rounded-0">+1</span>
<input type="text" class="form-control shadow-none rounded-0 bg-white" placeholder="Phone" v-model="phone">
</div>
</div>
<div class="col-6">
<select class="form-select shadow-none rounded-0" aria-label="Default select example" v-model="type">
<option value="0" selected> Personal </option>
<option value="1"> Corporation </option>
</select>
</div>
</div>
<div class="col-6 col-sm-5 mx-auto btn-box mt-5">
<button class="btn btn-dark w-100 h-100" #click.prevent="signUp"> Sign up!</button>
</div>
</div>
</form>
That does not happen if i use a normal form devise sign_up
I'm working on a use case in my animal shelter web application where customers are able to register one or more animals at the same time. Ideally I'd like a button on the bottom left that generates another instance of the same form when clicked, so that multiple animal registrations can be saved to the database at once.
NewAnimalRegistration.cshtml:
#model NewAnimalRegistrationViewModel
<html>
<head>
<title>Register an animal</title>
<link rel="stylesheet" href="~/css/style.css"/>
</head>
<body>
<div class="container py-5">
<div class=" row">
<div class="col-md-10" mx-auto>
<div asp-validation-summary="All"></div>
<h1>Animal registration</h1>
<p>
We are happy to hear that you are interested in placing your animal in our shelter. Please fill in the fields below and our system will
check if there is room for your animal.
</p>
<form asp-action="RegistrationForm" method="post">
<div class="form-group row mt-5">
<div class="col-sm-6">
<label asp-for="Name">Name</label>
<input asp-for="Name" class="form-control"/>
</div>
</div>
<div class="form-group row mt-5">
<div class="col-sm-4">
<label asp-for="Gender" class="mr-3">Gender</label>
<select class="form-group" asp-for="Gender" asp-items="#ViewBag.Genders"></select>
</div>
<div class="col-sm-4">
<label asp-for="Type" class="mr-3">Animal type</label>
<select class="form-group" asp-for="Type" asp-items="#ViewBag.AnimalTypes"></select>
</div>
<div class="col-sm-4">
<label>Neutered</label>
<div class="form-check">
<input asp-for="IsNeutered" class="form-check-input" type="radio" value="true">
<label class="form-check-label" asp-for="IsNeutered">
Yes
</label>
</div>
<div class="form-check">
<input asp-for="IsNeutered" class="form-check-input" type="radio" value="false">
<label class="form-check-label" asp-for="IsNeutered">
No
</label>
</div>
</div>
</div>
<div class="form-group mt-5">
<label asp-for="Reason">Why are you deciding to put this animal up for adoption?</label>
<textarea class="form-control" asp-for="Reason" rows="6"></textarea>
</div>
<div class="float-right">
<a asp-controller="Home" asp-action="Index" class="btn btn-primary px-4">Cancel</a>
<button class="btn btn-primary px-4">Save</button>
</div>
</form>
</div>
</div>
</div>
</body>
</html>
Is there a way to do this in .NET Core MVC? If yes, will I simply receive a list of all animal registrations through which I can simply loop and add them all to the database?
I made a demo based on your description, you can refer to it:
Model:
public class NewAnimalRegistrationViewModel
{
public int Id { get; set; }
public string Name { get; set; }
public string Gender { get; set; }
public string Type { get; set; }
public bool IsNeutered { get; set; }
public string Reason { get; set; }
}
Index.cshtml:
#model NewAnimalRegistrationViewModel
<html>
<head>
<title>Register an animal</title>
</head>
<body>
<div class="container py-5">
<div class=" row">
<div class="col-md-10" mx-auto>
<div asp-validation-summary="All"></div>
<h1>Animal registration</h1>
<p>
We are happy to hear that you are interested in placing your animal in our shelter. Please fill in the fields below and our system will
check if there is room for your animal.
