Chariot Training Classes

Training Courses

I run Chariot's training and mentoring services. We provide training in AngularJS, HTML5, Spring, Hibernate, Maven, Scala, and more.

Chariot Education Services

Technology

Chariot Emerging Tech

Learn about upcoming technologies and trends from my colleagues at Chariot Solutions.

Resources

Chariot Conferences

Podcasts

Entries in spring-roo (25)

Monday
Feb202012

Quizzo repo public

Against my better judgement, I made the repo public, so you can see my "progress" warts and all. Remember, this is a side effort for me and just for fun, so it's not going to look super-well organized, but here it is.

github.com/krimple/quizzo

 

Sunday
Feb192012

Quizzo in Roo, Securing Resources

Ok, so now we get to the fun parts. I wanted to hide sections of my pre-scaffolded user interface (all that crud crud) behind an admin interface, so that I could keep it around but completely sculpt a new UI for players and the quiz master.

To do this, we need to secure the resources. There are several things we need to do: moving the resources to an /admin/ URL, then securing them by path to ROLE_ADMIN, then conveniently hiding the menu items we don't want shown.

Moving the controllers and views to /admin/

This part was relatively straightforward. We first had to modify the @RequestMapping annotation and the @RooWebScaffold annotation to point the controllers to /admin/controllername, as I show with the QuizController below:

@RequestMapping("/admin/quizzes")
@Controller
@RooWebScaffold(path = "admin/quizzes", formBackingObject = Quiz.class)
public class QuizController {
}

_Note: I had to modify both - the views are generated with the @RooWebScaffold annotation, but the request mappings are generated with the @RequestMappingAnnotation

Side effect: you will now get new view/ directories in /admin/quiz rather than in /quiz... Copy your old ones accordingly if you made changes, blow them away if you didn't.

Securing URLs in Spring Security

Now that we've set up a path for all of our controllers, it's easy to secure them. Here's my protection URLs for the web site now:

    <http auto-config="true" use-expressions="true">
        <form-login login-processing-url="/resources/j_spring_security_check"
                    login-page="/login"
                    authentication-failure-url="/login?login_error=t" />
        <logout logout-url="/resources/j_spring_security_logout" />
        
        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/member/**" access="isAuthenticated()" />
        
        <intercept-url pattern="/resources/**" access="permitAll()" />
        <intercept-url pattern="/**" access="permitAll()" />
    </http>

As you see above, I've secured them using the new Spring Security 3.0 SPeL expressions hasRole('ROLE_NAME'), isAuthenticated() and permitAll(). The order is important here as Spring evaluates these from the top down, which is different from almost all Spring configuration elements. Keep that in mind when debugging.

We're going to allow everybody (for now) to access /member/ which is where I'm allowing people to register and play. Any role can do that, so I figure for now we'll ride with this.

Cleanup - fire up the Roo shell

You did remember to run the Roo shell when you started making these changes, right?

Fixing up our menus

Since Roo may have goofed up our menu URLs a bit if we did this wrong, go ahead and make sure all of your menu items are re-written correctly:

<menu:category id="c_vote" z="+l+uTi5AIPpdgfc7whLR5luw7eU=">
   <menu:item id="i_vote_new" messageCode="global_menu_new" 
              url="/admin/votes?form" z="user-managed"/>
   <menu:item id="i_vote_list" messageCode="global_menu_list"
              url="/admin/votes?page=1&amp;size=${empty param.size ? 10 : param.size}"
              z="user-managed"/>
</menu:category>

Hiding unsecured links

Now, we can wrap our links in role checks. First, add the security namespace tag:

<div ...
     xmlns:security="http://www.springframework.org/security/tags"
     id="menu" version="2.0">

And protect your URLs appropriately:

<security:authorize ifAnyGranted="ROLE_ADMIN">
  <menu:category id="c_vote" z="+l+uTi5AIPpdgfc7whLR5luw7eU=">
     <menu:item id="i_vote_new" messageCode="global_menu_new" 
                url="/admin/votes?form" z="user-managed"/>
     <menu:item id="i_vote_list" messageCode="global_menu_list"
                url="/admin/votes?page=1&amp;size=${empty param.size ? 10 : param.size}"
                z="user-managed"/>
  </menu:category>
</security:authorize>
Sunday
Feb192012

Quizzo in Roo - Security, SHA-256 and OS X

On OS X, there is no sha256sum utility, but a more generic one, shasum. This is good, but it takes standard input or a file, each of which will end up appending a newline on OS X.

Here was the workaround I found (thank you to this Stack Overflow thread).

echo -n passwd|shasum -a256

The -n flag strips the newline. The value I got for 'passwd' was 0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fb. Next, you can put the secure hash in applicationContext-security.xml like this:


<authentication-provider>
    <password-encoder hash="sha-256" />
    <user-service>
        <user name="admin"
          password="0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fb"
          authorities="ROLE_ADMIN,ROLE_USER" />
        <user name="user"
          password="0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fb" 
          authorities="ROLE_USER" />
    </user-service>
</authentication-provider>

On Unix systems, you'll be able to use sha256sum, presumably with the same echo -n input.

