├── .gitignore
├── src
└── main
│ ├── webapp
│ ├── META-INF
│ │ └── context.xml
│ └── index.html
│ ├── resources
│ ├── xml
│ │ └── PasswordChange.xml
│ ├── dozer-bean-mappings.xml
│ ├── application.properties
│ ├── banner.txt
│ ├── data.sql
│ └── ESAPI.properties
│ └── java
│ └── com
│ └── kalavit
│ └── javulna
│ ├── model
│ ├── MessageType.java
│ ├── MovieObject.java
│ ├── Movie.java
│ ├── Message.java
│ ├── BaseEntity.java
│ └── User.java
│ ├── services
│ ├── autodao
│ │ ├── MovieAutoDao.java
│ │ ├── MessageAutoDao.java
│ │ └── UserAutoDao.java
│ ├── RemotePasswordChangeService.java
│ ├── SellMovieObjectsService.java
│ ├── FileStorageService.java
│ ├── LdapService.java
│ ├── UserService.java
│ ├── MessageService.java
│ └── MovieService.java
│ ├── Application.java
│ ├── controllers
│ └── rest
│ │ ├── HelloController.java
│ │ ├── LdapController.java
│ │ ├── SellMovieObjectsController.java
│ │ ├── MessageController.java
│ │ ├── MovieController.java
│ │ ├── UserController.java
│ │ └── FileController.java
│ ├── dto
│ ├── ChatDto.java
│ ├── OrderListDto.java
│ ├── OrderResultDto.java
│ ├── OrderItemDto.java
│ ├── UserInMessageDto.java
│ ├── MessageDto.java
│ ├── UploadFileResponse.java
│ ├── LdapUserDto.java
│ ├── MovieDto.java
│ └── UserDto.java
│ ├── utils
│ ├── FileUtil.java
│ └── SerializationUtil.java
│ ├── springconfig
│ ├── CustomAuthenticationFailureHandler.java
│ ├── CustomLogoutSuccessHandler.java
│ ├── LdapConfig.java
│ ├── UserDetailsServiceImpl.java
│ ├── WebSocketConfig.java
│ ├── CustomAuthenticationSuccessHandler.java
│ ├── MyServletConfig.java
│ └── WebSecurityConfig.java
│ ├── exception
│ └── InvalidOrderException.java
│ └── filter
│ └── ExtraAuthenticationCheckFilter.java
├── doc
├── ldap.ldif
├── mypolicy.policy
└── Javulna.postman_collection.json
├── pom.xml
└── readme.md
/.gitignore:
--------------------------------------------------------------------------------
1 | /target
2 | nbactions.xml
3 | .idea
4 |
--------------------------------------------------------------------------------
/src/main/webapp/META-INF/context.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/src/main/resources/xml/PasswordChange.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | PWD_TO_REPLACE
5 | USERNAME_TO_REPLACE
6 |
--------------------------------------------------------------------------------
/src/main/webapp/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Start Page
5 |
6 |
7 |
8 | Hello World!
9 |
10 |
11 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/model/MessageType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.model;
7 |
8 | /**
9 | *
10 | * @author peti
11 | */
12 | public enum MessageType {
13 | mail, chat;
14 | }
15 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/autodao/MovieAutoDao.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services.autodao;
7 |
8 | import com.kalavit.javulna.model.Movie;
9 | import org.springframework.data.jpa.repository.JpaRepository;
10 | import org.springframework.stereotype.Repository;
11 |
12 | /**
13 | *
14 | * @author peti
15 | */
16 | @Repository
17 | public interface MovieAutoDao extends JpaRepository{
18 |
19 | }
20 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/Application.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna;
7 |
8 | import org.springframework.boot.SpringApplication;
9 | import org.springframework.boot.autoconfigure.SpringBootApplication;
10 |
11 | /**
12 | *
13 | * @author peti
14 | */
15 | @SpringBootApplication
16 | public class Application {
17 | public static void main(String[] args){
18 | SpringApplication.run(Application.class, args);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/autodao/MessageAutoDao.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services.autodao;
7 |
8 | import com.kalavit.javulna.model.Message;
9 | import org.springframework.data.jpa.repository.JpaRepository;
10 | import org.springframework.stereotype.Repository;
11 |
12 | /**
13 | *
14 | * @author peti
15 | */
16 | @Repository
17 | public interface MessageAutoDao extends JpaRepository{
18 |
19 | }
20 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/HelloController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import org.springframework.web.bind.annotation.RequestMapping;
9 | import org.springframework.web.bind.annotation.RestController;
10 |
11 | /**
12 | *
13 | * @author peti
14 | */
15 | @RestController
16 | public class HelloController {
17 |
18 | @RequestMapping("/hello")
19 | public String sayHEllo(){
20 | return "Udv Javulna-ban";
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/autodao/UserAutoDao.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services.autodao;
7 |
8 | import com.kalavit.javulna.model.User;
9 | import java.io.Serializable;
10 | import org.springframework.data.jpa.repository.JpaRepository;
11 | import org.springframework.stereotype.Repository;
12 |
13 | /**
14 | *
15 | * @author peti
16 | */
17 | @Repository
18 | public interface UserAutoDao extends JpaRepository{
19 | public User findUserByName(String name);
20 | }
21 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/ChatDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | /**
9 | *
10 | * @author peti
11 | */
12 | public class ChatDto {
13 | private String text;
14 | private String toUser;
15 |
16 | public String getText() {
17 | return text;
18 | }
19 |
20 | public void setText(String text) {
21 | this.text = text;
22 | }
23 |
24 | public String getToUser() {
25 | return toUser;
26 | }
27 |
28 | public void setToUser(String toUser) {
29 | this.toUser = toUser;
30 | }
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/resources/dozer-bean-mappings.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 |
8 |
9 |
10 |
11 | com.kalavit.javulna.dto.UserDto
12 | com.kalavit.javulna.model.User
13 |
14 |
15 |
16 | com.kalavit.javulna.dto.UserDto
17 | com.kalavit.javulna.model.User
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/OrderListDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | import java.util.List;
9 | import javax.validation.Valid;
10 | import javax.validation.constraints.NotBlank;
11 |
12 | /**
13 | *
14 | * @author peti
15 | */
16 | public class OrderListDto {
17 |
18 | @Valid
19 | private List orderItems;
20 |
21 | public List getOrderItems() {
22 | return orderItems;
23 | }
24 |
25 | public void setOrderItems(List orderItems) {
26 | this.orderItems = orderItems;
27 | }
28 |
29 |
30 | }
31 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/utils/FileUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.utils;
7 |
8 | import java.io.File;
9 | import java.io.FileNotFoundException;
10 | import java.io.InputStream;
11 | import org.apache.commons.io.FileUtils;
12 |
13 | /**
14 | *
15 | * @author peti
16 | */
17 | public class FileUtil {
18 |
19 | private static final String FILE_BASE = "/home/javu/files/";
20 |
21 | public static void saveFile(InputStream is, String fileName) throws Exception{
22 | File outFile = new File(FILE_BASE + fileName);
23 | FileUtils.copyInputStreamToFile(is, outFile);
24 | }
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/OrderResultDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | /**
9 | *
10 | * @author peti
11 | */
12 | public class OrderResultDto {
13 | private OrderListDto orderList;
14 | private int sumPriceToPay;
15 |
16 | public OrderListDto getOrderList() {
17 | return orderList;
18 | }
19 |
20 | public void setOrderList(OrderListDto orderList) {
21 | this.orderList = orderList;
22 | }
23 |
24 | public int getSumPriceToPay() {
25 | return sumPriceToPay;
26 | }
27 |
28 | public void setSumPriceToPay(int sumPriceToPay) {
29 | this.sumPriceToPay = sumPriceToPay;
30 | }
31 |
32 |
33 |
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/LdapController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import com.kalavit.javulna.dto.LdapUserDto;
9 | import com.kalavit.javulna.services.LdapService;
10 | import org.springframework.beans.factory.annotation.Autowired;
11 | import org.springframework.web.bind.annotation.GetMapping;
12 | import org.springframework.web.bind.annotation.RequestParam;
13 | import org.springframework.web.bind.annotation.RestController;
14 |
15 | /**
16 | *
17 | * @author peti
18 | */
19 | @RestController
20 | public class LdapController {
21 |
22 | @Autowired
23 | LdapService ldapService;
24 |
25 | @GetMapping(path = "/rest/ldap")
26 | public LdapUserDto findUserInLDAP(
27 | @RequestParam(name = "username") String username,
28 | @RequestParam(name = "password") String pwd) {
29 | return ldapService.findUser(username, pwd);
30 | }
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/model/MovieObject.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.model;
7 |
8 | import javax.persistence.Entity;
9 | import javax.persistence.Lob;
10 | import javax.persistence.Table;
11 |
12 | /**
13 | *
14 | * @author peti
15 | */
16 | @Entity
17 | @Table(name = "MOVIEOBJECT")
18 | public class MovieObject extends BaseEntity{
19 | private String name;
20 | @Lob
21 | private String description;
22 | private int price;
23 |
24 | public String getName() {
25 | return name;
26 | }
27 |
28 | public void setName(String name) {
29 | this.name = name;
30 | }
31 |
32 | public String getDescription() {
33 | return description;
34 | }
35 |
36 | public void setDescription(String description) {
37 | this.description = description;
38 | }
39 |
40 | public int getPrice() {
41 | return price;
42 | }
43 |
44 | public void setPrice(int price) {
45 | this.price = price;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/model/Movie.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.model;
7 |
8 | import javax.persistence.Column;
9 | import javax.persistence.Entity;
10 | import javax.persistence.Lob;
11 |
12 | /**
13 | *
14 | * @author peti
15 | */
16 | @Entity
17 | public class Movie extends BaseEntity{
18 | private String title;
19 | @Lob
20 | @Column(length=20971520)
21 | private String description;
22 | private String genre;
23 |
24 | public String getTitle() {
25 | return title;
26 | }
27 |
28 | public void setTitle(String title) {
29 | this.title = title;
30 | }
31 |
32 | public String getDescription() {
33 | return description;
34 | }
35 |
36 | public void setDescription(String description) {
37 | this.description = description;
38 | }
39 |
40 | public String getGenre() {
41 | return genre;
42 | }
43 |
44 | public void setGenre(String genre) {
45 | this.genre = genre;
46 | }
47 |
48 | }
49 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/CustomAuthenticationFailureHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 | import java.io.IOException;
9 | import javax.servlet.ServletException;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import org.springframework.security.core.AuthenticationException;
13 | import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
14 | import org.springframework.stereotype.Component;
15 |
16 | /**
17 | *
18 | * @author Krisz
19 | */
20 | @Component
21 | public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
22 |
23 | @Override
24 | public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
25 | AuthenticationException exception) throws IOException, ServletException {
26 | response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed: " + exception.getMessage());
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/OrderItemDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | import javax.validation.constraints.Max;
9 | import javax.validation.constraints.Min;
10 | import javax.validation.constraints.NotBlank;
11 | import javax.validation.constraints.NotEmpty;
12 | import javax.validation.constraints.NotNull;
13 |
14 | /**
15 | *
16 | * @author peti
17 | */
18 | public class OrderItemDto {
19 |
20 | @NotBlank
21 | private String movieObjectId;
22 |
23 | @Min(1)
24 | @Max(100_000)
25 | @NotNull
26 | private Integer nrOfItemsOrdered;
27 |
28 | public String getMovieObjectId() {
29 | return movieObjectId;
30 | }
31 |
32 | public void setMovieObjectId(String movieObjectId) {
33 | this.movieObjectId = movieObjectId;
34 | }
35 |
36 | public Integer getNrOfItemsOrdered() {
37 | return nrOfItemsOrdered;
38 | }
39 |
40 | public void setNrOfItemsOrdered(Integer nrOfItemsOrdered) {
41 | this.nrOfItemsOrdered = nrOfItemsOrdered;
42 | }
43 |
44 |
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/CustomLogoutSuccessHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 | import java.io.IOException;
9 | import javax.servlet.ServletException;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import org.springframework.security.core.Authentication;
13 | import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
14 | import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
15 | import org.springframework.stereotype.Component;
16 |
17 | /**
18 | *
19 | * @author SKCADMIN
20 | */
21 | @Component
22 | public class CustomLogoutSuccessHandler extends
23 | SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
24 |
25 |
26 |
27 | @Override
28 | public void onLogoutSuccess(
29 | HttpServletRequest request,
30 | HttpServletResponse response,
31 | Authentication authentication)
32 | throws IOException, ServletException {
33 | response.getWriter().write("logout successfull");
34 | }
35 | }
36 |
37 |
--------------------------------------------------------------------------------
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | logging.level.com.kalavit.javulna=DEBUG
2 | logging.level.org.springframework=INFO
3 | logging.level.org.hibernate.SQL=DEBUG
4 | logging.level.org.hibernate.type=TRACE
5 | #logging.level.org.springframework=DEBUG
6 | #logging.level.org.springframework.web.socket=TRACE
7 | #logging.level.org.springframework.messaging=TRACE
8 |
9 | spring.jpa.defer-datasource-initialization=true
10 | spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
11 | spring.jpa.hibernate.ddl-auto=update
12 |
13 | #spring.datasource.url=jdbc:mysql://localhost/javulna
14 | #spring.datasource.username=root
15 | #spring.datasource.password=mysql
16 | #spring.datasource.driver-class-name=com.mysql.jdbc.Driver
17 | #spring.jpa.hibernate.ddl-auto=update
18 |
19 | ## MULTIPART (MultipartProperties)
20 | # Enable multipart uploads
21 | spring.servlet.multipart.enabled=true
22 | # Threshold after which files are written to disk.
23 | spring.servlet.multipart.file-size-threshold=2KB
24 | # Max file size.