</p>
<form asp-action="RegistrationForm" method="post">
<div class="float-right">
<a asp-controller="Home" asp-action="Index" class="btn btn-primary px-4">Cancel</a>
<button class="btn btn-primary px-4">Save</button>
</div>
</form>
<a id="add" href='#' class="text-danger">register another animal</a>
</div>
</div>
</div>
</body>
</html>
#section scripts{
<script>
var count = 0;
$(function () {
var actionUrl = "/Home/AddRegistrationForm?count=" + count;
$.get(actionUrl).done(function (data) {
$('body').find('.float-right').before(data);
});
})
$("#add").on("click", function (e) {
e.preventDefault();
count++;
var actionUrl = "/Home/AddRegistrationForm?count=" + count;
$.get(actionUrl).done(function (data) {
$('body').find('.float-right').before(data);
});
})
</script>
}
_RegisterPartial.cshtml:
#model NewAnimalRegistrationViewModel
#{
int i = ViewBag.Count;
}
<h3>Anaimal #i</h3>
<div class="form-group row mt-5">
<div class="col-sm-6">
<label asp-for="Name">Name</label>
<input asp-for="Name" name="[#i].Name" class="form-control" />
</div>
</div>
<div class="form-group row mt-5">
<div class="col-sm-4">
<label asp-for="Gender" class="mr-3">Gender</label>
<select class="form-group" asp-for="Gender" name="[#i].Gender" asp-items="#ViewBag.Genders"></select>
</div>
<div class="col-sm-4">
<label asp-for="Type" class="mr-3">Animal type</label>
<select class="form-group" asp-for="Type" name="[#i].Type" asp-items="#ViewBag.AnimalTypes"></select>
</div>
<div class="col-sm-4">
<label>Neutered</label>
<div class="form-check">
<input asp-for="IsNeutered" name="[#i].IsNeutered" class="form-check-input" type="radio" value="true">
<label class="form-check-label" asp-for="IsNeutered">
Yes
</label>
</div>
<div class="form-check">
<input asp-for="IsNeutered" name="[#i].IsNeutered" class="form-check-input" type="radio" value="false">
<label class="form-check-label" asp-for="IsNeutered">
No
</label>
</div>
</div>
</div>
<div class="form-group mt-5">
<label asp-for="Reason">Why are you deciding to put this animal up for adoption?</label>
<textarea class="form-control" asp-for="Reason" name="[#i].Reason" rows="6"></textarea>
</div>
Controller:
public IActionResult Index()
{
return View();
}
[HttpGet]
public IActionResult AddRegistrationForm(int count)
{
ViewBag.Count = count;
ViewBag.Genders = new List<SelectListItem>
{
new SelectListItem{ Text = "Female", Value="Female"},
new SelectListItem{ Text = "Male", Value="Male"}
};
ViewBag.AnimalTypes = new List<SelectListItem>
{
new SelectListItem{ Text = "Cat", Value="Cat"},
new SelectListItem{ Text = "Dog", Value="Dog"}
};
return PartialView("_RegisterPartial");
}
[HttpPost]
public IActionResult RegistrationForm(List<NewAnimalRegistrationViewModel> model)
{
return View();
}
Result:
My page is validating a field that is not required when I submit, even though there is no validation configured for this field.
Create.cshtml
#model Lawtech.App.ViewModels.ProcessoViewModel
#{
ViewData["Title"] = "Novo processo";
}
<h3 style="padding-top: 10px">#ViewData["Title"] </h3>
<hr />
<div class="row">
<div class="col-md-12">
<form asp-action="Create">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="row">
<div class="form-group col-md-4">
<label asp-for="Numero" class="control-label"></label>
<input asp-for="Numero" class="form-control" />
<span asp-validation-for="Numero" class="text-danger"></span>
</div>
<div class="form-group col-sm-4">
<label asp-for="IdArea" class="control-label"></label>
<div class="input-group">
<select id="slcArea" asp-for="IdArea" class="form-control select2"></select>
<div class="input-group-btn">
<a asp-action="CreateArea" class="btn btn-info" style="border-radius:0 0.25rem 0.25rem 0" data-modal="">
<span class="fa fa-plus"></span>
</a>
</div>
</div>
</div>
</div>
<div class="row">
<div class="form-group col-md-6 mt-4">
<input type="submit" value="Cadastrar" class="btn btn-sm btn-primary" />
<a class="btn btn-sm btn-info" asp-action="Index">Voltar</a>
</div>
</div>
</form>
</div>
</div>
<div id="myModal" class="modal fade in">
<div class="modal-dialog">
<div class="modal-content">
<div id="myModalContent"></div>
</div>
</div>
</div>
ViewModel
public class ProcessoViewModel
{
[Key]
public int Id { get; set; }
[DisplayName("Número")]
[Required(ErrorMessage = "O campo número é obrigatório")]
public string Numero { get; set; }
[DisplayName("Área")]
public int IdArea { get; set; }
}
Controller
In Controller Create method, nothing happens, because all validation takes place on the client side.
