désactivation des token csrf pour pouvoir appeller les requêtes POST

Zak
1 parent 77c18061
Showing 16 changed files with 306 additions and 22 deletions Show diff stats
nbactions.xml
pom.xml
src/main/java/fr/plil/sio/web/mvc/ApplicationSecurityConfiguration.java
src/main/java/fr/plil/sio/web/mvc/Dette.java
src/main/java/fr/plil/sio/web/mvc/DetteForm.java
src/main/java/fr/plil/sio/web/mvc/User.java
src/main/java/fr/plil/sio/web/mvc/UserRepository.java
src/main/java/fr/plil/sio/web/mvc/UserRestController.java
src/main/java/fr/plil/sio/web/mvc/UserService.java
src/main/java/fr/plil/sio/web/mvc/UserServiceImpl.java
src/main/resources/import.sql
src/main/webapp/WEB-INF/pages/footer.jsp
src/main/webapp/WEB-INF/pages/header.jsp
src/main/webapp/WEB-INF/pages/viewUsers.jsp
src/main/webapp/js/kawafile.js
src/test/java/fr/plil/sio/web/mvc/UserRepositoryTest.java
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<actions>
+        <action>
+            <actionName>CUSTOM-spb</actionName>
+            <displayName>spb</displayName>
+            <goals>
+                <goal>spring-boot:run</goal>
+            </goals>
+        </action>
+        <action>
+            <actionName>debug</actionName>
+            <packagings>
+                <packaging>war</packaging>
+                <packaging>ear</packaging>
+                <packaging>ejb</packaging>
+            </packagings>
+            <goals>
+                <goal>spring-boot:run</goal>
+            </goals>
+            <properties>
+                <run.jvmArguments>-Xdebug -Xrunjdwp:transport=dt_socket,server=n,address=${jpda.address}</run.jvmArguments>
+                <jpda.listen>true</jpda.listen>
+            </properties>
+        </action>
+    </actions>
@@ -28,6 +28,10 @@
 			<groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+  <dependency>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-devtools</artifactId>
+  </dependency>        
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
@@ -28,6 +28,7 @@ public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapt
         http
                 .authorizeRequests()
                 .antMatchers("/webjars/**").permitAll()
+                .antMatchers("/js/**").permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .formLogin()
@@ -36,6 +37,7 @@ public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapt
                 .and()
                 .logout()
                 .permitAll();
+        http.csrf().disable();     
     }
  
     @Autowired
@@ -0,0 +1,86 @@
+package fr.plil.sio.web.mvc;
+
+import java.util.Objects;
+import javax.persistence.*;
+
+
+@Entity
+public class Dette {
+    
+    @Id
+    @GeneratedValue(strategy= GenerationType.AUTO)
+    private Long id;
+    
+    @Column
+    private Double sommeDette;
+
+        
+    @ManyToOne(optional = false)
+    private User dueToUser;
+    
+    @ManyToOne(optional = false)
+    private User holderOfDebt;
+    
+     public Double getSommeDette() {
+        return sommeDette;
+    }
+
+    public void setSommeDette(Double sommeDette) {
+        this.sommeDette = sommeDette;
+    }
+
+
+    public User getDueToUser() {
+        return dueToUser;
+    }
+
+    public void setDueToUser(User dueToUser) {
+        this.dueToUser = dueToUser;
+    }
+
+    public User getHolderOfDebt() {
+        return holderOfDebt;
+    }
+
+    public void setHolderOfDebt(User holderOfDebt) {
+        this.holderOfDebt = holderOfDebt;
+    }
+    
+    
+    
+    @Override
+    public int hashCode() {
+        int hash = 5;
+        hash = 71 * hash + Objects.hashCode(this.sommeDette);
+        return hash;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        final Dette other = (Dette) obj;
+        if (!Objects.equals(this.sommeDette, other.sommeDette)) {
+            return false;
+        }
+        if (!Objects.equals(this.dueToUser, other.dueToUser)) {
+            return false;
+        }
+        if (!Objects.equals(this.holderOfDebt, other.holderOfDebt)) {
+            return false;
+        }
+        return true;
+    }
+
+
+
+
+
+    
+    
+    
+}
@@ -0,0 +1,33 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package fr.plil.sio.web.mvc;
+
+/**
+ *
+ * @author msahmane
+ */
+public class DetteForm {
+    
+    private String username;
+    private String sommeDette;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getSommeDette() {
+        return sommeDette;
+    }
+
+    public void setSommeDette(String sommeDette) {
+        this.sommeDette = sommeDette;
+    }
+    
+}
@@ -2,11 +2,13 @@ package fr.plil.sio.web.mvc;
  
  
 import com.fasterxml.jackson.annotation.JsonManagedReference;
+import java.util.ArrayList;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
  
 import javax.persistence.*;
 import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;
  