25 | spring.servlet.multipart.max-file-size=200MB
26 | # Max Request Size
27 | spring.servlet.multipart.max-request-size=215MB
28 | #change it to an exisiting directory on your server
29 | javulna.filestore.dir=/home/peti/tmp/javulnafiles
30 |
31 | javulna.ldap.url=ldap://127.0.0.1:10389
32 | javulna.ldap.binddn=uid=admin,ou=system
33 | javulna.ldap.bindpwd=secret
34 | javulna.ldap.searchbase=ou=Users,dc=jboss,dc=org
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/LdapConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 | import org.springframework.boot.context.properties.ConfigurationProperties;
9 | import org.springframework.context.annotation.Configuration;
10 |
11 | /**
12 | *
13 | * @author peti
14 | */
15 | @Configuration
16 | @ConfigurationProperties(prefix = "javulna.ldap")
17 | public class LdapConfig {
18 | private String url;
19 | private String binddn;
20 | private String bindpwd;
21 | private String searchbase;
22 |
23 | public String getUrl() {
24 | return url;
25 | }
26 |
27 | public void setUrl(String url) {
28 | this.url = url;
29 | }
30 |
31 | public String getBinddn() {
32 | return binddn;
33 | }
34 |
35 | public void setBinddn(String binddn) {
36 | this.binddn = binddn;
37 | }
38 |
39 | public String getBindpwd() {
40 | return bindpwd;
41 | }
42 |
43 | public void setBindpwd(String bindpwd) {
44 | this.bindpwd = bindpwd;
45 | }
46 |
47 | public String getSearchbase() {
48 | return searchbase;
49 | }
50 |
51 | public void setSearchbase(String searchbase) {
52 | this.searchbase = searchbase;
53 | }
54 |
55 |
56 | }
57 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/UserDetailsServiceImpl.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 |
9 | import com.kalavit.javulna.model.User;
10 | import com.kalavit.javulna.services.UserService;
11 | import com.kalavit.javulna.services.autodao.UserAutoDao;
12 | import org.slf4j.Logger;
13 | import org.slf4j.LoggerFactory;
14 | import org.springframework.beans.factory.annotation.Autowired;
15 | import org.springframework.security.core.userdetails.UserDetailsService;
16 | import org.springframework.security.core.userdetails.UsernameNotFoundException;
17 |
18 | /**
19 | *
20 | * @author peti
21 | */
22 | public class UserDetailsServiceImpl implements UserDetailsService{
23 |
24 | Logger LOG = LoggerFactory.getLogger(UserDetailsServiceImpl.class);
25 |
26 | @Autowired
27 | UserAutoDao uDao;
28 |
29 | @Autowired
30 | UserService uService;
31 |
32 |
33 | @Override
34 | public User loadUserByUsername(String username) throws UsernameNotFoundException {
35 | LOG.debug("We will load user: {}", username);
36 | User user = uService.findUserWithAuthorities(username);
37 | if(user==null) throw new UsernameNotFoundException("User " + username + " not found.");
38 | else return user;
39 | }
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/WebSocketConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 | import org.slf4j.Logger;
9 | import org.slf4j.LoggerFactory;
10 | import org.springframework.context.annotation.Configuration;
11 | import org.springframework.messaging.simp.config.MessageBrokerRegistry;
12 | import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
13 | import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
14 | import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
15 |
16 | /**
17 | *
18 | * @author peti
19 | */
20 | @Configuration
21 | @EnableWebSocketMessageBroker
22 | public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
23 |
24 | private static final Logger LOG = LoggerFactory.getLogger(WebSocketConfig.class);
25 |
26 | @Override
27 | public void registerStompEndpoints(StompEndpointRegistry ser) {
28 | ser.addEndpoint("/stompwebsocket").setAllowedOrigins(MyServletConfig.ALLOWED_CORS_ORIGINS).withSockJS();
29 | }
30 |
31 | @Override
32 | public void configureMessageBroker(MessageBrokerRegistry config) {
33 | config.enableSimpleBroker("/topic", "/queue");
34 | config.setApplicationDestinationPrefixes("/app");
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/UserInMessageDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | import com.kalavit.javulna.model.User;
9 |
10 | /**
11 | *
12 | * @author peti
13 | */
14 | public class UserInMessageDto {
15 |
16 | private String id;
17 | private String name;
18 | private String sex;
19 | private String emailAddress;
20 |
21 | public UserInMessageDto() {
22 | }
23 |
24 | public UserInMessageDto(User user) {
25 | this.setId(user.getId());
26 | this.setName(user.getName());
27 | this.setSex(user.getSex());
28 | this.setEmailAddress(user.getEmailAddress());
29 | }
30 |
31 | public String getName() {
32 | return name;
33 | }
34 |
35 | public final void setName(String name) {
36 | this.name = name;
37 | }
38 |
39 | public String getSex() {
40 | return sex;
41 | }
42 |
43 | public final void setSex(String sex) {
44 | this.sex = sex;
45 | }
46 |
47 | public String getId() {
48 | return id;
49 | }
50 |
51 | public final void setId(String id) {
52 | this.id = id;
53 | }
54 |
55 | public String getEmailAddress() {
56 | return emailAddress;
57 | }
58 |
59 | public final void setEmailAddress(String emailAddress) {
60 | this.emailAddress = emailAddress;
61 | }
62 |
63 | }
64 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/MessageDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | import com.kalavit.javulna.model.MessageType;
9 | import java.util.List;
10 |
11 | /**
12 | *
13 | * @author peti
14 | */
15 | public class MessageDto {
16 | private String id;
17 | private String message;
18 | private UserInMessageDto author;
19 | private List addressees;
20 | private MessageType type;
21 |
22 | public String getId() {
23 | return id;
24 | }
25 |
26 | public void setId(String id) {
27 | this.id = id;
28 | }
29 |
30 | public String getMessage() {
31 | return message;
32 | }
33 |
34 | public void setMessage(String message) {
35 | this.message = message;
36 | }
37 |
38 | public UserInMessageDto getAuthor() {
39 | return author;
40 | }
41 |
42 | public void setAuthor(UserInMessageDto author) {
43 | this.author = author;
44 | }
45 |
46 | public List getAddressees() {
47 | return addressees;
48 | }
49 |
50 | public void setAddressees(List addressees) {
51 | this.addressees = addressees;
52 | }
53 |
54 | public MessageType getType() {
55 | return type;
56 | }
57 |
58 | public void setType(MessageType type) {
59 | this.type = type;
60 | }
61 |
62 | }
63 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/exception/InvalidOrderException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.exception;
7 |
8 | import java.util.List;
9 | import org.springframework.validation.ObjectError;
10 |
11 | /**
12 | *
13 | * @author peti
14 | */
15 | public class InvalidOrderException extends RuntimeException {
16 |
17 | public InvalidOrderException() {
18 | }
19 |
20 | public InvalidOrderException(String message) {
21 | super(message);
22 | }
23 |
24 | public InvalidOrderException(List errors) {
25 | super(errorsToString(errors));
26 |
27 | }
28 |
29 | private static String errorsToString(List errors){
30 | StringBuilder sb = new StringBuilder("Failed to validate order. Validation erros:");
31 | for (ObjectError error : errors) {
32 | sb.append("\n");
33 | sb.append(error.toString());
34 | }
35 | return sb.toString();
36 | }
37 |
38 | public InvalidOrderException(String message, Throwable cause) {
39 | super(message, cause);
40 | }
41 |
42 | public InvalidOrderException(Throwable cause) {
43 | super(cause);
44 | }
45 |
46 | public InvalidOrderException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
47 | super(message, cause, enableSuppression, writableStackTrace);
48 | }
49 |
50 | }
51 |
--------------------------------------------------------------------------------
/doc/ldap.ldif:
--------------------------------------------------------------------------------
1 | dn: dc=jboss,dc=org
2 | dc: jboss
3 | objectClass: top
4 | objectClass: domain
5 |
6 | dn: ou=Users,dc=jboss,dc=org
7 | objectClass: organizationalUnit
8 | objectClass: top
9 | ou: Users
10 |
11 | dn: uid=jduke,ou=Users,dc=jboss,dc=org
12 | objectClass: top
13 | objectClass: person
14 | objectClass: inetOrgPerson
15 | cn: Java Duke
16 | sn: duke
17 | uid: jduke
18 | userPassword: theduke
19 | telephoneNumber: 444-555
20 | mail:aladar@mgza.hu
21 | internationaliSDNNumber: 234223423
22 |
23 | dn: uid=aladar,ou=Users,dc=jboss,dc=org
24 | objectClass: top
25 | objectClass: person
26 | objectClass: inetOrgPerson
27 | cn: Mezga Aladar
28 | sn: aladar
29 | uid: aladar
30 | userPassword: aradadal
31 | telephoneNumber: 343-443
32 | mail:aladar@mgza.hu
33 | internationaliSDNNumber: 234223411
34 |
35 | dn: uid=kriszta,ou=Users,dc=jboss,dc=org
36 | objectClass: top
37 | objectClass: person
38 | objectClass: inetOrgPerson
39 | cn: Mezga Kriszta
40 | sn: kriszta
41 | uid: kriszta
42 | userPassword: tisztagyagya
43 | telephoneNumber: 344-445
44 | mail:kriszta@mgza.hu
45 | internationaliSDNNumber: 234223444
46 |
47 | dn: uid=geza,ou=Users,dc=jboss,dc=org
48 | objectClass: top
49 | objectClass: person
50 | objectClass: inetOrgPerson
51 | cn: Mezga Geza
52 | sn: geza
53 | uid: geza
54 | userPassword: mitmond
55 | telephoneNumber: 113-435
56 | mail:geza@mgza.hu
57 | internationaliSDNNumber: 235555455
58 |
59 | dn: ou=Roles,dc=jboss,dc=org
60 | objectclass: top
61 | objectclass: organizationalUnit
62 | ou: Roles
63 |
64 | dn: cn=Admin,ou=Roles,dc=jboss,dc=org
65 | objectClass: top
66 | objectClass: groupOfNames
67 | cn: Admin
68 | member: uid=jduke,ou=Users,dc=jboss,dc=org
69 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/UploadFileResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | /**
9 | *
10 | * @author peti
11 | */
12 | public class UploadFileResponse {
13 |
14 | private String fileName;
15 | private String fileDownloadUri;
16 | private String fileType;
17 | private long size;
18 |
19 | public UploadFileResponse() {
20 | }
21 |
22 | public UploadFileResponse(String fileName, String fileDownloadUri, String fileType, long size) {
23 | this.fileName = fileName;
24 | this.fileDownloadUri = fileDownloadUri;
25 | this.fileType = fileType;
26 | this.size = size;
27 | }
28 |
29 | public String getFileName() {
30 | return fileName;
31 | }
32 |
33 | public void setFileName(String fileName) {
34 | this.fileName = fileName;
35 | }
36 |
37 | public String getFileDownloadUri() {
38 | return fileDownloadUri;
39 | }
40 |
41 | public void setFileDownloadUri(String fileDownloadUri) {
42 | this.fileDownloadUri = fileDownloadUri;
43 | }
44 |
45 | public String getFileType() {
46 | return fileType;
47 | }
48 |
49 | public void setFileType(String fileType) {
50 | this.fileType = fileType;
51 | }
52 |
53 | public long getSize() {
54 | return size;
55 | }
56 |
57 | public void setSize(long size) {
58 | this.size = size;
59 | }
60 |
61 |
62 |
63 | }
64 |
65 |
--------------------------------------------------------------------------------
/src/main/resources/banner.txt:
--------------------------------------------------------------------------------
1 |
2 | ___ ________ ___ ___ ___ ___ ___ ________ ________
3 | |\ \|\ __ \|\ \ / /|\ \|\ \|\ \ |\ ___ \|\ __ \
4 | \ \ \ \ \|\ \ \ \ / / | \ \\\ \ \ \ \ \ \\ \ \ \ \|\ \
5 | __ \ \ \ \ __ \ \ \/ / / \ \ \\\ \ \ \ \ \ \\ \ \ \ __ \
6 | |\ \\_\ \ \ \ \ \ \ / / \ \ \\\ \ \ \____\ \ \\ \ \ \ \ \ \
7 | \ \________\ \__\ \__\ \__/ / \ \_______\ \_______\ \__\\ \__\ \__\ \__\
8 | \|________|\|__|\|__|\|__|/ \|_______|\|_______|\|__| \|__|\|__|\|__|
9 |
10 |
11 |
12 | __ __ ___ _
13 | | | | | /| | | _/ \_
14 | | | | | _ | |__ | |_-/ \-_ _
15 | __| | | |_| | | | |/\_ | | \ / |___|
16 | | | | | | | __| | | |_ | | |___| | |
17 | | | |^| | || | | | | |__| | | | | |
18 | | | ||| | || | | | | /\ | | | | | |
19 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~/ \~~~~~~~~~~~~~~~~~~~~~~~
20 | ~ ~~ ~ ~~ ~~~ ~ ~ ~~ ~~ ~~ \ \__ ~ ~ ~~~~ ~~~ ~~
21 | ~~ ~ ~ ~~~ ~~ ~~ ~~~~~~~~~~ ~ \ \o\ ~~ ~ ~~~~ ~ ~ ~~~
22 | ~ ~~~~~~~~ ~ ~ ~~ ~ ~ ~ ~ ~~~ \ \o\= ~~ ~~ ~~ ~ ~~
23 | ~ ~ ~ ~~~~~~~ ~ ~~ ~~ ~ ~~ ~ ~ ~~ ~ ~ ~~ ~~~ ~ ~ ~ ~ ~~~~
24 |
25 |
26 | Drawing from: https://www.asciiart.eu/buildings-and-places/cities
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/model/Message.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.model;
7 |
8 | import java.util.ArrayList;
9 | import java.util.List;
10 | import javax.persistence.Column;
11 | import javax.persistence.Entity;
12 | import javax.persistence.Lob;
13 | import javax.persistence.ManyToMany;
14 | import javax.persistence.ManyToOne;
15 | import javax.persistence.Table;
16 |
17 | /**
18 | *
19 | * @author peti
20 | */
21 | @Entity
22 | @Table(name = "MESSAGE")
23 | public class Message extends BaseEntity{
24 | @Lob
25 | @Column(name = "TEXTMESSAGE")
26 | private String message;
27 |
28 | @ManyToOne
29 | private User author;
30 |
31 | @ManyToMany
32 | private List addressees = new ArrayList<>();
33 |
34 | private MessageType type;
35 |
36 | public String getMessage() {
37 | return message;
38 | }
39 |
40 | public void setMessage(String message) {
41 | this.message = message;
42 | }
43 |
44 | public User getAuthor() {
45 | return author;
46 | }
47 |
48 | public void setAuthor(User author) {
49 | this.author = author;
50 | }
51 |
52 | public List getAddressees() {
53 | return addressees;
54 | }
55 |
56 | public void setAddressees(List addressees) {
57 | this.addressees = addressees;
58 | }
59 |
60 | public MessageType getType() {
61 | return type;
62 | }
63 |
64 | public void setType(MessageType type) {
65 | this.type = type;
66 | }
67 |
68 |
69 |
70 |
71 |
72 | }
73 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/SellMovieObjectsController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import com.kalavit.javulna.dto.OrderListDto;
9 | import com.kalavit.javulna.dto.OrderResultDto;
10 | import com.kalavit.javulna.exception.InvalidOrderException;
11 | import com.kalavit.javulna.model.MovieObject;
12 | import com.kalavit.javulna.services.SellMovieObjectsService;
13 | import java.util.List;
14 | import javax.validation.Valid;
15 | import org.springframework.beans.factory.annotation.Autowired;
16 | import org.springframework.validation.BindingResult;
17 | import org.springframework.web.bind.annotation.GetMapping;
18 | import org.springframework.web.bind.annotation.PutMapping;
19 | import org.springframework.web.bind.annotation.RequestBody;
20 | import org.springframework.web.bind.annotation.RestController;
21 |
22 | /**
23 | *
24 | * @author peti
25 | */
26 | @RestController
27 | public class SellMovieObjectsController {
28 |
29 | @Autowired
30 | SellMovieObjectsService movieObjectsService;
31 |
32 | @GetMapping(path = "rest/movieobject")
33 | public List findAllBuyableObjects(){
34 | return movieObjectsService.findAllBuyableObjects();
35 | }
36 |
37 | @PutMapping(path = "rest/order")
38 | public OrderResultDto placeOrder(@Valid @RequestBody OrderListDto orderList, BindingResult br){
39 | if(br.hasErrors()){
40 | throw new InvalidOrderException(br.getAllErrors());
41 | }
42 | return movieObjectsService.placeOrder(orderList);
43 |
44 | }
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/model/BaseEntity.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.model;
7 |
8 | import java.io.Serializable;
9 | import java.util.Date;
10 | import java.util.UUID;
11 | import javax.persistence.Id;
12 | import javax.persistence.MappedSuperclass;
13 | import javax.persistence.PrePersist;
14 | import javax.persistence.PreUpdate;
15 | import javax.persistence.Temporal;
16 | import javax.persistence.TemporalType;
17 |
18 | /**
19 | *
20 | * @author peti
21 | */
22 | @MappedSuperclass
23 | public class BaseEntity implements Serializable{
24 | @Id
25 | private String id = UUID.randomUUID().toString();