[Route("novo-processo")]
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(ProcessoViewModel processoViewModel)
{
try
{
if (!ModelState.IsValid) return View(processoViewModel);
await _processoBLL.Insert(_mapper.Map<ProcessoDTO>(processoViewModel));
if (!ValidOperation()) return View(processoViewModel);
return RedirectToAction(nameof(Index));
}
catch
{
return View();
}
}
Inspecting in Chrome I see this generated html for the field that I didn't require validation, I don't know if it could be something related to Jquery.Unobtrusive but I can't remove it either because other fields will be validated.
<select id="slcArea" class="form-control select2 select2-hidden-accessible input-validation-error" data-val="true" data-val-required="The Área field is required." name="IdArea" data-select2-id="slcArea" tabindex="-1" aria-hidden="true" aria-describedby="slcArea-error" aria-invalid="true"></select>
Why is this validation taking place that I have not defined the field as required?
Not nullable properties (that is properties with value types) are always required. Use nullable types (reference types) for properties if they should not be required - eg. int?.
You can always use formnovalidate on any input you don't want validated.
<input asp-for="Numero" formnovalidate="formnovalidate" class="form-control" />
This way there is no need to change your model. This is demonstrated at W3Schools
I tray use ViewComponent in Razor Page with condition,
and each Viewcomponents are separate,
My razorpage is "/Subfolder/Index.cshtml"
<div class="row">
<div class="col-md-4">
#await Component.InvokeAsync("RightMenu")
</div>
<div class="col-md-8">
#if (Model.SIndex != 0)
{
#await Component.InvokeAsync("SubContent", new { id = Model.SIndex })
}
#if (Model.SIndex == 15)
{
<div class="row">
<div class="col-md-12">
<form method="post">
#await Component.InvokeAsync("QuestionUs", new { askLibrarian = new Lib.Model.AskLibrarian() })
<div class="form-group">
<input type="submit" value="ask Question" class="btn btn-default" asp-page-handler="question" />
</div>
</form>
</div>
</div>
}
</div>
and code behind of this is "/subfolder/index.cshtml.cs"
public class IndexModel : PageModel
{
private readonly Lib.Model.LibContext _context;
[BindProperty]
public int SIndex { get; set; }
public async Task OnGet(int Id)
{
SIndex = Id;
}
[BindProperty]
public AskLibrarian AskLibrarian { get; set; }
public async Task<IActionResult> OnPostquestionAsync()
{
if (!ModelState.IsValid)
{
return Page();
}
_context.AskLibrarians.Add(AskLibrarian);
await _context.SaveChangesAsync();
return RedirectToPage("./Index");
}
}
Now "questionViewcomponent" is a simple form that show many input elements
in "/subfolder/component/questionus/default.cshtml"
#model Lib.Model.AskLibrarian
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="form-row">
<div class="form-group col-md-6">
<label asp-for="FullName" class="control-label"></label>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text"><i class="fas fa-user"></i></div>
</div>
<input asp-for="FullName" class="form-control" />
<span asp-validation-for="FullName" class="text-danger"></span>
</div>
</div>
<div class="form-group col-md-6">
<label asp-for="Email" class="control-label"></label>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text"><i class="fas fa-envelope"></i></div>
</div>
<input asp-for="Email" class="form-control" />
<span asp-validation-for="Email" class="text-danger"></span>
</div>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-4">
<label asp-for="LibraryNameId" class="control-label"></label>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text"><i class="fas fa-book"></i></div>
</div>
<select asp-for="LibraryNameId" class="form-control" asp-items="ViewBag.LibraryNameId"></select>
</div>
</div>
<div class="form-group col-md-8">
<label asp-for="Subject" class="control-label"></label>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text"><i class="fas fa-book-reader"></i></div>
</div>
<input asp-for="Subject" class="form-control" />
<span asp-validation-for="Subject" class="text-danger"></span>
</div>
</div>
</div>
<div class="form-group">
<label asp-for="Text" class="control-label"></label>
<textarea asp-for="Text" class="form-control" style="min-height:250px;"></textarea>
<span asp-validation-for="Text" class="text-danger"></span>
</div>
set breakpoint on "OnpostQuestionAsync", When I click on submit button with "question" handler do nothing and show me a blank page instead question form.
how can I resolve That
After a long Time my problem resolved by remove
<input type="submit" value="ask Question" class="btn btn-default" asp-page-handler="question" />
and add in form tag
<form method="post" sp-page-handler="question">
I'm new in Grails. I would like to use custom validator for matching two passwords during registration in my application. Unfortunetly doesn't work it.