@@ -25,6 +27,18 @@ public class User implements UserDetails {
     @Column(name = "PASSWORD_F")
     private String password;
  
+    @OneToMany(mappedBy="holderOfDebt",cascade = CascadeType.REMOVE)
+    private List<Dette> dettes = new ArrayList<Dette>();
+
+    public List<Dette> getDettes() {
+        return dettes;
+    }
+
+    public void setDettes(List<Dette> dettes) {
+        this.dettes = dettes;
+    }
+    
+    
     @ManyToMany(mappedBy = "users", fetch = FetchType.EAGER)
     @JsonManagedReference
     private Set<Role> roles = new TreeSet<>();
 package fr.plil.sio.web.mvc;
  
+import java.util.List;
 import org.springframework.data.jpa.repository.JpaRepository;
  
 public interface UserRepository extends JpaRepository<User, Long> {
  
     User findByUsername(String username);
+    List<Dette> findDettesByUsername(String username);
+    
+    
 }
@@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.RestController;
  
 import javax.annotation.Resource;
 import java.util.List;
+import org.springframework.web.bind.annotation.RequestParam;
  
 @RestController
 public class UserRestController {
@@ -23,4 +24,15 @@ public class UserRestController {
     public User listUsers(@PathVariable String username) {
         return userService.findByUsername(username);
     }
-}
 \ No newline at end of file
+
+    @RequestMapping(value = "/api/debts/{username}/", method = RequestMethod.GET)
+    public List<Dette> listDettes(@PathVariable String username) {
+        return userService.findDettesByUsername(username);
+    }
+
+    @RequestMapping(value = "/api/addDette/", method = RequestMethod.POST)
+    public boolean addDette(@RequestParam(value="username",required=false) String username,@RequestParam(value="sommeDette",required=false) String sommeDette) {
+        return userService.addDette(username,sommeDette);
+    }
+
+}
 package fr.plil.sio.web.mvc;
  
 import java.util.List;
+import org.springframework.web.bind.annotation.ResponseBody;
  
 public interface UserService {
  
     User createUser(String username, String password);
  
     User findByUsername(String username);
+    
+    List<Dette> findDettesByUsername(String username);
  
     List<User> findAll();
+    
+    boolean addDette(String username,String sommeDette);
 }
@@ -8,6 +8,7 @@ import javax.annotation.Resource;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import org.springframework.web.bind.annotation.ResponseBody;
  
 @Service("userService")
 public class UserServiceImpl implements UserService {
@@ -21,6 +22,9 @@ public class UserServiceImpl implements UserService {
     @Resource
     private PasswordEncoder passwordEncoder;
  
+    @Resource
+    private SecurityService securityService;
+
     @Override
     @Transactional
     public User createUser(String username, String password) {
@@ -42,7 +46,39 @@ public class UserServiceImpl implements UserService {
  