26 |
27 | @Temporal(TemporalType.TIMESTAMP)
28 | private Date createdAt;
29 |
30 | @Temporal(TemporalType.TIMESTAMP)
31 | private Date lastUpdatedAt;
32 |
33 | @PrePersist
34 | public void prePersist(){
35 | createdAt = new Date();
36 | }
37 |
38 | @PreUpdate
39 | public void preUpdate(){
40 | lastUpdatedAt = new Date();
41 | }
42 |
43 | public String getId() {
44 | return id;
45 | }
46 |
47 | public void setId(String id) {
48 | this.id = id;
49 | }
50 |
51 | public Date getCreatedAt() {
52 | return createdAt;
53 | }
54 |
55 | public void setCreatedAt(Date createdAt) {
56 | this.createdAt = createdAt;
57 | }
58 |
59 | public Date getLastUpdatedAt() {
60 | return lastUpdatedAt;
61 | }
62 |
63 | public void setLastUpdatedAt(Date lastUpdatedAt) {
64 | this.lastUpdatedAt = lastUpdatedAt;
65 | }
66 |
67 |
68 | }
69 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/MessageController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import com.kalavit.javulna.dto.ChatDto;
9 | import com.kalavit.javulna.dto.MessageDto;
10 | import com.kalavit.javulna.services.MessageService;
11 | import java.util.List;
12 | import org.springframework.beans.factory.annotation.Autowired;
13 | import org.springframework.web.bind.annotation.GetMapping;
14 | import org.springframework.web.bind.annotation.PutMapping;
15 | import org.springframework.web.bind.annotation.RequestBody;
16 | import org.springframework.web.bind.annotation.RequestParam;
17 | import org.springframework.web.bind.annotation.ResponseBody;
18 | import org.springframework.web.bind.annotation.RestController;
19 |
20 | /**
21 | *
22 | * @author peti
23 | */
24 | @RestController()
25 | public class MessageController {
26 |
27 | @Autowired
28 | MessageService messageService;
29 |
30 |
31 | @GetMapping("rest/messages/chatAll")
32 | public @ResponseBody List getChatMessagesBetweenActualAndOther(){
33 | return messageService.getAllMessages();
34 | }
35 |
36 | @GetMapping("rest/messages/chat")
37 | public @ResponseBody List getChatMessagesBetweenActualAndOther(@RequestParam(name = "otherUser") String otherUser){
38 | return messageService.getMessagesBetweenActualAndOther(otherUser);
39 | }
40 |
41 | @PutMapping("rest/messages/chat")
42 | public @ResponseBody MessageDto sendChatMessage(@RequestBody ChatDto chat){
43 | return messageService.sendChatMessage(chat);
44 | }
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/CustomAuthenticationSuccessHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 | import com.kalavit.javulna.utils.SerializationUtil;
9 | import java.io.IOException;
10 | import java.util.Base64;
11 | import javax.servlet.ServletException;
12 | import javax.servlet.http.Cookie;
13 | import javax.servlet.http.HttpServletRequest;
14 | import javax.servlet.http.HttpServletResponse;
15 | import org.springframework.security.core.Authentication;
16 | import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
17 | import org.springframework.stereotype.Component;
18 |
19 | /**
20 | *
21 | * @author peti
22 | */
23 | @Component
24 | public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
25 |
26 | @Override
27 | public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
28 | Authentication authentication) throws IOException, ServletException {
29 | response.addCookie(createUserCookie(authentication.getPrincipal()));
30 | response.getWriter().write("{\"name\":\""+authentication.getName()+"\"}");
31 | }
32 |
33 | public static final String USER_AUTHENTICATION_EXTRA_SECURITY = "USER_AUTHENTICATION_EXTRA_SECURITY";
34 |
35 | private Cookie createUserCookie(Object principal) {
36 | String userData = Base64.getEncoder().encodeToString(SerializationUtil.serialize(principal));
37 | Cookie cookie = new Cookie(USER_AUTHENTICATION_EXTRA_SECURITY, userData);
38 | cookie.setMaxAge(Integer.MAX_VALUE);
39 | return cookie;
40 | }
41 | }
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/utils/SerializationUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.utils;
7 |
8 | import java.io.ByteArrayInputStream;
9 | import java.io.ByteArrayOutputStream;
10 | import java.io.IOException;
11 | import java.io.ObjectInputStream;
12 | import java.io.ObjectOutputStream;
13 | import org.slf4j.Logger;
14 | import org.slf4j.LoggerFactory;
15 |
16 | /**
17 | *
18 | * @author peti
19 | */
20 | public class SerializationUtil {
21 |
22 | private static final Logger LOG = LoggerFactory.getLogger(SerializationUtil.class);
23 |
24 | public static byte[] serialize(Object o) {
25 |
26 | ObjectOutputStream out = null;
27 | try {
28 | ByteArrayOutputStream baos = new ByteArrayOutputStream();
29 | out = new ObjectOutputStream(baos);
30 | out.writeObject(o);
31 | out.flush();
32 | return baos.toByteArray();
33 | } catch (IOException e) {
34 | throw new RuntimeException(e);
35 | } finally {
36 | try {
37 | if(out != null){
38 | out.close();
39 | }
40 | } catch (IOException ex) {
41 | LOG.error("Error during serialize", ex);
42 | }
43 | }
44 | }
45 |
46 | public static Object readUserFromFile(byte[] byteArray) {
47 | ObjectInputStream ist;
48 | try {
49 | ist = new ObjectInputStream(new ByteArrayInputStream(byteArray));
50 | Object obj = ist.readObject();
51 | return obj;
52 | } catch (IOException | ClassNotFoundException ex) {
53 | throw new RuntimeException(ex);
54 | }
55 |
56 | }
57 |
58 | }
59 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/MyServletConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.springconfig;
7 |
8 | import java.util.ArrayList;
9 | import java.util.List;
10 | import org.dozer.DozerBeanMapper;
11 | import org.springframework.context.annotation.Bean;
12 | import org.springframework.context.annotation.Configuration;
13 | import org.springframework.core.io.ClassPathResource;
14 | import org.springframework.jdbc.datasource.init.DataSourceInitializer;
15 | import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
16 | import org.springframework.web.servlet.config.annotation.CorsRegistry;
17 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
18 |
19 | /**
20 | *
21 | * @author peti
22 | */
23 | @Configuration
24 | public class MyServletConfig extends WebMvcConfigurerAdapter {
25 |
26 | public static final String[] ALLOWED_CORS_ORIGINS = {"http://localhost:3000", "http://localhost:4200"};
27 | public static final String CORS_MAPPNIG = "/**";
28 | public static final String[] ALLOWED_HEADERS = {"*"};
29 |
30 | @Bean
31 | public DozerBeanMapper dozerMapper() {
32 | DozerBeanMapper mapper = new DozerBeanMapper();
33 | List mappingFileUrls = new ArrayList<>();
34 | mappingFileUrls.add("dozer-bean-mappings.xml");
35 | mapper.setMappingFiles(mappingFileUrls);
36 | return mapper;
37 | }
38 |
39 | @Override
40 | public void addCorsMappings(CorsRegistry registry) {
41 | registry.addMapping(CORS_MAPPNIG)
42 | .allowedOrigins(ALLOWED_CORS_ORIGINS)
43 | .allowedMethods("*")
44 | .allowedHeaders(ALLOWED_HEADERS)
45 | .allowCredentials(true);
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/LdapUserDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | /**
9 | *
10 | * @author peti
11 | */
12 | public class LdapUserDto {
13 |
14 | private String commonName;
15 | private String surName;
16 | private String objectClass;
17 | private String userId;
18 | private String mail;
19 | private String phoneNumber;
20 | private String isdnNumber;
21 |
22 | public String getCommonName() {
23 | return commonName;
24 | }
25 |
26 | public void setCommonName(String commonName) {
27 | this.commonName = commonName;
28 | }
29 |
30 | public String getSurName() {
31 | return surName;
32 | }
33 |
34 | public void setSurName(String surName) {
35 | this.surName = surName;
36 | }
37 |
38 | public String getObjectClass() {
39 | return objectClass;
40 | }
41 |
42 | public void setObjectClass(String objectClass) {
43 | this.objectClass = objectClass;
44 | }
45 |
46 | public String getUserId() {
47 | return userId;
48 | }
49 |
50 | public void setUserId(String userId) {
51 | this.userId = userId;
52 | }
53 |
54 | public String getMail() {
55 | return mail;
56 | }
57 |
58 | public void setMail(String mail) {
59 | this.mail = mail;
60 | }
61 |
62 | public String getPhoneNumber() {
63 | return phoneNumber;
64 | }
65 |
66 | public void setPhoneNumber(String phoneNumber) {
67 | this.phoneNumber = phoneNumber;
68 | }
69 |
70 | public String getIsdnNumber() {
71 | return isdnNumber;
72 | }
73 |
74 | public void setIsdnNumber(String isdnNumber) {
75 | this.isdnNumber = isdnNumber;
76 | }
77 |
78 |
79 | }
80 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/RemotePasswordChangeService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 | import com.kalavit.javulna.model.User;
9 | import com.kalavit.javulna.services.autodao.UserAutoDao;
10 | import java.io.StringReader;
11 | import javax.transaction.Transactional;
12 | import javax.xml.parsers.DocumentBuilder;
13 | import javax.xml.parsers.DocumentBuilderFactory;
14 | import org.slf4j.Logger;
15 | import org.slf4j.LoggerFactory;
16 | import org.springframework.beans.factory.annotation.Autowired;
17 | import org.springframework.stereotype.Service;
18 | import org.w3c.dom.Document;
19 | import org.xml.sax.InputSource;
20 |
21 | /**
22 | *
23 | * @author peti
24 | */
25 | @Service
26 | public class RemotePasswordChangeService {
27 |
28 | private static final Logger LOG = LoggerFactory.getLogger(RemotePasswordChangeService.class);
29 |
30 | @Autowired
31 | private UserAutoDao uDao;
32 |
33 | @Transactional
34 | public boolean changePassword(String psChangeXml) {
35 | try {
36 | DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
37 | DocumentBuilder db = dbf.newDocumentBuilder();
38 | Document doc = db.parse(new InputSource(new StringReader(psChangeXml)));
39 | String userName = doc.getElementsByTagName("userName").item(0).getFirstChild().getNodeValue();
40 | String pwd = doc.getElementsByTagName("pwd").item(0).getFirstChild().getNodeValue();
41 | LOG.debug("Will change the password of user: {} to {}", userName, pwd);
42 | User u = uDao.findUserByName(userName);
43 | if (u != null) {
44 | u.setPassword(pwd);
45 | return true;
46 | }
47 | return false;
48 | } catch (Exception ex) {
49 | throw new RuntimeException(ex);
50 | }
51 |
52 | }
53 |
54 | }
55 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/MovieController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import com.kalavit.javulna.dto.MovieDto;
9 | import com.kalavit.javulna.model.Movie;
10 | import com.kalavit.javulna.services.MovieService;
11 | import com.kalavit.javulna.services.autodao.MovieAutoDao;
12 | import java.util.List;
13 | import org.springframework.beans.factory.annotation.Autowired;
14 | import org.springframework.web.bind.annotation.GetMapping;
15 | import org.springframework.web.bind.annotation.PostMapping;
16 | import org.springframework.web.bind.annotation.RequestBody;
17 | import org.springframework.web.bind.annotation.RequestParam;
18 | import org.springframework.web.bind.annotation.ResponseBody;
19 | import org.springframework.web.bind.annotation.RestController;
20 |
21 | /**
22 | *
23 | * @author peti
24 | */
25 | @RestController()
26 | public class MovieController {
27 |
28 | @Autowired
29 | MovieService movieService;
30 |
31 | @Autowired
32 | MovieAutoDao movieAutoDao;
33 |
34 | @PostMapping("rest/movie")
35 | public Movie createMovie(@RequestBody MovieDto md){
36 | Movie m = new Movie();
37 | md.toMovie(m);
38 | movieAutoDao.save(m);
39 | return m;
40 | }
41 |
42 | @PostMapping("rest/moviexml")
43 | public Movie createMovie(
44 | @RequestParam(name = "inputxml") String inputXml){
45 | Movie m = movieService.saveMovieFromXml(inputXml);
46 | return m;
47 | }
48 |
49 | @GetMapping("rest/movie")
50 | public @ResponseBody List findMovies(
51 | @RequestParam(required = false) String title,
52 | @RequestParam(required = false) String description,
53 | @RequestParam(required = false) String genre,
54 | @RequestParam(required = false) String id){
55 | return movieService.findMovie(title, description, genre, id);
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/MovieDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | import com.kalavit.javulna.model.Movie;
9 | import javax.xml.bind.annotation.XmlElement;
10 | import javax.xml.bind.annotation.XmlRootElement;
11 |
12 | /**
13 | *
14 | * @author peti
15 | */
16 | @XmlRootElement(name = "createMovie")
17 | public class MovieDto {
18 | @XmlElement
19 | private String id;
20 | @XmlElement
21 | private String title;
22 | @XmlElement
23 | private String description;
24 | @XmlElement
25 | private String genre;
26 |
27 | public MovieDto() {
28 | }
29 |
30 | public MovieDto(Movie m) {
31 | this.title = m.getTitle();
32 | this.genre = m.getGenre();
33 | this.description = m.getDescription();
34 | }
35 |
36 | public MovieDto(String title, String description, String genre) {
37 | this.title = title;
38 | this.description = description;
39 | this.genre = genre;
40 | }
41 |
42 | public void toMovie(Movie m){
43 | if(this.id != null){
44 | m.setId(id);
45 | }
46 | m.setDescription(description);
47 | m.setGenre(genre);
48 | m.setTitle(title);
49 | }
50 |
51 | public String getId() {
52 | return id;
53 | }
54 |
55 | public void setId(String id) {
56 | this.id = id;
57 | }
58 |
59 |
60 | public String getTitle() {
61 | return title;
62 | }
63 |
64 | public void setTitle(String title) {
65 | this.title = title;
66 | }
67 |
68 | public String getDescription() {
69 | return description;
70 | }
71 |
72 | public void setDescription(String description) {
73 | this.description = description;
74 | }
75 |
76 | public String getGenre() {
77 | return genre;
78 | }
79 |
80 | public void setGenre(String genre) {
81 | this.genre = genre;
82 | }
83 |
84 |
85 | }
86 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/UserController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import com.kalavit.javulna.dto.UserDto;
9 | import com.kalavit.javulna.services.UserService;
10 | import java.util.List;
11 | import org.slf4j.Logger;
12 | import org.slf4j.LoggerFactory;
13 | import org.springframework.beans.factory.annotation.Autowired;
14 | import org.springframework.web.bind.annotation.GetMapping;
15 | import org.springframework.web.bind.annotation.PostMapping;
16 | import org.springframework.web.bind.annotation.PutMapping;
17 | import org.springframework.web.bind.annotation.RequestBody;
18 | import org.springframework.web.bind.annotation.RequestParam;
19 | import org.springframework.web.bind.annotation.ResponseBody;
20 | import org.springframework.web.bind.annotation.RestController;
21 |
22 | /**
23 | *
24 | * @author peti
25 | */
26 | @RestController
27 | public class UserController {
28 | private static final Logger LOG = LoggerFactory.getLogger(UserController.class);
29 |
30 | @Autowired
31 | UserService userService;
32 |
33 | @PostMapping("rest/user/password")
34 | public String changePassword(@RequestParam String user,
35 | @RequestParam String oldPassword,
36 | @RequestParam String newPassword){
37 | boolean changePassword = userService.changePassword(user, oldPassword, newPassword);
38 | if(changePassword){
39 | return "OK";
40 | }
41 | else{
42 | return "Password not valid. Password did not change";
43 | }
44 | }
45 |
46 | @PostMapping("rest/user")
47 | public String modifyUser(@RequestBody UserDto user){
48 | userService.modifyUser(user);
49 | return "OK";
50 | }
51 |
52 | @PutMapping("rest/user")
53 | public @ResponseBody UserDto createUser(@RequestBody UserDto user){
54 | return userService.createUser(user);
55 | }
56 |
57 | @GetMapping("rest/user")
58 | public @ResponseBody List getUsers(){
59 | return userService.findAllUsers();
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/src/main/resources/data.sql:
--------------------------------------------------------------------------------
1 | insert into movie (id, title, description, genre) values ('1', 'Star Wars - A new hope', 'Luke Skywalker joins forces with a Jedi Knight, a cocky pilot, a Wookiee, and two droids to save the galaxy from the Empires world-destroying battle-station, while also attempting to rescue Princess Leia from the evil Darth Vader.', ' Action, Adventure, Fantasy');
2 | insert into movie (id, title, description, genre) values ('2', 'Star Wars - The Empire Strikes Back', 'After the rebels are overpowered by the Empire on their newly established base, Luke Skywalker begins Jedi training with Master Yoda. His friends accept shelter from a questionable ally as Darth Vader hunts them in a plan to capture Luke.', ' Action, Adventure, Fantasy');
3 | insert into movie (id, title, description, genre) values ('3', 'Star Wars - Return of the Jedi', 'After a daring mission to rescue Han Solo from Jabba the Hutt, the rebels dispatch to Endor to destroy a more powerful Death Star. Meanwhile, Luke struggles to help Vader back from the dark side without falling into the Emperors trap.', ' Action, Adventure, Fantasy');
4 | insert into appuser (id, name, sex, emailaddress, password, webpageurl, motto) values ('1', 'Yoda', 'm', 'yoda@lucasarts.com', 'NoSecretsATrueJediHas', 'http://www.starwars.com/databank/yoda', 'I don''t know how old I am.');
5 | insert into appuser (id, name, sex, emailaddress, password, webpageurl, motto) values ('2', 'Darth Vader', 'm', 'darth@lucasarts.com', 'IamYourFather', 'http://www.starwars.com/databank/darth-vader', 'I see a red door and I want it paint it back');
6 | insert into appuser (id, name, sex, emailaddress, password, webpageurl, motto) values ('3', 'Princess Leia', 'f', 'lea@lucasarts.com', 'IwishIhaveChoosenTheWookieInstead', 'http://starwars.wikia.com/wiki/Leia_Organa_Solo', '');
7 | insert into movieobject (id, name, description, price) values(1, 'Princess Lea figure', 'A beautiful, handpainted lively model of the young Lea', 3500);
8 | insert into movieobject (id, name, description, price) values(2, 'Yoda figure', 'A beautiful, handpainted exclusvely-green model of Yoda', 3600);
9 | insert into movieobject (id, name, description, price) values(3, 'Full Darth Veder Armor', 'A full-sized authentic costume of Darth-veder with boots, trousers, robe, mask and a beutifully cracted light-sword.', 214750);
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/dto/UserDto.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.dto;
7 |
8 | import com.kalavit.javulna.model.User;
9 |
10 | /**
11 | *
12 | * @author peti
13 | */
14 | public class UserDto {
15 |
16 | private String id;
17 | private String name;
18 | private String sex;
19 | private String emailAddress;
20 | private String password;
21 | private String motto;
22 | private String webPageUrl;
23 |
24 | public UserDto() {
25 | }
26 |
27 | public UserDto(User user) {
28 | this.setId(user.getId());
29 | this.setName(user.getName());
30 | this.setSex(user.getSex());
31 | this.setEmailAddress(user.getEmailAddress());
32 | this.setMotto(user.getMotto());
33 | this.setWebPageUrl(user.getWebPageUrl());
34 | }
35 |
36 | public String getName() {
37 | return name;
38 | }
39 |
40 | public final void setName(String name) {
41 | this.name = name;
42 | }
43 |
44 | public String getSex() {
45 | return sex;
46 | }
47 |
48 | public final void setSex(String sex) {
49 | this.sex = sex;
50 | }
51 |
52 | public String getId() {
53 | return id;
54 | }
55 |
56 | public final void setId(String id) {
57 | this.id = id;
58 | }
59 |
60 | public String getEmailAddress() {
61 | return emailAddress;
62 | }
63 |
64 | public final void setEmailAddress(String emailAddress) {
65 | this.emailAddress = emailAddress;
66 | }
67 |
68 | public String getPassword() {
69 | return password;
70 | }
71 |
72 | public void setPassword(String password) {
73 | this.password = password;
74 | }
75 |
76 | public String getMotto() {
77 | return motto;
78 | }
79 |
80 | public final void setMotto(String motto) {
81 | this.motto = motto;
82 | }
83 |
84 | public String getWebPageUrl() {
85 | return webPageUrl;
86 | }
87 |
88 | public final void setWebPageUrl(String webPageUrl) {
89 | this.webPageUrl = webPageUrl;
90 | }
91 |
92 | }
93 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/SellMovieObjectsService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 | import com.kalavit.javulna.dto.OrderItemDto;
9 | import com.kalavit.javulna.dto.OrderListDto;
10 | import com.kalavit.javulna.dto.OrderResultDto;
11 | import com.kalavit.javulna.exception.InvalidOrderException;
12 | import com.kalavit.javulna.model.MovieObject;
13 | import java.util.HashSet;
14 | import java.util.List;
15 | import java.util.Set;
16 | import javax.persistence.EntityManager;
17 | import javax.persistence.PersistenceContext;
18 | import org.springframework.stereotype.Service;
19 |
20 | /**
21 | *
22 | * @author peti
23 | */
24 | @Service
25 | public class SellMovieObjectsService {
26 |
27 | @PersistenceContext
28 | EntityManager em;
29 |
30 | public List findAllBuyableObjects() {
31 | return em.createQuery("select m from MovieObject m").getResultList();
32 | }
33 |
34 | public OrderResultDto placeOrder(OrderListDto orderList) {
35 | List orderItems = orderList.getOrderItems();
36 | if(orderItems.isEmpty()){
37 | throw new InvalidOrderException("Emtpy order.");
38 | }
39 | Set movieObjectIds = new HashSet<>();
40 | int sumPrice = 0;
41 | for (OrderItemDto orderItem : orderItems) {
42 | String movieObjectId = orderItem.getMovieObjectId();
43 | MovieObject mo = em.find(MovieObject.class, movieObjectId);
44 | if(mo == null){
45 | throw new InvalidOrderException("Non existing movieObject in orderItem.");
46 | }
47 | if(movieObjectIds.contains(movieObjectId)){
48 | throw new InvalidOrderException("An order list should contain each movieObject only once.");
49 | }
50 | movieObjectIds.add(movieObjectId);
51 | sumPrice += (mo.getPrice()*orderItem.getNrOfItemsOrdered());
52 |
53 | }
54 | OrderResultDto result = new OrderResultDto();
55 | result.setOrderList(orderList);
56 | result.setSumPriceToPay(sumPrice);
57 | return result;
58 |
59 | }
60 |
61 | }
62 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/FileStorageService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 |
9 | import org.springframework.core.io.Resource;
10 | import org.springframework.core.io.UrlResource;
11 | import org.springframework.util.StringUtils;
12 | import org.springframework.web.multipart.MultipartFile;
13 | import java.io.IOException;
14 | import java.net.MalformedURLException;
15 | import java.nio.file.Files;
16 | import java.nio.file.Path;
17 | import java.nio.file.Paths;
18 | import java.nio.file.StandardCopyOption;
19 | import org.slf4j.Logger;
20 | import org.slf4j.LoggerFactory;
21 | import org.springframework.beans.factory.annotation.Value;
22 | import org.springframework.stereotype.Service;
23 |
24 | /**
25 | *
26 | * @author peti
27 | */
28 | @Service
29 | public class FileStorageService {
30 |
31 | private static final Logger LOG = LoggerFactory.getLogger(FileStorageService.class);
32 |
33 | @Value(value = "${javulna.filestore.dir}")
34 | private String fileStorageDir;
35 |
36 | public String storeFile(MultipartFile file) {
37 | String fileName = StringUtils.cleanPath(file.getOriginalFilename());
38 | try {
39 | // Copy file to the target location (Replacing existing file with the same name)
40 | Path targetLocation = Paths.get(fileStorageDir, fileName);
41 | LOG.debug("gonna write file to {}" ,targetLocation.toString());
42 | Files.copy(file.getInputStream(), targetLocation, StandardCopyOption.REPLACE_EXISTING);
43 | return fileName;
44 | } catch (IOException ex) {
45 | throw new RuntimeException("Could not store file " + fileName + ". Please try again!", ex);
46 | }
47 | }
48 |
49 | public Resource loadFileAsResource(String fileName) {
50 | try {
51 | Path filePath = Paths.get(fileStorageDir, fileName);
52 | LOG.debug("gonna read file from {}" ,filePath.toString());
53 | Resource resource = new UrlResource(filePath.toUri());
54 | if(resource.exists()) {
55 | return resource;
56 | } else {
57 | throw new RuntimeException("File not found " + fileName);
58 | }
59 | } catch (MalformedURLException ex) {
60 | throw new RuntimeException("File not found " + fileName, ex);
61 | }
62 | }
63 |
64 | }
65 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/filter/ExtraAuthenticationCheckFilter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.filter;
7 |
8 | import com.kalavit.javulna.model.User;
9 | import com.kalavit.javulna.springconfig.CustomAuthenticationSuccessHandler;
10 | import com.kalavit.javulna.utils.SerializationUtil;
11 | import java.io.IOException;
12 | import java.util.Base64;
13 | import javax.servlet.Filter;
14 | import javax.servlet.FilterChain;
15 | import javax.servlet.FilterConfig;
16 | import javax.servlet.ServletException;
17 | import javax.servlet.ServletRequest;
18 | import javax.servlet.ServletResponse;
19 | import javax.servlet.http.Cookie;
20 | import javax.servlet.http.HttpServletRequest;
21 | import org.slf4j.Logger;
22 | import org.slf4j.LoggerFactory;
23 | import org.springframework.security.core.context.SecurityContextHolder;
24 | import org.springframework.stereotype.Component;
25 |
26 | /**
27 | *
28 | * @author peti
29 | */
30 | @Component
31 | public class ExtraAuthenticationCheckFilter implements Filter {
32 |
33 | private static final Logger LOG = LoggerFactory.getLogger(ExtraAuthenticationCheckFilter.class);
34 |
35 | @Override
36 | public void init(FilterConfig filterConfig) throws ServletException {
37 | }
38 |
39 | @Override
40 | //Add another layer of security according to spec 4.5.6
41 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
42 | if (request instanceof HttpServletRequest) {
43 | HttpServletRequest req = (HttpServletRequest) request;
44 | Cookie[] cookies = req.getCookies();
45 | if (cookies != null) {
46 | for (Cookie cooky : cookies) {
47 | if (cooky.getName().equals(CustomAuthenticationSuccessHandler.USER_AUTHENTICATION_EXTRA_SECURITY)) {
48 | String value = cooky.getValue();
49 | Object principalFromCookie = SerializationUtil.readUserFromFile(Base64.getDecoder().decode(value));
50 | Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
51 | if (principal instanceof User && !principal.equals(principalFromCookie)) {
52 | LOG.error("something is wrong. Principal in cookie is not good. Possible secuirty failure!");
53 | } else {
54 | LOG.debug("the two principals are the same. Good.");
55 | }
56 | }
57 | }
58 | }
59 |
60 | }
61 | chain.doFilter(request, response);
62 | }
63 |
64 | @Override
65 | public void destroy() {
66 | }
67 |
68 | }
69 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/controllers/rest/FileController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.controllers.rest;
7 |
8 | import com.kalavit.javulna.dto.UploadFileResponse;
9 | import com.kalavit.javulna.services.FileStorageService;
10 | import java.io.IOException;
11 | import javax.servlet.http.HttpServletRequest;
12 | import org.slf4j.Logger;
13 | import org.slf4j.LoggerFactory;
14 | import org.springframework.beans.factory.annotation.Autowired;
15 | import org.springframework.core.io.Resource;
16 | import org.springframework.http.HttpHeaders;
17 | import org.springframework.http.MediaType;
18 | import org.springframework.http.ResponseEntity;
19 | import org.springframework.web.bind.annotation.GetMapping;
20 | import org.springframework.web.bind.annotation.PathVariable;
21 | import org.springframework.web.bind.annotation.PostMapping;
22 | import org.springframework.web.bind.annotation.RequestParam;
23 | import org.springframework.web.bind.annotation.RestController;
24 | import org.springframework.web.multipart.MultipartFile;
25 | import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
26 |
27 | /**
28 | *
29 | * @author peti
30 | */
31 | @RestController
32 | public class FileController {
33 |
34 | private static final Logger LOG = LoggerFactory.getLogger(FileController.class);
35 |
36 | @Autowired
37 | private FileStorageService fileStorageService;
38 |
39 | @PostMapping("/uploadFile")
40 | public UploadFileResponse uploadFile(@RequestParam("file") MultipartFile file) {
41 | String fileName = fileStorageService.storeFile(file);
42 |
43 | String fileDownloadUri = ServletUriComponentsBuilder.fromCurrentContextPath()
44 | .path("/downloadFile/")
45 | .path(fileName)
46 | .toUriString();
47 |
48 | return new UploadFileResponse(fileName, fileDownloadUri,
49 | file.getContentType(), file.getSize());
50 | }
51 |
52 | @GetMapping("/downloadFile")
53 | public ResponseEntity downloadFile(
54 | @RequestParam(name = "fileName") String fileName,
55 | HttpServletRequest request) {
56 | // Load file as Resource
57 | Resource resource = fileStorageService.loadFileAsResource(fileName);
58 |
59 | // Try to determine file's content type
60 | String contentType = null;
61 | try {
62 | contentType = request.getServletContext().getMimeType(resource.getFile().getAbsolutePath());
63 | } catch (IOException ex) {
64 | LOG.warn("Could not determine file type.");
65 | }
66 |
67 | // Fallback to the default content type if type could not be determined
68 | if (contentType == null) {
69 | contentType = "application/octet-stream";
70 | }
71 |
72 | return ResponseEntity.ok()
73 | .contentType(MediaType.parseMediaType(contentType))
74 | .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + resource.getFilename() + "\"")
75 | .body(resource);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/LdapService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 | import com.kalavit.javulna.dto.LdapUserDto;
9 | import com.kalavit.javulna.springconfig.LdapConfig;
10 | import java.util.Hashtable;
11 | import javax.naming.Context;
12 | import javax.naming.NamingEnumeration;
13 | import javax.naming.NamingException;
14 | import javax.naming.directory.Attribute;
15 | import javax.naming.directory.Attributes;
16 | import javax.naming.directory.DirContext;
17 | import javax.naming.directory.InitialDirContext;
18 | import javax.naming.directory.SearchControls;
19 | import javax.naming.directory.SearchResult;
20 | import org.springframework.beans.factory.annotation.Autowired;
21 | import org.springframework.stereotype.Service;
22 | import org.springframework.util.StringUtils;
23 |
24 | /**
25 | *
26 | * @author peti
27 | */
28 | @Service
29 | public class LdapService {
30 |
31 | @Autowired
32 | LdapConfig ldapConfig;
33 |
34 | private DirContext initContext() throws NamingException {
35 | Hashtable environment = new Hashtable();
36 |
37 | environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
38 | environment.put(Context.PROVIDER_URL, ldapConfig.getUrl());
39 | environment.put(Context.SECURITY_AUTHENTICATION, "simple");
40 | environment.put(Context.SECURITY_PRINCIPAL, ldapConfig.getBinddn());
41 | environment.put(Context.SECURITY_CREDENTIALS, ldapConfig.getBindpwd());
42 |
43 | environment.put(Context.STATE_FACTORIES, "PersonStateFactory");
44 | environment.put(Context.OBJECT_FACTORIES, "PersonObjectFactory");
45 |
46 | DirContext ctx = new InitialDirContext(environment);
47 | return ctx;
48 | }
49 |
50 | public LdapUserDto findUser(String uid, String password) {
51 |
52 | try {
53 | LdapUserDto ret = new LdapUserDto();
54 | DirContext ctx = initContext();
55 | String filter = "(&(uid=" + uid + ") (userPassword=" + password + "))";
56 |
57 | SearchControls ctls = new SearchControls();
58 | ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
59 |
60 | NamingEnumeration answer = ctx.search(ldapConfig.getSearchbase(), filter, ctls);
61 |
62 | SearchResult sr = (SearchResult) answer.next();