Account.groovy
#Validateable
class Account {
String login
String password
String confirm
String passwordHashed
char active
static transients = ['password', 'confirm']
static belongsTo = Employee
static hasMany = [role:Role]
static constraints = {
login unique:true, blank: false
active nullable: true
password blank: false, size: 5..15, validator:{ val, obj ->
if(obj.password != obj.confirm ){
return ['dontmatch']
}
}
}
static mapping = {
id generator: 'increment'
}
}
AuthenticationController.groovy
class AuthenticationController {
def signUp(Account accountInstance){
if(accountInstance!= null){
if (accountInstance.hasErrors()) {
respond accountInstance.errors, view:'signUp'
return
}
else{
accountInstance.save(flush: true)
}
}
}
}
signUp.gsp
<%# page import="com.sarna.entity.Account"%>
<%# page import="com.sarna.entity.Employee"%>
<!DOCTYPE html>
<html>
<head>
<meta name="layout" content="bootstrap-main" />
<title>SARNA</title>
</head>
<body>
<br />
<div class="container">
<div style="margin-top: 50px"
class="mainbox col-md-6 col-md-offset-3 col-sm-8 col-sm-offset-2">
<div class="panel panel-info">
<div class="panel-heading">
<div class="panel-title">Sign Up</div>
<div
style="float: right; font-size: 85%; position: relative; top: -10px">
<a id="signinlink"
href="${createLink(uri: '/authentication/signIn') }">Sign In</a>
</div>
</div>
<div class="panel-body">
<g:form class="form-horizontal" role="form"
url="[resource: accountInstance]"
method="POST" controller="Authentication">
<g:hasErrors bean="${accountInstance}">
<div class="alert alert-danger">
<g:renderErrors bean="${accountInstance}" />
</div>
</g:hasErrors>
<div class="form-group">
<label for="email" class="col-md-3 control-label">Email</label>
<div class="col-md-9">
<input type="text" class="form-control" name="email"
placeholder="Email Address">
</div>
</div>
<div class="form-group">
<label for="icode" class="col-md-3 control-label">Login</label>
<div class="col-md-9">
<g:textField type="text" class="form-control" name="login"
required="" value="${accountInstance?.login }"
placeholder="Login" />
</div>
</div>
<div class="form-group">
<label for="password" class="col-md-3 control-label">Password</label>
<div class="col-md-9">
<g:passwordField name="password"
class="form-control ${hasErrors(bean:accountInstance,field:'password','errors')}"
placeholder="Password" />
</div>
</div>
<div class="form-group">
<label for="icode" class="col-md-3 control-label">Confirm</label>
<div class="col-md-9">
<g:passwordField
class="form-control ${hasErrors(bean:accountInstance,field:'password','errors')}"
name="confirm" placeholder="Confirm Password" />
</div>
</div>
<div class="form-group">
<!-- Button -->
<div class="col-md-offset-3 col-md-9">
<g:actionSubmit action="signUp"
class="btn btn-lg btn-success btn-block" value="Sign Up" />
</div>
</div>
</g:form>
</div>
</div>
</div>
</div>
</body>
</html>
messages.properties
account.password.dontmatch=Podane hasła muszą się zgadzać
I don't understand it. I enter two different passwords and I click signUp button, I don't see errors messages which should be display when validation failed. Could you help me?
The call of validate() is missing:
if (!accountInstance.validate() || accountInstance.hasErrors()) {
...
}
Match the actual value from the validator with the confirm property from the actual object.
password blank: false, size: 5..15, validator:{ val, obj ->
if( obj.confirm && val != obj.confirm ) { // val is password
return ['dontmatch']
}
}
I think instead of the respond in the controller you want
render (view: "signUp", model: [accountInstance: accountInstance])
Your view expects an accountInstance object in the view model to render the errors, so you have to provide it.
You can also just do
return [accountInstance: accountInstance]
If there is a gsp that has the same name as the current action grails will automatically render it.