Sunday
Feb192012

Quizzo in Roo, truth be told

Truth be told, I've spent so much time running a training practice, writing a book and dealing with Rails apps that my brain needed a bit of adjustment to long-form, more than one day coding assignments. I tried to start with a simple JPA/hibernate model, but the mental feedback loop, even with Roo at the helm, was too slow for me.

(Remember, I am on a two week deadline right now to write two presentations AND get the quiz working if I have a shot at this. So I am trying to control a flailing feeling. And thinking that I'm only doing one presentation next time.)

I went through three stages of thought before writing this down:

Stage 1 - Let's focus on the model

I figured that the data was key, and that I could model from the database up. I ended up floundering after a few hours of this, realizing that we have two problems here - the model of the quiz structure, and dealing with running instances of the quiz, recording answers, and reporting results.

The results were rather throwaway, so I won't bore you with them.

So, I went to Stage 2

Stage 2 - Go all design-patterny on it

Ok, focus on the objects and the in-memory model. That was a great turn, as it got me thinking about the contracts, building up the objects, etc. I figured I could have a Quiz in-memory model, and that I could build it using a builder. So I spent time writing up builders that looked something like this:

package com.chariot.games.quizzo.model.quiz;

public class QuestionBuilder {
  
  Question question;
  public QuestionBuilder() {
    question = new Question();
  }
  
  public QuestionBuilder title(String title) {
    question.setTitle(title);
    return this;
  }
  
  public QuestionBuilder choice(Choice choice) {
    question.getChoices().add(choice);
    return this;
  }
  
  public Question asQuestion() {
    return question;
  }
}

Then I could use the builder in tests, ala:

  @Test
  public void testBuildQuestionWithBooleanAnswer() 
     throws CloneNotSupportedException {

    Question q = new QuestionBuilder()
                  .title("Studies say people are crazy.")
                  .choice(new ChoiceBuilder()
                          .booleanChoice(true)
                          .text("They are crazy")
                          .asChoice()
                  ).asQuestion();

      assertEquals("Studies say people are crazy.", q.getTitle());
      assertEquals(1, q.getChoices().size());
      assertEquals("They are crazy", q.getChoices().get(0).getAnswerText());

      assertEquals(BooleanChoice.class, q.getChoices().get(0).getClass());

      Question q2 = q.clone();
      assertEquals(q2, q);
      assertNotSame(q2, q);
  }

Stage 3 - Prototype quickly on paper, models again

But in the end, what I really need is a quiz definition, with questions, etc., and I need to persist them at some point. So, it was fun, and helped me understand the relationships, but back to JPA.

My model so far...

Ok, so far I have the following model elements:

@RooJavaBean
@RooToString
@RooJpaActiveRecord
public class Choice {

    @NotNull
    @Size(max = 300)
    private String text;

    @NotNull
    private Boolean correct;

    @NotNull
    @ManyToOne
    private Question question;
}

@RooJavaBean
@RooToString
@RooJpaActiveRecord
public class Question {

    @ManyToOne
    private Quiz quiz;

    @NotNull
    @Size(max = 300)
    private String text;

    @OneToMany(cascade = CascadeType.ALL)
    private Set<Choice> choices = new HashSet<Choice>();
}

@RooJavaBean
@RooToString
@RooJpaActiveRecord
public class Quiz {

    @NotNull
    @Size(max = 200)
    private String title;

    @NotNull
    @Size(max = 500)
    private String description;

}

@RooJavaBean
@RooToString
@RooJpaActiveRecord
public class Team {

    @NotNull
    @Size(max = 80)
    private String name;

    @NotNull
    private String mission;

    @ElementCollection
    private List<TeamMember> teamMembers;
}

@RooJavaBean
@RooToString
@Embeddable
public class TeamMember {

    @NotNull
    @Size(max = 40)
    private String name;
}

Did I mention - Git branches are cheap?

Git is great for things like this - since it keeps versions and branches within your .git database directory, you can branch and merge at will, and then push the repository updates when you are ready.

Sunday
Feb192012

Quizzo in Roo, Introduction

We at Chariot have this awesome internal conference we call Chariot Day. We get to dish on the latest things that turn us all on, technically.

I am working on two presentations - one on Roo add-ons that will be a pre-cursor to the ETE presentation, and another on my favorite dynamic language platform, Grails, describing what is new in the 2.x version of the framework (hint: a lot, but mostly it's to make your life super easy and productive).

I also heard that we were resurrecting a quizzo game from the last Chariot Day. Rather than use the same quiz program again, I figured I'd take a stab at writing one (heck, if I fail, we can just use the old one).

This is a series of blog posts about trying to use Roo rapid-style to build up a quiz system in less than three (ok two) weeks. I'll be outlining some of the lessons learned and tips and tricks along the way. These promise to be short blog entries, all tagged with quizzo-in-roo so you can find them in one bunch.

Update: there are two links to help you through this at the moment:

Ken

 

Page 1 ... 1 2 3 4 5