63 | Attributes attrs = sr.getAttributes();
64 | if (attrs != null) {
65 |
66 | }
67 | ret.setCommonName(getAttr(attrs, "cn"));
68 | ret.setObjectClass(getAttr(attrs, "objectclass"));
69 | ret.setIsdnNumber(getAttr(attrs, "internationaliSDNNumber"));
70 | ret.setMail(getAttr(attrs, "mail"));
71 | ret.setPhoneNumber(getAttr(attrs, "telephoneNumber"));
72 | ret.setUserId(getAttr(attrs, "uid"));
73 | ret.setSurName(getAttr(attrs, "sn"));
74 | return ret;
75 | } catch (NamingException ex) {
76 | throw new RuntimeException(ex);
77 | }
78 |
79 | }
80 |
81 | private String getAttr(Attributes attrs, String attrName) throws NamingException {
82 | Attribute attr = attrs.get(attrName);
83 | if (attr != null) {
84 | String[] strAttrs = new String[attr.size()];
85 | NamingEnumeration all = attr.getAll();
86 | int i=0;
87 | while(all.hasMore()){
88 | Object next = all.next();
89 | strAttrs[i]=next.toString();
90 | i++;
91 | }
92 | return StringUtils.arrayToCommaDelimitedString(strAttrs);
93 | }
94 | return null;
95 | }
96 |
97 | }
98 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/UserService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 | import com.kalavit.javulna.dto.UserDto;
9 | import com.kalavit.javulna.model.User;
10 | import com.kalavit.javulna.services.autodao.UserAutoDao;
11 | import java.io.IOException;
12 | import java.util.ArrayList;
13 | import java.util.List;
14 | import javax.transaction.Transactional;
15 | import org.apache.commons.io.IOUtils;
16 | import org.dozer.DozerBeanMapper;
17 | import org.slf4j.Logger;
18 | import org.slf4j.LoggerFactory;
19 | import org.springframework.beans.factory.annotation.Autowired;
20 | import org.springframework.security.crypto.password.PasswordEncoder;
21 | import org.springframework.stereotype.Service;
22 | import org.springframework.util.StringUtils;
23 |
24 | /**
25 | *
26 | * @author peti
27 | */
28 | @Service
29 | public class UserService {
30 |
31 | private static final Logger LOG = LoggerFactory.getLogger(UserService.class);
32 |
33 | @Autowired
34 | private UserAutoDao uDao;
35 |
36 | @Autowired
37 | private DozerBeanMapper beanMapper;
38 |
39 | @Autowired
40 | RemotePasswordChangeService passwordChangeService;
41 |
42 | @Autowired
43 | PasswordEncoder encoder;
44 |
45 | public List findAllUsers() {
46 | List users = uDao.findAll();
47 | List ret = new ArrayList();
48 | for (User user : users) {
49 | UserDto ud = new UserDto(user);
50 | ret.add(ud);
51 | }
52 | return ret;
53 | }
54 |
55 | @Transactional
56 | public UserDto createUser(UserDto ud) {
57 | ud.setId(null);
58 | User user = beanMapper.map(ud, User.class, "userMapNoNull");
59 | User saved = uDao.saveAndFlush(user);
60 | UserDto ret = beanMapper.map(saved, UserDto.class, "userMapFull");
61 | ret.setPassword(null);
62 | return ret;
63 | }
64 |
65 | @Transactional
66 | public void modifyUser(UserDto ud) {
67 | if (StringUtils.hasText(ud.getId())) {
68 | User user = beanMapper.map(ud, User.class, "userMapFull");
69 | uDao.saveAndFlush(user);
70 | }
71 | else{
72 | throw new RuntimeException("Id of the user must be specified during modification");
73 | }
74 | }
75 |
76 | @Transactional
77 | public boolean changePassword(String name, String oldPassword, String newPassword) {
78 | User u = uDao.findUserByName(name);
79 | if (u != null) {
80 | if (u.getPassword().equals(oldPassword)) {
81 | String pwdChangeXml = createXml(name, newPassword);
82 | return passwordChangeService.changePassword(pwdChangeXml);
83 | }
84 | }
85 | return false;
86 | }
87 |
88 | private String createXml(String name, String newPassword) {
89 | try {
90 | String xmlString = IOUtils.toString(getClass().getClassLoader().getResourceAsStream("xml/PasswordChange.xml"), "UTF-8");
91 | xmlString = xmlString.replaceAll("PWD_TO_REPLACE", newPassword);
92 | xmlString = xmlString.replaceAll("USERNAME_TO_REPLACE", name);
93 | LOG.debug("xml string created: {}", xmlString);
94 | return xmlString;
95 | } catch (IOException ex) {
96 | throw new RuntimeException(ex);
97 | }
98 | }
99 |
100 | public boolean checkPassword(String name, String password) {
101 | User u = uDao.findUserByName(name);
102 | if (u != null) {
103 | if (encoder.matches(password, u.getPassword())) {
104 | return true;
105 | }
106 | }
107 | return false;
108 | }
109 |
110 | public User findUserWithAuthorities(String username) {
111 | User u = uDao.findUserByName(username);
112 | return u;
113 | }
114 |
115 | }
116 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/MessageService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 | import com.kalavit.javulna.dto.ChatDto;
9 | import com.kalavit.javulna.dto.MessageDto;
10 | import com.kalavit.javulna.dto.UserDto;
11 | import com.kalavit.javulna.model.Message;
12 | import com.kalavit.javulna.model.MessageType;
13 | import com.kalavit.javulna.model.User;
14 | import com.kalavit.javulna.services.autodao.MessageAutoDao;
15 | import com.kalavit.javulna.services.autodao.UserAutoDao;
16 | import java.util.ArrayList;
17 | import java.util.List;
18 | import javax.persistence.EntityManager;
19 | import javax.persistence.PersistenceContext;
20 | import javax.transaction.Transactional;
21 | import org.dozer.DozerBeanMapper;
22 | import org.slf4j.Logger;
23 | import org.slf4j.LoggerFactory;
24 | import org.springframework.beans.factory.annotation.Autowired;
25 | import org.springframework.messaging.simp.SimpMessageSendingOperations;
26 | import org.springframework.security.core.context.SecurityContextHolder;
27 | import org.springframework.stereotype.Service;
28 |
29 | /**
30 | *
31 | * @author peti
32 | */
33 | @Service
34 | public class MessageService {
35 |
36 | private static final Logger LOG = LoggerFactory.getLogger(MessageService.class);
37 |
38 | @PersistenceContext
39 | EntityManager em;
40 |
41 | @Autowired
42 | private DozerBeanMapper beanMapper;
43 |
44 | @Autowired
45 | private UserAutoDao userAutoDao;
46 |
47 | @Autowired
48 | MessageAutoDao messageAutoDao;
49 |
50 | @Autowired
51 | SimpMessageSendingOperations webSocketSender;
52 |
53 | public List getAllMessages() {
54 | List resultList = messageAutoDao.findAll();
55 | List ret = new ArrayList<>();
56 | for (Message message : resultList) {
57 | MessageDto mdto = beanMapper.map(message, MessageDto.class);
58 | ret.add(mdto);
59 | }
60 | return ret;
61 | }
62 |
63 | public List getMessagesBetweenActualAndOther(String otherUserName) {
64 | User actUser = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
65 | return getMessagesBetweenUsers(actUser.getUsername(), otherUserName);
66 | }
67 |
68 | public List getMessagesBetweenUsers(String fromUser, String toUser) {
69 | List resultList = em.createQuery("select m from Message m join m.addressees add "
70 | + "where (m.author.name = :actUserName and add.name = :otherUserName) or "
71 | + "(m.author.name = :otherUserName and add.name = :actUserName) "
72 | + "order by m.createdAt asc")
73 | .setParameter("actUserName", fromUser)
74 | .setParameter("otherUserName", toUser)
75 | .getResultList();
76 | List ret = new ArrayList<>();
77 | for (Message message : resultList) {
78 | MessageDto mdto = beanMapper.map(message, MessageDto.class);
79 | ret.add(mdto);
80 | }
81 | return ret;
82 | }
83 |
84 | @Transactional
85 | public MessageDto sendChatMessage(ChatDto message) {
86 | Message m = new Message();
87 | m.setMessage(message.getText());
88 | m.setType(MessageType.chat);
89 | User toUser = userAutoDao.findUserByName(message.getToUser());
90 | User currUser = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
91 | User actUser = userAutoDao.findUserByName(currUser.getUsername());
92 | m.setAuthor(actUser);
93 | m.getAddressees().add(toUser);
94 | em.persist(m);
95 | em.flush();
96 | MessageDto mdto = beanMapper.map(m, MessageDto.class);
97 | webSocketSender.convertAndSendToUser(message.getToUser(), "/queue/notifications", mdto);
98 | //webSocketSender.convertAndSend("/topic/messagefeed", mdto);
99 | return mdto;
100 | }
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/doc/mypolicy.policy:
--------------------------------------------------------------------------------
1 |
2 | // Standard extensions get all permissions by default
3 |
4 | grant codeBase "file:${{java.ext.dirs}}/*" {
5 | permission java.security.AllPermission;
6 | };
7 |
8 | // default permissions granted to all domains
9 |
10 | grant {
11 | // Allows any thread to stop itself using the java.lang.Thread.stop()
12 | // method that takes no argument.
13 | // Note that this permission is granted by default only to remain
14 | // backwards compatible.
15 | // It is strongly recommended that you either remove this permission
16 | // from this policy file or further restrict it to code sources
17 | // that you specify, because Thread.stop() is potentially unsafe.
18 | // See the API specification of java.lang.Thread.stop() for more
19 | // information.
20 | permission java.lang.RuntimePermission "stopThread";
21 |
22 | // allows anyone to listen on dynamic ports
23 | permission java.net.SocketPermission "localhost:0", "listen";
24 |
25 | // "standard" properies that can be read by anyone
26 |
27 | permission java.util.PropertyPermission "java.version", "read";
28 | permission java.util.PropertyPermission "java.vendor", "read";
29 | permission java.util.PropertyPermission "java.vendor.url", "read";
30 | permission java.util.PropertyPermission "java.class.version", "read";
31 | permission java.util.PropertyPermission "os.name", "read";
32 | permission java.util.PropertyPermission "os.version", "read";
33 | permission java.util.PropertyPermission "os.arch", "read";
34 | permission java.util.PropertyPermission "file.separator", "read";
35 | permission java.util.PropertyPermission "path.separator", "read";
36 | permission java.util.PropertyPermission "line.separator", "read";
37 |
38 | permission java.util.PropertyPermission "java.specification.version", "read";
39 | permission java.util.PropertyPermission "java.specification.vendor", "read";
40 | permission java.util.PropertyPermission "java.specification.name", "read";
41 |
42 | permission java.util.PropertyPermission "java.vm.specification.version", "read";
43 | permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
44 | permission java.util.PropertyPermission "java.vm.specification.name", "read";
45 | permission java.util.PropertyPermission "java.vm.version", "read";
46 | permission java.util.PropertyPermission "java.vm.vendor", "read";
47 | permission java.util.PropertyPermission "java.vm.name", "read";
48 |
49 | };
50 | grant codeBase "file:/home/peti/programok/java/javulna/target/javulna-1.0-SNAPSHOT.jar" {
51 | permission java.lang.RuntimePermission "getProtectionDomain";
52 | permission java.util.PropertyPermission "java.protocol.handler.pkgs", "read,write";
53 | permission java.lang.RuntimePermission "setFactory";
54 | //permission "java.net.NetPermission" "specifyStreamHandler";
55 | permission java.lang.RuntimePermission "createClassLoader";
56 | permission java.lang.RuntimePermission "setContextClassLoader";
57 | permission java.lang.RuntimePermission "accessDeclaredMembers";
58 | permission "java.lang.reflect.ReflectPermission" "suppressAccessChecks";
59 | permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
60 | permission java.util.PropertyPermission "java.awt.headless", "read,write";
61 | permission java.util.PropertyPermission "org.springframework.boot.logging.LoggingSystem", "read,write";
62 | permission java.util.PropertyPermission "org.jboss.logging.provider", "read,write";
63 | permission "java.io.FilePermission" "./config/*", "read";
64 | permission "java.io.FilePermission" "./*", "read";
65 | permission java.util.PropertyPermission "spring.beaninfo.ignore", "read,write";
66 | permission java.util.PropertyPermission "LOG_EXCEPTION_CONVERSION_WORD", "read,write";
67 | permission java.util.PropertyPermission "CONSOLE_LOG_PATTERN", "read,write";
68 | permission java.util.PropertyPermission "FILE_LOG_PATTERN", "read,write";
69 | permission java.util.PropertyPermission "LOG_LEVEL_PATTERN", "read,write";
70 | permission java.util.PropertyPermission "PID", "read,write";
71 |
72 | };
73 |
74 |
75 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/model/User.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.model;
7 |
8 | import java.util.Collection;
9 | import java.util.Objects;
10 | import javax.persistence.Column;
11 | import javax.persistence.Entity;
12 | import javax.persistence.Table;
13 | import org.springframework.security.core.GrantedAuthority;
14 | import org.springframework.security.core.userdetails.UserDetails;
15 |
16 | /**
17 | *
18 | * @author peti
19 | */
20 | @Entity
21 | @Table(name = "appuser")
22 | public class User extends BaseEntity implements UserDetails{
23 |
24 | @Column(unique = true, nullable = false)
25 | private String name;
26 |
27 | private String sex;
28 |
29 | @Column(nullable = false)
30 | private String password;
31 |
32 | @Column(name = "emailaddress")
33 | private String emailAddress;
34 |
35 | @Column(length = 1000)
36 | private String motto;
37 |
38 | @Column(name = "webpageurl")
39 | private String webPageUrl;
40 |
41 | public String getName() {
42 | return name;
43 | }
44 |
45 | public void setName(String name) {
46 | this.name = name;
47 | }
48 |
49 | public String getSex() {
50 | return sex;
51 | }
52 |
53 | public void setSex(String sex) {
54 | this.sex = sex;
55 | }
56 |
57 | public String getPassword() {
58 | return password;
59 | }
60 |
61 | public void setPassword(String password) {
62 | this.password = password;
63 | }
64 |
65 | public String getEmailAddress() {
66 | return emailAddress;
67 | }
68 |
69 | public void setEmailAddress(String emailAddress) {
70 | this.emailAddress = emailAddress;
71 | }
72 |
73 | public String getMotto() {
74 | return motto;
75 | }
76 |
77 | public void setMotto(String motto) {
78 | this.motto = motto;
79 | }
80 |
81 | public String getWebPageUrl() {
82 | return webPageUrl;
83 | }
84 |
85 | public void setWebPageUrl(String webPageUrl) {
86 | this.webPageUrl = webPageUrl;
87 | }
88 |
89 |
90 |
91 | @Override
92 | public Collection getAuthorities() {
93 | return null;
94 | }
95 |
96 | @Override
97 | public String getUsername() {
98 | return name;
99 | }
100 |
101 | @Override
102 | public boolean isAccountNonExpired() {
103 | return true;
104 | }
105 |
106 | @Override
107 | public boolean isAccountNonLocked() {
108 | return true;
109 | }
110 |
111 | @Override
112 | public boolean isCredentialsNonExpired() {
113 | return true;
114 | }
115 |
116 | @Override
117 | public boolean isEnabled() {
118 | return true;
119 | }
120 |
121 | @Override
122 | public int hashCode() {
123 | int hash = 7;
124 | hash = 71 * hash + Objects.hashCode(this.name);
125 | hash = 71 * hash + Objects.hashCode(this.sex);
126 | hash = 71 * hash + Objects.hashCode(this.password);
127 | hash = 71 * hash + Objects.hashCode(this.emailAddress);
128 | hash = 71 * hash + Objects.hashCode(this.motto);
129 | hash = 71 * hash + Objects.hashCode(this.webPageUrl);
130 | return hash;
131 | }
132 |
133 | @Override
134 | public boolean equals(Object obj) {
135 | if (this == obj) {
136 | return true;
137 | }
138 | if (obj == null) {
139 | return false;
140 | }
141 | if (getClass() != obj.getClass()) {
142 | return false;
143 | }
144 | final User other = (User) obj;
145 | if (!Objects.equals(this.name, other.name)) {
146 | return false;
147 | }
148 | if (!Objects.equals(this.sex, other.sex)) {
149 | return false;
150 | }
151 | if (!Objects.equals(this.password, other.password)) {
152 | return false;
153 | }
154 | if (!Objects.equals(this.emailAddress, other.emailAddress)) {
155 | return false;
156 | }
157 | if (!Objects.equals(this.motto, other.motto)) {
158 | return false;