     @Override
     @Transactional(readOnly = true)
+    public List<Dette> findDettesByUsername(String username) {
+        return userRepository.findDettesByUsername(username);
+    }
+
+    @Override
+    @Transactional(readOnly = true)
     public List<User> findAll() {
         return userRepository.findAll();
     }
+
+    @Override
+    @Transactional
+    public boolean addDette(String username, String sommeDette) {
+        //Get the holder of debt
+        User user = userRepository.findByUsername(username);
+
+        //Get connected user
+        // Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        String connectedUsername = securityService.findLoggedInUsername();
+        User connectedUser = userRepository.findByUsername(connectedUsername);
+
+        //Set dette
+        List<Dette> dettes = user.getDettes();
+        List<Dette> newDettes = user.getDettes();
+        Dette d = new Dette();
+        Double dSomme = Double.parseDouble(sommeDette);
+        d.setSommeDette(dSomme);
+        d.setHolderOfDebt(connectedUser);
+        d.setDueToUser(user);
+        newDettes.add(d);
+        connectedUser.setDettes(newDettes);
+        
+        return true;
+    }
+
 }
 INSERT INTO USER_T (USERNAME_F, PASSWORD_F) VALUES ('admin', '$2a$04$/87gxfQlNqMNRvI/ILyZ/.F8Bk2/t2RuWoZXE1upQHeUglbjTYIIa');
+INSERT INTO USER_T (USERNAME_F, PASSWORD_F) VALUES ('test', '$2a$04$/87gxfQlNqMNRvI/ILyZ/.F8Bk2/t2RuWoZXE1upQHeUglbjTYIIa');
+INSERT INTO USER_T (USERNAME_F, PASSWORD_F) VALUES ('test1', '$2a$04$/87gxfQlNqMNRvI/ILyZ/.F8Bk2/t2RuWoZXE1upQHeUglbjTYIIa');
+INSERT INTO USER_T (USERNAME_F, PASSWORD_F) VALUES ('test2', '$2a$04$/87gxfQlNqMNRvI/ILyZ/.F8Bk2/t2RuWoZXE1upQHeUglbjTYIIa');
+INSERT INTO USER_T (USERNAME_F, PASSWORD_F) VALUES ('test3', '$2a$04$/87gxfQlNqMNRvI/ILyZ/.F8Bk2/t2RuWoZXE1upQHeUglbjTYIIa');
+INSERT INTO USER_T (USERNAME_F, PASSWORD_F) VALUES ('test4', '$2a$04$/87gxfQlNqMNRvI/ILyZ/.F8Bk2/t2RuWoZXE1upQHeUglbjTYIIa');
 INSERT INTO ROLE_T (NAME_F) VALUES ('ROLE_ADMIN');
 INSERT INTO ROLE_T (NAME_F) VALUES ('ROLE_USER');
 INSERT INTO USER_ROLE_T (USER_ID, ROLE_ID) VALUES ((SELECT USER_ID FROM USER_T WHERE USERNAME_F = 'admin'), (SELECT ROLE_ID FROM ROLE_T WHERE NAME_F = 'ROLE_ADMIN'));
 \ No newline at end of file
 <script src="/webjars/jquery/jquery.min.js"></script>
+<script src="/js/kawafile.js" type="text/javascript"></script>
 </body>
 </html>
@@ -6,3 +6,4 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title><%= request.getAttribute("pageTitle") %></title>
 </head>
+<a href="login.jsp"></a>
 \ No newline at end of file
@@ -5,29 +5,28 @@
 <jsp:include page="header.jsp">
     <jsp:param name="pageTitle" value="View users page"/>
 </jsp:include>
-
-        <h1><spring:message code="view.users.main.header"/></h1>
-
-        <h4><spring:message code="view.users.greetings"/> ${userSession.username} !</h4>
-
-        <table>
-            <thead>
-                <tr>
-                    <td><spring:message code="domain.user.username"/></td>
-                </tr>
-            </thead>
-            <tbody>
-                <c:forEach items="${users}" var="user">
-                    <tr>
-                        <td>${user.username}</td>
-                    </tr>
-                </c:forEach>
-            </tbody>
-        </table>
-
+<body>
+    
+    <form>
+        <div class="form-group">
+                <label for="debt">Somme de la dette</label>
+                <input type="number" class="form-control" id="sommeDette"/>
+                <label for="debtFor">A : </label>
+                <input type="text" class="form-control" id="username"/>
+            
+        </div>
+        <button type="submit" onclick="updateDebtOfUser()">Update</button>
+    </form>
+    
+    
+    
+    
     <ul>
         <li><a href="newUser"><spring:message code="new.user.main.header"/></a></li>
         <li><a href="login?logout"><spring:message code="view.users.main.logout"/></a></li>
     </ul>
+</body>
+        
+
  
 <jsp:include page="footer.jsp"/>
 \ No newline at end of file
@@ -0,0 +1,57 @@
+var debtsOfUser = [];
+
+function getDebtsOfUser(username){
+    var url = "/api/userDebts"+username;
+    
+    $.getJson(url,function(d){
+            debtsOfUser = d;
+    });
+}
+
+function updateDebtOfUser(){
+        
+    var url ="/api/addDette/";
+    
+    
+    
+    
+    var user = $("#username").val();
+    var dette = $("#sommeDette").val();
+    
+    var requestData = {
+        'username':user,
+        'sommeDette':dette
+    };
+    
+
+     
+    
+//    var dette = {
+//         username:$("#username").val(),
+//        sommeDette : $("#sommeDette").val()       
+//    };
+//    console.log(dette);
+//    var url ="/api/addDette/";
+//    
+    $.ajax({
+        url:url,
+        method:"POST",
+        data:requestData       
+    }).done(function(d){
+        alert("Ok");
+    }).success(function(d){
+        console.log(d);
+     });
+//        
+}
+
+
+(function(){
+    'use strict';
+    
+    
+    
+    
+    
+})();
+
@@ -21,7 +21,7 @@ public class UserRepositoryTest {
  
     @Test
     public void testAdminPresent() {
-        assertEquals(1, userRepository.findAll().size());
+        assertEquals(6, userRepository.findAll().size());
         assertNotNull(userRepository.findByUsername("admin"));
         assertEquals("admin", userRepository.findByUsername("admin").getUsername());
     }