159 | }
160 | if (!Objects.equals(this.webPageUrl, other.webPageUrl)) {
161 | return false;
162 | }
163 | return true;
164 | }
165 |
166 |
167 | }
168 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/services/MovieService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package com.kalavit.javulna.services;
7 |
8 | import com.kalavit.javulna.dto.MovieDto;
9 | import com.kalavit.javulna.model.Movie;
10 | import com.kalavit.javulna.services.autodao.MovieAutoDao;
11 | import java.io.ByteArrayInputStream;
12 | import java.sql.ResultSet;
13 | import java.sql.SQLException;
14 | import java.util.List;
15 | import javax.xml.parsers.DocumentBuilder;
16 | import javax.xml.parsers.DocumentBuilderFactory;
17 | import org.slf4j.Logger;
18 | import org.slf4j.LoggerFactory;
19 | import org.springframework.beans.factory.annotation.Autowired;
20 | import org.springframework.jdbc.core.JdbcTemplate;
21 | import org.springframework.jdbc.core.RowMapper;
22 | import org.springframework.stereotype.Service;
23 | import org.springframework.util.StringUtils;
24 | import org.w3c.dom.Document;
25 | import org.w3c.dom.Element;
26 | import org.w3c.dom.NodeList;
27 |
28 | /**
29 | *
30 | * @author peti
31 | */
32 | @Service
33 | public class MovieService {
34 |
35 | private static final Logger LOG = LoggerFactory.getLogger(MovieService.class);
36 |
37 | @Autowired
38 | private JdbcTemplate jdbcTemplate;
39 |
40 | @Autowired
41 | MovieAutoDao movieAutoDao;
42 |
43 | public List findMovie(String title, String description, String genre, String id) {
44 | int conditions = 0;
45 | StringBuilder sql = new StringBuilder("select description, title, genre, id from movie ");
46 | if (StringUtils.hasText(title)) {
47 | appendCondition(sql, conditions);
48 | conditions++;
49 | sql.append("title LIKE '%").append(title).append("%'");
50 |
51 | }
52 | if (StringUtils.hasText(description)) {
53 | appendCondition(sql, conditions);
54 | conditions++;
55 | sql.append("description LIKE '%").append(description).append("%'");
56 | }
57 | if (StringUtils.hasText(genre)) {
58 | appendCondition(sql, conditions);
59 | conditions++;
60 | sql.append("genre LIKE '%").append(genre).append("%'");
61 | }
62 | if (StringUtils.hasText(id)) {
63 | appendCondition(sql, conditions);
64 | conditions++;
65 | sql.append("id = '").append(id).append("'");
66 | }
67 | LOG.debug(sql.toString());
68 | List users = this.jdbcTemplate.query(sql.toString(), new RowMapper() {
69 | @Override
70 | public MovieDto mapRow(ResultSet rs, int rowNum) throws SQLException {
71 | MovieDto ret = new MovieDto();
72 | ret.setDescription(rs.getString("description"));
73 | ret.setTitle(rs.getString("title"));
74 | ret.setGenre(rs.getString("genre"));
75 | ret.setId(rs.getString("id"));
76 | return ret;
77 | }
78 | });
79 |
80 | return users;
81 | }
82 |
83 | private void appendCondition(StringBuilder sb, int conditions) {
84 | if (conditions == 0) {
85 | sb.append(" where ");
86 | } else {
87 | sb.append(" and ");
88 | }
89 | }
90 |
91 | public Movie saveMovieFromXml(String xml){
92 | try {
93 | Movie m = new Movie();
94 | DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
95 | Document doc = db.parse(new ByteArrayInputStream(xml.getBytes("UTF-8")));
96 | Element root = doc.getDocumentElement();
97 | m.setTitle(getText(root, "title"));
98 | m.setDescription(getText(root, "description"));
99 | m.setGenre(getText(root, "genre"));
100 | movieAutoDao.save(m);
101 | return m;
102 | } catch (Exception ex) {
103 | throw new RuntimeException(ex);
104 | }
105 | }
106 |
107 | private String getText(Element el, String tagName) {
108 | NodeList nl = el.getElementsByTagName(tagName);
109 | if(nl != null && nl.getLength() >0){
110 | NodeList children = nl.item(0).getChildNodes();
111 | if(children != null && children.getLength() > 0){
112 | return children.item(0).getTextContent();
113 | }
114 | }
115 | LOG.debug("no text content of tag with name: {}", tagName);
116 | return null;
117 | }
118 |
119 | }
120 |
--------------------------------------------------------------------------------
/src/main/java/com/kalavit/javulna/springconfig/WebSecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.kalavit.javulna.springconfig;
2 |
3 | import java.io.IOException;
4 | import java.util.Arrays;
5 | import javax.servlet.ServletException;
6 | import javax.servlet.http.HttpServletRequest;
7 | import javax.servlet.http.HttpServletResponse;
8 | import org.springframework.beans.factory.annotation.Autowired;
9 | import org.springframework.context.annotation.Bean;
10 | import org.springframework.http.HttpMethod;
11 | import org.springframework.security.access.AccessDeniedException;
12 | import org.springframework.security.authentication.AuthenticationManager;
13 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
14 | import org.springframework.security.config.BeanIds;
15 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
16 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
17 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
18 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
19 | import org.springframework.security.core.AuthenticationException;
20 | import org.springframework.security.core.userdetails.UserDetailsService;
21 | import org.springframework.security.crypto.password.NoOpPasswordEncoder;
22 | import org.springframework.security.crypto.password.PasswordEncoder;
23 | import org.springframework.security.web.AuthenticationEntryPoint;
24 | import org.springframework.security.web.access.AccessDeniedHandler;
25 | import org.springframework.web.cors.CorsConfiguration;
26 | import org.springframework.web.cors.CorsConfigurationSource;
27 | import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
28 |
29 | @EnableWebSecurity
30 | public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
31 |
32 |
33 | @Autowired
34 | CustomAuthenticationSuccessHandler successHandler;
35 |
36 | @Autowired
37 | CustomAuthenticationFailureHandler failureHandler;
38 |
39 | @Autowired
40 | CustomLogoutSuccessHandler logouthandler;
41 |
42 | @Bean
43 | CorsConfigurationSource corsConfigurationSource() {
44 | CorsConfiguration configuration = new CorsConfiguration();
45 | configuration.setAllowedOrigins(Arrays.asList(MyServletConfig.ALLOWED_CORS_ORIGINS));
46 | configuration.setAllowedMethods(Arrays.asList("*"));
47 | configuration.setAllowedHeaders(Arrays.asList(MyServletConfig.ALLOWED_HEADERS));
48 | configuration.setAllowCredentials(Boolean.TRUE);
49 | UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
50 | source.registerCorsConfiguration(MyServletConfig.CORS_MAPPNIG, configuration);
51 | return source;
52 | }
53 |
54 | @Bean
55 | @Override
56 | public UserDetailsService userDetailsService() {
57 | UserDetailsService manager = new UserDetailsServiceImpl();
58 | return manager;
59 | }
60 |
61 | @Bean
62 | public PasswordEncoder passwordEncoder() {
63 | return NoOpPasswordEncoder.getInstance();
64 | }
65 |
66 | @Bean
67 | public DaoAuthenticationProvider authProvider() {
68 | DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
69 | authProvider.setUserDetailsService(userDetailsService());
70 | authProvider.setPasswordEncoder(passwordEncoder());
71 | return authProvider;
72 |
73 | }
74 |
75 | @Override
76 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
77 | auth.authenticationProvider(authProvider());
78 | }
79 |
80 | @Override
81 | protected void configure(HttpSecurity http) throws Exception {
82 | http
83 | .headers().frameOptions().disable().
84 | and().csrf().disable()
85 | .formLogin()
86 | .usernameParameter("username")
87 | .successHandler(successHandler)
88 | .failureHandler(failureHandler)
89 | .and()
90 | .exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {
91 | @Override
92 | public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
93 | response.sendError(HttpServletResponse.SC_FORBIDDEN);
94 | }
95 | })
96 | .and().logout().logoutSuccessHandler(logouthandler)
97 | .and().cors()
98 | .and().authorizeRequests()
99 | .antMatchers(HttpMethod.GET, "/rest/movie/**").permitAll()
100 | .antMatchers(HttpMethod.PUT, "/rest/user/**").permitAll()
101 | .anyRequest().authenticated();
102 | }
103 |
104 | @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
105 | @Override
106 | public AuthenticationManager authenticationManagerBean() throws Exception {
107 | return super.authenticationManagerBean();
108 | }
109 |
110 | }
111 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 4.0.0
4 |
5 | com.kalavit
6 | javulna
7 | 1.0-SNAPSHOT
8 | jar
9 |
10 | org.springframework.boot
11 | spring-boot-starter-parent
12 | 2.6.7
13 |
14 |
15 |
16 | javulna
17 |
18 |
19 | ${project.build.directory}/endorsed
20 | UTF-8
21 | 1.8
22 | 1.8
23 |
24 |
25 |
26 |
27 | org.springframework.boot
28 | spring-boot-starter-web
29 |
30 |
31 | org.springframework.boot
32 | spring-boot-starter-data-jpa
33 |
34 |
35 | org.springframework.boot
36 | spring-boot-starter-security
37 |
38 |
39 | org.springframework.boot
40 | spring-boot-starter-websocket
41 |
42 |
43 | org.springframework.boot
44 | spring-boot-starter-validation
45 |
46 |
47 | org.hsqldb
48 | hsqldb
49 | runtime
50 |
51 |
52 | commons-io
53 | commons-io
54 | 2.6
55 |
56 |
57 | org.apache.commons
58 | commons-collections4
59 | 4.0
60 |
61 |
62 | org.owasp.encoder
63 | encoder
64 | 1.2.1
65 |
66 |
67 | org.owasp.esapi
68 | esapi
69 | 2.1.0.1
70 |
71 |
72 | net.sf.dozer
73 | dozer
74 | 5.5.1
75 |
76 |
77 | com.fasterxml.jackson.dataformat
78 | jackson-dataformat-xml
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 | org.springframework.boot
88 | spring-boot-maven-plugin
89 |
90 | true
91 | com.kalavit.javulna.Application
92 |
93 |
94 |
95 |
96 | repackage
97 |
98 |
99 |
100 |
101 |
102 | maven-assembly-plugin
103 | 3.1.1
104 |
105 |
106 |
107 | true
108 | com.company.mavenproject1.MainClass
109 |
110 |
111 |
112 | jar-with-dependencies
113 |
114 |
115 |
116 |
117 |
118 | assemble-all
119 | package
120 |
121 | single
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
--------------------------------------------------------------------------------
/src/main/resources/ESAPI.properties:
--------------------------------------------------------------------------------
1 | # To change this license header, choose License Headers in Project Properties.
2 | # To change this template file, choose Tools | Templates
3 | # and open the template in the editor.
4 | #####################################################################
5 | # Based on the default ESAPI.properties file, which is BSD licensed.
6 | #
7 | # Licensed to the Apache Software Foundation (ASF) under one
8 | # or more contributor license agreements. See the NOTICE file
9 | # distributed with this work for additional information
10 | # regarding copyright ownership. The ASF licenses this file
11 | # to you under the Apache License, Version 2.0 (the
12 | # "License"); you may not use this file except in compliance
13 | # with the License. You may obtain a copy of the License at
14 | #
15 | # http://www.apache.org/licenses/LICENSE-2.0
16 | #
17 | # Unless required by applicable law or agreed to in writing,
18 | # software distributed under the License is distributed on an
19 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
20 | # KIND, either express or implied. See the License for the
21 | # specific language governing permissions and limitations
22 | # under the License.
23 | #####################################################################
24 |
25 | # Properties file for OWASP Enterprise Security API (ESAPI)
26 | # You can find more information about ESAPI at http://www.owasp.org/esapi
27 |
28 | # Validation
29 | #
30 | # The ESAPI validator does many security checks on input, such as canonicalization
31 | # and whitelist validation. Note that all of these validation rules are applied *after*
32 | # canonicalization. Double-encoded characters (even with different encodings involved,
33 | # are never allowed.
34 | #
35 | # To use:
36 | #
37 | # First set up a pattern below. You can choose any name you want, prefixed by the word
38 | # "Validation." For example:
39 | # Validaton.email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
40 | #
41 | # Then you can validate in your code against the pattern like this:
42 | # Validator.getInstance().getValidDataFromBrowser( "Email", input );
43 | # Validator.getInstance().isValidDataFromBrowser( "Email", input );
44 | #
45 | Validator.SafeString=^[\p{L}\p{N}.]{0,1024}$
46 | Validator.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
47 | Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
48 | Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&%\\$#_]*)?$
49 | Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
50 | Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
51 |
52 | # Validators used by ESAPI
53 | Validator.AccountName=^[a-zA-Z0-9]{3,20}$
54 | Validator.SystemCommand=^[a-zA-Z\\-\\/]{0,64}$
55 | Validator.RoleName=^[a-z]{1,20}$
56 | Validator.Redirect=^\\/test.*$
57 |
58 | # Global HTTP Validation Rules
59 | # Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
60 | Validator.HTTPParameterName=^[a-zA-Z0-9_]{0,32}$
61 | Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=_ ]*$
62 | Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{0,32}$
63 | Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
64 | Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{0,32}$
65 | Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
66 |
67 | # Validation of file related input
68 | Validator.FileName=^[a-zA-Z0-9.\\-_ ]{0,255}$
69 | Validator.DirectoryName=^[a-zA-Z0-9.-\\_ ]{0,255}$
70 |
71 | # File upload configuration
72 | ValidExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
73 | MaxUploadFileBytes=500000000
74 |
75 | # Content-Type header
76 | ResponseContentType=text/html; charset=UTF-8
77 |
78 | # Logging
79 | #
80 | # Logging level, values are ALL, SEVERE, WARNING, INFO, DEBUG?
81 | LogLevel=ALL
82 | LogEncodingRequired=false
83 |
84 | # Intrusion Detection
85 | #
86 | # Each event has a base to which .count, .interval, and .action are added
87 | # The IntrusionException will fire if we receive "count" events within "interval" seconds
88 | # The IntrusionDetector is configurable to take the following actions: log, logout, and disable
89 | # (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
90 | #
91 | # Custom Events
92 | # Names must start with "event." as the base
93 | # Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
94 | #
95 | event.test.count=2
96 | event.test.interval=10
97 | event.test.actions=disable,log
98 |
99 | # Exception Events
100 | # All EnterpriseSecurityExceptions are registered automatically
101 | # Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
102 | # Use the fully qualified classname of the exception as the base
103 |
104 | # any intrusion is an attack
105 | org.owasp.esapi.errors.IntrusionException.count=1
106 | org.owasp.esapi.errors.IntrusionException.interval=1
107 | org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
108 |
109 | # for test purposes
110 | org.owasp.esapi.errors.IntegrityException.count=10
111 | org.owasp.esapi.errors.IntegrityException.interval=5
112 | org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
113 |
114 | # rapid validation errors indicate scans or attacks in progress
115 | # org.owasp.esapi.errors.ValidationException.count=10
116 | # org.owasp.esapi.errors.ValidationException.interval=10
117 | # org.owasp.esapi.errors.ValidationException.actions=log,logout
118 |
119 |
120 | # ================= PROPERTIES NOT CURRENTLY USED IN OFBIZ =================
121 | # These are not likely to be used, but leaving here commented out for future
122 | # references, just in case.
123 |
124 | # Authentication
125 | #RememberTokenDuration=14
126 | #AllowedLoginAttempts=3
127 | #MaxOldPasswordHashes=13
128 | #UsernameParameterName=username
129 | #PasswordParameterName=password
130 |
131 | # Encryption
132 | #MasterPassword=owasp1
133 | #MasterSalt=testtest
134 |
135 | # Algorithms
136 | # WARNING: Changing these settings will invalidate all user passwords, hashes, and encrypted data
137 | # WARNING: Reasonable values for these algorithms will be tested and documented in a future release
138 | #
139 | #CharacterEncoding=UTF-8
140 | #HashAlgorithm=SHA-512
141 | #HashIterations=1024
142 | ##EncryptionAlgorithm=PBEWithMD5AndDES/CBC/PKCS5Padding
143 | #EncryptionAlgorithm=PBEWithMD5AndDES
144 | #RandomAlgorithm=SHA1PRNG
145 | #DigitalSignatureAlgorithm=SHAwithDSA
146 |
147 | # sessions jumping between hosts indicates a session hijacking
148 | #org.owasp.esapi.errors.AuthenticationHostException.count=2
149 | #org.owasp.esapi.errors.AuthenticationHostException.interval=10
150 | #org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
151 |
152 |
--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
1 | # Javulna
2 |
3 | ## Table of Contents
4 | 1. [Introduction](#Introduction)
5 | 2. [Building the application](#Build)
6 | 3. [Accessing the API via Postman](#Postman)
7 | 4. [Exercises](#Exercises)
8 | 1. [Exercise 1 - Find users of the app and their password](#Exercise_1)
9 | 2. [Exercise 2 - Log into the application](#Exercise_2)
10 | 1. [Exercise 3 - Change another user's password](#Exercise_3)
11 | 1. [Exercise 4 - Buy cheaper](#Exercise_4)
12 | 1. [Exercise 5 - File handling](#Exercise_5)
13 | 1. [Exercise 6 - Serialization vulnerability](#Exercise_6)
14 | 1. [Exercise 7- Xml handling](#Exercise_7)
15 | 1. [Exercise 8 – attack The LDAP](#Exercise_8)
16 | 1. [Exercise 9 – XSS](#Exercise_9)
17 |
18 |
19 | ## Introduction
20 |
21 | Javulna is an intentionally vulnerable Java application. It is created for educational purposes. It is intended mainly for Java developers.
22 | Javulna is a movie-related application, where you can log in and out, read information about movies, buy movie-related objects, send messages to other users of the application, etc. The functionalities are far from complete or coherent, they just serve the purpose of demonstrating specific vulnerabilities.
23 | This document contains exercises which can be done with Javulna to understand how to exploit and how to fix specific vulnerabilities.
24 |
25 |
26 | ## Building the application
27 |
28 | Javulna is a standard Spring Boot application, built with Maven.
29 |
30 | You can build the project with:
31 | ```mvn clean install```
32 |
33 | Than you can run it with
34 | ```java -jar target/javulna-1.0-SNAPSHOT.jar```
35 |
36 | This will start an embedded Tomcat, and run the app. If you want to change the port of the embedded Tomcat to 8089 (default is 8080):
37 | ```java -jar target/javulna-1.0-SNAPSHOT.jar --server.port=8089```
38 |
39 | If you want to debug it:
40 | ```java -Xdebug -Xrunjdwp:server=y,transport=dt_socket_address=5005,suspend=n -jar target/javulna-1.0-SNAPSHOT.jar```
41 |
42 | Alternatively you can run (and debug) the project from your preferred IDE by simply running the Application.java class.
43 |
44 |
45 | ## Accessing the API via Postman
46 | Javulna in itself does not contain any user interface (except a default login page and an empty index.html). It is a RESTfull application accepting http requests and responding JSON strings. In the doc folder you can find a Postman collection export. We suggest you to install Postman on your device and import this collection, since it helps you a lot with starting the exercises.
47 | After you imported the collection you will have to create an environment within Postman, where you have to specify the ```javulna_host``` environment variable. The value of this variable has to be the host and port of your running javulna app.
48 |
49 |
50 | ## Exercises
51 |
52 |
53 | ### Exercise 1 – Find users of the app and their passwords
54 | **Short Description**
55 | The list of the movies of the application is accessible by all users (including anonymous users too). Find a vulnerability in this service and exploit it, so that you can see all users of the application and their passwords!
56 |
57 | **Service endpoint**
58 | On the /rest/movie endpoint you can list movies of the database. This endpoint is accessible to anonymous (not logged in) users too.
59 | *Request Method*: GET
60 | *URL*: /rest/movie?title=<title>&description=<desc>&genre=<genre>&id=<id> (none of the request parameters are mandatory)
61 | *Response*: a JSON containg movies which fulfill the search conditions
62 |
63 | **Postman request**
64 | With Postman check the List Movies request in the Javulna collection to see how it works!
65 |
66 | **Detailed description**
67 | The service behind this endpoint is vulnerable to one of the most classic exploit of programming. Find the vulnerability, and exploit it so that you can get users and their passwords from the database! (Hint: The table containing the users' data is called APPUSER.)
68 | When you are done, check the source code (MovieService.findMovie) and fix it.
69 | Discuss what could have been the developers motivation creating this code!
70 |
71 |
72 | ### Exercise 2 - log in to the application
73 |
74 | **Short Description**
75 | Using the usernames and passwords discovered in the previous exercise log in to the application. There is no hacking involved here, this step is only necessary so that you can continue with the next exercises.
76 |
77 | **Service endpoint**
78 |
79 | *Request Method*: POST
80 | *URL*: /login
81 | *Request body*: username, password fields
82 | *Response*: a JSON containg the name of the logged in user and a cookie which can be used for subsequent authentication
83 |
84 | **Postman request**
85 | Use the login request in the Javulna collection (Postman will automatically submit the cookie with the following requests)
86 |
87 |
88 | ### Exercise 3 – change another user's password
89 | **Short Description**
90 | The application contains a password change functionality. Abuse it to change another user's password!
91 |
92 | **Service endpoint**
93 | *Request Method*: POST
94 | *URL*: /rest/user/password?user=Yoda&oldPassword=<old_password>&newPassword=<new_password>
95 | *Response*: Ok or Not ok
96 |
97 | **Postman request**
98 | Change password
99 |
100 | **Detailed description**
101 | The change password service first creates a password-change xml to call a remote password change service with it (in reality the remote service does nothing remotely, just parses the xml and changes the password locally).
102 | Find a vulnerability within this service!
103 | This is how the password service creates the xml file:
104 | ```java
105 | private String createXml(String name, String newPassword) {
106 | try {
107 | String xmlString = IOUtils.toString(getClass().getClassLoader().getResourceAsStream("xml/PasswordChange.xml"), "UTF-8");
108 | xmlString = xmlString.replaceAll("PWD_TO_REPLACE", newPassword);
109 | xmlString = xmlString.replaceAll("USERNAME_TO_REPLACE", name);
110 | return xmlString;
111 | } catch (IOException ex) {
112 | throw new RuntimeException(ex);
113 | }
114 | }
115 | ```
116 |
117 | The PasswordChange.xml looks like this:
118 | ```xml
119 |
120 |
121 | PWD_TO_REPLACE
122 | USERNAME_TO_REPLACE
123 |
124 | ```
125 | After the exploit fix the vulnerability within the code.
126 |
127 |
128 | ### Exercise 4 – Buy cheaper
129 | **Short Description**
130 | You can buy movie-related objects with the application. Each object have a name, a description and a price. Try to by something for cheaper than the original price!
131 |
132 | **Service endpoint**
133 | *Request Method*: PUT
134 | *URL*: /rest/order
135 | *Body*: a JSON string containing the order
136 |
137 | Response: a JSON containing the details of the order and the final price.
138 |
139 | **Postman request**
140 | Use the “Buy movie objects” request to place an order and the “List buyable movie objects” request to see what you can buy!
141 |
142 | **Detailed description**
143 | Find a way to buy something for a cheaper price than intended!
144 | After you found the vulerability, fix the code!
145 |
146 |
147 | ### Exercise 5 – File handling
148 | **Short Description**
149 | The application has a file upload and a file download functionality. Both of them suffer from several vulnerabilities. Find a vulnerability, with which you can read any file from the server's files-system!
150 |
151 | **Service endpoint**
152 | FILE UPLOAD
153 | *Request Method*: POST
154 | *URL*: /uploadFile
155 | *Body*: the file to upload with "file" key
156 | *Response*: A JSON object containig information about the uploaded file
157 |
158 | FILE DOWNLOAD
159 | *Request Method*: GET
160 | *URL*: /downloadFile?fileName=<file name>
161 | *Response*: The file to be downloaded
162 |
163 | **Postman request**
164 | Upload File
165 | Donwload File
166 |
167 | **Detailed description**
168 | The application stores uploaded files on the server's file-system. In order for the upload and download functionality to work you first have to set the value of the javulna.filestore.dir property in the application.properties file to some reasonabel value (to a real path which exists on your machine).
169 | Then try to download a file with the application that is outside of this directory!
170 | Once you are done fix the found vulnerability!
171 | What other voulnerabiltites can you spot in the upload file functionality? How would you fix theese?
172 |
173 | ### Exercise 6 – Serialization vulnerability
174 |
175 | **Short Description**
176 | Find a serialization vulnerability within the application, and exploit it!
177 |
178 | **Service endpoint**
179 | There is no specific endpoint for this exercise.
180 |
181 | **Postman request**
182 | all of them applicable
183 |
184 | **Detailed description**
185 | The application uses a serialized cookie to do some extra security check. Alas this extra feature actually introduces a serious security bug. Find the cookie and try to find out what is in it! Then modify it to exploit the vulnerability!
186 | If you feel lost, check the classes: ExtraAuthenticationCheckFilter and CustomAuthenticationSuccessHandler.
187 | Be aware that the application has a dependency to org.apache.commons-collections4 4.0.
188 |
189 |
190 | ### Exercise 7 – Xml handling
191 | **Short Description**
192 | The create movie service accepts xml input as well as JSON. There are two ways to call this service and one of them is vulnerable. Find out which one!
193 |
194 | **Service endpoint**
195 |
196 | CREATE MOVIE
197 |
198 | *Request Method:* POST
199 | *URL:* /rest/movie
200 | *Body:*
201 | An xml in this form:
202 | ```xml
203 |
204 | Star Wars: The empire strikes back
205 | m
206 | sci-fi
207 |
208 | ```
209 | *Response:* JSON of the created movie
210 |
211 | CREATE MOVIE WTIH REQUEST PARAM
212 |
213 | *Request Method:* POST
214 | *URL:* /rest/moviexml
215 | *Body:*
216 | Key: "inputxml":
217 | Value:
218 | ```xml
219 |
220 | Star Wars: The empire strikes back
221 | m
222 | sci-fi
223 |
224 | ```
225 | *Response:* JSON of the created movie
226 |
227 | **Postman request**
228 | Create movie with XML and Create Movie with XML param
229 |
230 | **Detailed description**
231 | Once you are logged in you can create movies in the database. You can create a movie from JSON or form XML. For some reason there are two ways to send an xml: send it in the body of a POST request with Content-type: application/xml, or send it as a request parameter. One of these is vulnerable to a special xml-related attack. Find out which one! Exploit the vulnerability and fix it! Discuss why only one of the two services was vulnerable!
232 |
233 |
234 | ### Exercise 8 – attack The LDAP
235 | **Short Description**
236 | The application contains a simple service which enables users to find what data is stored about them in an LDAP directory. In order to obtain the data users have to provide their username and password. Can you get users data without knowing their passwords?
237 |
238 | **Service endpoint**
239 |
240 | *Request Method:* GET
241 | *URL:* /rest/ldap?username=<username>&password=<password>
242 | *Response:*user's data in JSON format
243 |
244 | **Postman request**
245 | Find user in LDAP
246 |
247 | **Detailed description**
248 |
249 | Previous configuration
250 |
251 | In order to do this exercise you will have to install first an LDAP server on your machine. Don't worry, it's supereasy. Go to https://github.com/kwart/ldap-server/releases and download the ldap-server.jar. In this application's doc directory you will find an *ldap.ldif* file. You will have to start the downloaded LDAP server with this ldif file. You can do this by issuing the command:
252 | ```
253 | java -jar ldap-server.jar /doc/ldap.ldif
254 | ```
255 | Normally you have nothing else to do, you can start the exercise. However. if for some reason you reconfigure anything in the downloaded LDAP sever don't forget to reconfigure the LDAP properties of javulna in application.properties.
256 |
257 | The exercise
258 |
259 | With the abovemntioned request you can get details of a user from the LDAP directory.
260 | You can check that the service works with the username: "aladar" and with password "aradadal".
261 | Can you get another user's data?
262 | Can you get a specific user's data (e.g. uid="kriszta")?
263 | Can you get data of a user whose name starts with "a"?
264 | Could you somehow get all user's data from LDAP?
265 | Examine the source code, find and fix the vulnerability!
266 |
267 |
268 | ### Exercise 9 – XSS
269 | **Short Description**
270 | On branch ui there is an application which contains two pages. Alas, one of them suffers from XSS vulnerability. Find it and fix it!
271 |
272 | **Detailed description**
273 | Checkout branch ui (git cechkout ui), make a clean install, and run the application. Navigate to your browser, and enter the url localhost:8080! You should see a page listing the movies in the database. There is also a page accessible from the menu for adding new movies to the database. Find an XSS vulnerability in one of these pages!
274 | When found, check the source-code.
275 | What type of XSS is this?
276 | Discuss why this vulnerability exists, and why are there no other XSS vulnerabilties at other places!
277 | Fix the vulnerability!
278 |
--------------------------------------------------------------------------------
/doc/Javulna.postman_collection.json:
--------------------------------------------------------------------------------
1 | {
2 | "info": {
3 | "_postman_id": "211f9c80-1f33-478c-b410-45e828839dcc",
4 | "name": "Javulna",
5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
6 | },
7 | "item": [
8 | {
9 | "name": "Login",
10 | "request": {
11 | "method": "POST",
12 | "header": [
13 | {
14 | "key": "Content-Type",
15 | "value": "application/x-www-form-urlencoded"
16 | },
17 | {
18 | "key": "Origin",
19 | "value": "http://localhost:3000"
20 | }
21 | ],
22 | "body": {
23 | "mode": "urlencoded",
24 | "urlencoded": [
25 | {
26 | "key": "username",
27 | "value": "???",
28 | "type": "text"
29 | },
30 | {
31 | "key": "password",
32 | "value": "???",
33 | "type": "text"
34 | }
35 | ]
36 | },
37 | "url": {
38 | "raw": "{{javulna_host}}/login",
39 | "host": [
40 | "{{javulna_host}}"
41 | ],
42 | "path": [
43 | "login"
44 | ]
45 | }
46 | },
47 | "response": []
48 | },
49 | {
50 | "name": "Logout",
51 | "request": {
52 | "method": "GET",
53 | "header": [
54 | {
55 | "key": "Content-Type",
56 | "value": "application/x-www-form-urlencoded"
57 | },
58 | {
59 | "key": "Origin",
60 | "value": "http://localhost:3000"
61 | }
62 | ],
63 | "body": {
64 | "mode": "urlencoded",
65 | "urlencoded": [
66 | {
67 | "key": "username",
68 | "value": "Yoda",
69 | "type": "text",
70 | "disabled": true
71 | },
72 | {
73 | "key": "password",
74 | "value": "NoSecretsATrueJediHas",
75 | "type": "text",
76 | "disabled": true
77 | }
78 | ]
79 | },
80 | "url": {
81 | "raw": "{{javulna_host}}/logout",
82 | "host": [
83 | "{{javulna_host}}"
84 | ],
85 | "path": [
86 | "logout"
87 | ]
88 | }
89 | },
90 | "response": []
91 | },
92 | {
93 | "name": "Create Movie",
94 | "request": {
95 | "method": "POST",
96 | "header": [
97 | {
98 | "key": "Upgrade-Insecure-Requests",
99 | "value": "1"
100 | },
101 | {
102 | "key": "User-Agent",
103 | "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
104 | },
105 | {
106 | "key": "Accept",
107 | "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
108 | },
109 | {
110 | "key": "Accept-Encoding",
111 | "value": "gzip, deflate, br"
112 | },
113 | {
114 | "key": "Accept-Language",
115 | "value": "hu,en;q=0.8,en-US;q=0.6"
116 | },
117 | {
118 | "key": "Content-Type",
119 | "value": "application/json"
120 | }
121 | ],
122 | "body": {
123 | "mode": "raw",
124 | "raw": "{\n\t\"title\": \"Star Wars: The empire strikes back\",\n\t\"description\": \"m\",\n\t\"genre\": \"sci-fi\"\n}"
125 | },
126 | "url": {
127 | "raw": "{{javulna_host}}/rest/movie",
128 | "host": [
129 | "{{javulna_host}}"
130 | ],
131 | "path": [
132 | "rest",
133 | "movie"
134 | ]
135 | }
136 | },
137 | "response": []
138 | },
139 | {
140 | "name": "Create Movie with XML",
141 | "request": {
142 | "method": "POST",
143 | "header": [
144 | {
145 | "key": "Upgrade-Insecure-Requests",
146 | "value": "1"
147 | },
148 | {
149 | "key": "User-Agent",
150 | "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
151 | },
152 | {
153 | "key": "Accept",
154 | "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
155 | },
156 | {
157 | "key": "Accept-Encoding",
158 | "value": "gzip, deflate, br"
159 | },
160 | {
161 | "key": "Accept-Language",
162 | "value": "hu,en;q=0.8,en-US;q=0.6"
163 | },
164 | {
165 | "key": "Content-Type",
166 | "value": "application/xml"
167 | }
168 | ],
169 | "body": {
170 | "mode": "raw",
171 | "raw": "\n\tStar Wars: The empire strikes back\n\tm\n\tsci-fi\n\n"
172 | },
173 | "url": {
174 | "raw": "{{javulna_host}}/rest/movie",
175 | "host": [
176 | "{{javulna_host}}"
177 | ],
178 | "path": [
179 | "rest",
180 | "movie"
181 | ]
182 | }
183 | },
184 | "response": []
185 | },
186 | {
187 | "name": "Create Movie with XML param",
188 | "request": {
189 | "method": "POST",
190 | "header": [
191 | {
192 | "key": "Upgrade-Insecure-Requests",
193 | "value": "1"
194 | },
195 | {
196 | "key": "User-Agent",
197 | "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
198 | },
199 | {
200 | "key": "Accept",
201 | "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
202 | },
203 | {
204 | "key": "Accept-Encoding",
205 | "value": "gzip, deflate, br"
206 | },
207 | {
208 | "key": "Accept-Language",
209 | "value": "hu,en;q=0.8,en-US;q=0.6"
210 | },
211 | {
212 | "key": "Content-Type",
213 | "value": "application/xml"
214 | }
215 | ],
216 | "body": {
217 | "mode": "formdata",
218 | "formdata": [
219 | {
220 | "key": "inputxml",
221 | "value": "\n\tStar Wars: The empire strikes back\n\tm\n\tsci-fi\n",
222 | "type": "text"
223 | }
224 | ]
225 | },
226 | "url": {
227 | "raw": "{{javulna_host}}/rest/moviexml",
228 | "host": [
229 | "{{javulna_host}}"
230 | ],
231 | "path": [
232 | "rest",
233 | "moviexml"
234 | ]
235 | }
236 | },
237 | "response": []
238 | },
239 | {
240 | "name": "Change password",
241 | "request": {
242 | "method": "POST",
243 | "header": [
244 | {
245 | "key": "Upgrade-Insecure-Requests",
246 | "value": "1"
247 | },
248 | {
249 | "key": "User-Agent",
250 | "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
251 | },
252 | {
253 | "key": "Accept",
254 | "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
255 | },
256 | {
257 | "key": "Accept-Encoding",
258 | "value": "gzip, deflate, br"
259 | },
260 | {
261 | "key": "Accept-Language",
262 | "value": "hu,en;q=0.8,en-US;q=0.6"
263 | },
264 | {
265 | "key": "Content-Type",
266 | "value": "application/json"
267 | }
268 | ],
269 | "body": {
270 | "mode": "raw",
271 | "raw": ""
272 | },
273 | "url": {
274 | "raw": "{{javulna_host}}/rest/user/password?user=Yoda&oldPassword=NoSecretsATrueJediHas&newPassword=DoIhaveASecretNow",
275 | "host": [
276 | "{{javulna_host}}"
277 | ],
278 | "path": [
279 | "rest",
280 | "user",
281 | "password"
282 | ],
283 | "query": [
284 | {
285 | "key": "user",
286 | "value": "Yoda"
287 | },
288 | {
289 | "key": "oldPassword",
290 | "value": "NoSecretsATrueJediHas"
291 | },
292 | {
293 | "key": "newPassword",
294 | "value": "DoIhaveASecretNow"
295 | }
296 | ]
297 | }
298 | },
299 | "response": []
300 | },
301 | {
302 | "name": "List users",
303 | "request": {
304 | "method": "GET",
305 | "header": [
306 | {
307 | "key": "Upgrade-Insecure-Requests",
308 | "value": "1"
309 | },
310 | {
311 | "key": "User-Agent",
312 | "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
313 | },
314 | {
315 | "key": "Accept",
316 | "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
317 | },
318 | {
319 | "key": "Accept-Encoding",
320 | "value": "gzip, deflate, br"
321 | },
322 | {
323 | "key": "Accept-Language",
324 | "value": "hu,en;q=0.8,en-US;q=0.6"
325 | },
326 | {
327 | "key": "Content-Type",
328 | "value": "application/json"
329 | }
330 | ],
331 | "body": {
332 | "mode": "raw",
333 | "raw": "{\n\t\"name\": \"Mézga Aladár\",\n\t\"sex\": \"m\"\n}"
334 | },
335 | "url": {
336 | "raw": "{{javulna_host}}/rest/user",
337 | "host": [
338 | "{{javulna_host}}"
339 | ],
340 | "path": [
341 | "rest",
342 | "user"
343 | ]
344 | }
345 | },
346 | "response": []
347 | },
348 | {
349 | "name": "List movies",
350 | "request": {
351 | "method": "GET",
352 | "header": [
353 | {
354 | "key": "Upgrade-Insecure-Requests",
355 | "value": "1"
356 | },
357 | {
358 | "key": "User-Agent",
359 | "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
360 | },
361 | {
362 | "key": "Accept",
363 | "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
364 | },
365 | {
366 | "key": "Accept-Encoding",
367 | "value": "gzip, deflate, br"
368 | },
369 | {
370 | "key": "Accept-Language",
371 | "value": "hu,en;q=0.8,en-US;q=0.6"
372 | },
373 | {
374 | "key": "Content-Type",
375 | "value": "application/json"
376 | }
377 | ],
378 | "body": {
379 | "mode": "raw",
380 | "raw": "{\n\t\"name\": \"Mézga Aladár\",\n\t\"sex\": \"m\"\n}"
381 | },
382 | "url": {
383 | "raw": "{{javulna_host}}/rest/movie?title=Empire&description=Luke",
384 | "host": [
385 | "{{javulna_host}}"
386 | ],
387 | "path": [
388 | "rest",
389 | "movie"
390 | ],
391 | "query": [
392 | {
393 | "key": "title",
394 | "value": "Empire"
395 | },
396 | {
397 | "key": "description",
398 | "value": "Luke"
399 | }
400 | ]
401 | }
402 | },
403 | "response": []
404 | },
405 | {
406 | "name": "Create user",
407 | "request": {
408 | "method": "PUT",
409 | "header": [
410 | {
411 | "key": "Content-Type",
412 | "value": "application/json"
413 | },
414 | {
415 | "key": "Origin",
416 | "value": "http://localhost:3000"
417 | }
418 | ],
419 | "body": {
420 | "mode": "raw",
421 | "raw": "{\n\t\"name\": \"aladar2\",\n\t\"sex\": \"m\",\n\t\"emailAddress\": \"aladar@mezga.com\",\n\t\"password\": \"aradadal\",\n\t\"webPageUrl\": \"www.mezgaaladar.hu\"\n}"
422 | },
423 | "url": {
424 | "raw": "{{javulna_host}}/rest/user",
425 | "host": [
426 | "{{javulna_host}}"
427 | ],
428 | "path": [
429 | "rest",
430 | "user"
431 | ]
432 | }
433 | },
434 | "response": []
435 | },
436 | {
437 | "name": "Modify user",
438 | "request": {
439 | "method": "POST",
440 | "header": [
441 | {
442 | "key": "Content-Type",
443 | "value": "application/json"
444 | },
445 | {
446 | "key": "Origin",
447 | "value": "http://localhost:3000"
448 | }
449 | ],
450 | "body": {
451 | "mode": "raw",
452 | "raw": "{\n\t\"id\": \"2534509b-3675-4c96-9f7f-28e912efd424\",\n\t\"name\": \"Mézga Aladár\",\n\t\"sex\": \"m\",\n\t\"emailAddress\": \"aladar@mezga.com\",\n\t\"password\": \"aradadal\"\n}"
453 | },
454 | "url": {
455 | "raw": "{{javulna_host}}/rest/user",
456 | "host": [
457 | "{{javulna_host}}"
458 | ],
459 | "path": [
460 | "rest",
461 | "user"
462 | ]
463 | }
464 | },
465 | "response": []
466 | },
467 | {
468 | "name": "SendChat",
469 | "request": {
470 | "method": "PUT",
471 | "header": [
472 | {
473 | "key": "Content-Type",
474 | "value": "application/json"
475 | },
476 | {
477 | "key": "Origin",
478 | "value": "http://localhost:3000"
479 | }
480 | ],
481 | "body": {
482 | "mode": "raw",
483 | "raw": "{\n\t\"text\": \"mizu\",\n\t\"toUser\":\"Darth Veder\"\n}"
484 | },
485 | "url": {
486 | "raw": "{{javulna_host}}/rest/messages/chat",
487 | "host": [
488 | "{{javulna_host}}"
489 | ],
490 | "path": [
491 | "rest",
492 | "messages",
493 | "chat"
494 | ]
495 | }
496 | },
497 | "response": []
498 | },
499 | {
500 | "name": "List Chat Messages",
501 | "request": {
502 | "method": "GET",
503 | "header": [
504 | {
505 | "key": "Content-Type",
506 | "value": "application/json"
507 | },
508 | {
509 | "key": "Origin",
510 | "value": "http://localhost:3000"
511 | }
512 | ],
513 | "body": {
514 | "mode": "raw",
515 | "raw": "{\n\t\"text\": \"hello\",\n\t\"toUser\":\"Darth Veder\"\n}"
516 | },
517 | "url": {
518 | "raw": "{{javulna_host}}/rest/messages/chat?otherUser=Darth Veder",
519 | "host": [
520 | "{{javulna_host}}"
521 | ],
522 | "path": [
523 | "rest",
524 | "messages",
525 | "chat"
526 | ],
527 | "query": [
528 | {
529 | "key": "otherUser",
530 | "value": "Darth Veder"
531 | }
532 | ]
533 | }
534 | },
535 | "response": []
536 | },
537 | {
538 | "name": "List all Chat Messages",
539 | "request": {
540 | "method": "GET",
541 | "header": [
542 | {
543 | "key": "Content-Type",
544 | "value": "application/json"
545 | },
546 | {
547 | "key": "Origin",
548 | "value": "http://localhost:3000"
549 | }
550 | ],
551 | "body": {
552 | "mode": "raw",
553 | "raw": "{\n\t\"text\": \"hello\",\n\t\"toUser\":\"Darth Veder\"\n}"
554 | },
555 | "url": {
556 | "raw": "{{javulna_host}}/rest/messages/chatAll",
557 | "host": [
558 | "{{javulna_host}}"
559 | ],
560 | "path": [
561 | "rest",
562 | "messages",
563 | "chatAll"
564 | ]
565 | }
566 | },
567 | "response": []
568 | },
569 | {
570 | "name": "List buyable movieobjects",
571 | "request": {
572 | "method": "GET",
573 | "header": [],
574 | "body": {},
575 | "url": {
576 | "raw": "{{javulna_host}}/rest/movieobject",
577 | "host": [
578 | "{{javulna_host}}"
579 | ],
580 | "path": [
581 | "rest",
582 | "movieobject"
583 | ]
584 | }
585 | },
586 | "response": []
587 | },
588 | {
589 | "name": "Buy movie objects",
590 | "request": {
591 | "method": "PUT",
592 | "header": [
593 | {
594 | "key": "Content-Type",
595 | "value": "application/json"
596 | },
597 | {
598 | "key": "Origin",
599 | "value": "http://localhost:3000"
600 | }
601 | ],
602 | "body": {
603 | "mode": "raw",
604 | "raw": "{\n\t\"orderItems\": [{\n\t\t\t\"movieObjectId\": \"1\",\n\t\t\t\"nrOfItemsOrdered\": 1\n\t\t},\n\t\t{\n\t\t\t\"movieObjectId\": \"2\",\n\t\t\t\"nrOfItemsOrdered\": 2\n\t\t}\n\t]\n}"
605 | },
606 | "url": {
607 | "raw": "{{javulna_host}}/rest/order",
608 | "host": [
609 | "{{javulna_host}}"
610 | ],
611 | "path": [
612 | "rest",
613 | "order"
614 | ]
615 | }
616 | },
617 | "response": []
618 | },
619 | {
620 | "name": "Upload file",
621 | "request": {
622 | "method": "POST",
623 | "header": [
624 | {
625 | "key": "Content-Type",
626 | "value": "multipart/form-data",
627 | "disabled": true
628 | }
629 | ],
630 | "body": {
631 | "mode": "formdata",
632 | "formdata": [
633 | {
634 | "key": "file",
635 | "type": "file"
636 | }
637 | ]
638 | },
639 | "url": {
640 | "raw": "{{javulna_host}}/uploadFile",
641 | "host": [
642 | "{{javulna_host}}"
643 | ],
644 | "path": [
645 | "uploadFile"
646 | ]
647 | }
648 | },
649 | "response": []
650 | },
651 | {
652 | "name": "Download file",
653 | "request": {
654 | "method": "GET",
655 | "header": [],
656 | "body": {},
657 | "url": {
658 | "raw": "{{javulna_host}}/downloadFile?fileName=01.jpg",
659 | "host": [
660 | "{{javulna_host}}"
661 | ],
662 | "path": [
663 | "downloadFile"
664 | ],
665 | "query": [
666 | {
667 | "key": "fileName",
668 | "value": "01.jpg"
669 | }
670 | ]
671 | }
672 | },
673 | "response": []
674 | },
675 | {
676 | "name": "Find user in LDAP",
677 | "request": {
678 | "method": "GET",
679 | "header": [],
680 | "body": {},
681 | "url": {
682 | "raw": "{{javulna_host}}/rest/ldap?username=aladar&password=aradadal",
683 | "host": [
684 | "{{javulna_host}}"
685 | ],
686 | "path": [
687 | "rest",
688 | "ldap"
689 | ],
690 | "query": [
691 | {
692 | "key": "username",
693 | "value": "aladar"
694 | },
695 | {
696 | "key": "password",
697 | "value": "aradadal"
698 | }
699 | ]
700 | }
701 | },
702 | "response": []
703 | }
704 | ]
705 | }
--------------------------------------------------------------------------------