Category Archives: REST

How to use Spring Security in web application – Part VIII

In this post, we will show how to use Spring Boot Security to login, authorization based on user role, log out, and error handling.

We will be discussing the following use case

  1. A user accesses a home page for an application.
  2. A user enters credentials
  3. If correct credentials, we create a session and verifies the user role. User with USER role sees the user profile page. User with ADMIN role sees the list of users page.
  4. Incorrect credentials, the user will see the login screen once again to enter credentials.
  5. A user clicks on logout, the session is deleted and the user is redirected to the login page.
  6. If a user (of any role) tries to login after logout, the user should be redirected to the appropriate page
  7. In a scenario where a user is neither USER nor ADMIN, he is redirected to the error page
  8. Handling of CSRF token

To completely understand this post, make sure you have gone through my other posts on the Spring Boot series.

  1. Spring Boot REST CRUD API
  2. Swagger Documentation
  3. User Interface using AngularJS

 

Database changes

Since this post involves authorization for users, we have to do some database changes. We will add a couple of tables and respective model classes in our REST API modification.

  • Table role
  • Table user_role

create table role (id int(11) auto_increment primary key not null, role varchar(255) )

create table user_role (user_id int(11) primary key not null, role_id int(11) primary key not null))

user_role the table helps to maintain a many-to-many relationship between the user and role table. We will have only two roles for demo purposes, USER and ADMIN.

Another change we have done in table user is that we have added a field called password_hash to store password set by user/administrator for a user to login. We will be storing a hash password value of the original password that the user will set.

Dependencies

Since we will be using Spring-security for authentication and authorization purposes, we will add the dependency for spring security as follows:

<dependency>   

<groupId>org.springframework.boot</groupId>   

<artifactId>spring-boot-starter-security</artifactId>

</dependency>

Controllers and Web Layer

Other than those changes mentioned, we will demonstrate this post in top-down fashion rather than bottom-up fashion.

So for the web layer, we will define a new controller LoginController and modify our existing MainController.

package com.betterjavacode.benefits.controller;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import com.betterjavacode.benefits.entities.User;
import com.betterjavacode.benefits.interfaces.UserManager;

/**
*
* @author Yogesh Mali
*
*/
@Controller
public class LoginController {

public static final Logger LOGGER = LogManager.getLogger(LoginController.class);

@Autowired
UserManager userManager;

/**
*
* @param model
* @return
*/
@RequestMapping(value = "/user", method = RequestMethod.GET)
public String userpage(Model model) 
{
  LOGGER.info(" Enter >> userpage() ");
  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  String name = auth.getName();
  User user = userManager.findUserByEmail(name);
  model.addAttribute("name", user.getFirstname());
  model.addAttribute("userid", user.getId());
  LOGGER.info(" Exit << userpage() ");
  return "user";
}

/**
*
* @return
*/
@RequestMapping(value = { "/login" })
public String login() {
  return "login";
}

/**
*
* @return
*/
@RequestMapping(value = "/403", method = RequestMethod.GET)
public String Error403() {
  return "403";
}
}

As shown in this controller, we have defined a user page, a login page, and an error page (403). A user with the role of either USER or ADMIN or both can access a user page which shows that logged in user’s profile.

Every user irrespective of roles will see the login page for authentication. If there are any errors during authentication or authorization, the user will see an error page displaying access denied page (403).

Source code for login page is as below:

<!DOCTYPE html><!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head> <title>Benefits Application</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" /> <link rel="stylesheet" type="text/css" th:href="@{/css/login.css}" />  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script></head>
<body>
<div class="container"> <form th:action="@{/login}" method="POST" class="form-signin">
<h3 class="form-signin-heading" th:text="Welcome"></h3>
<input type="text" id="email" name="username"  th:placeholder="Email" class="form-control" style="width:350px"/>
<input type="password"  th:placeholder="Password" id="password" name="password" class="form-control" style="width:350px"/>
<div align="center" th:if="${param.error}">
<p style="font-size: 20; color: #FF1C19;">Email or Password invalid, please verify</p>

</div>
<button class="btn btn-lg btn-primary btn-block" name="Submit" value="Login" type="Submit" th:text="Login" style="width:350px"></button> </form></div>
</body></html>

This login page shows a simple form to input username (email) and password and process that authentication using spring-security database authentication method.

@RequestMapping(value = "/home", method = RequestMethod.GET)
public String homepage(Model model) 
{
  LOGGER.info(" Enter >> homepage() ");
  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  String name = auth.getName();
  User user = userManager.findUserByEmail(name);
  model.addAttribute("name", user.getFirstname());
  LOGGER.info(" Exit << homepage() ");
  return "index";
}

Changes in MainController are about an authenticated user and passing that user’s first name to model to display in HTML page. UserManager in the service layer has been enhanced to return a user based on username (which is email). We have also added an email to be unique as a constraint in the database.

User page for a user with role USER is nothing but a user profile information that he can edit and update any time.

<html ng-app="benefitApp"><html ng-app="benefitApp"><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Benefit Application</title><script>document.write('<base href="' + document.location + '" />');</script> <link rel="stylesheet" href="/css/bootstrap.css" /><script src="https://code.angularjs.org/1.6.1/angular.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.1/angular-route.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.1/angular-resource.js"></script><script type="text/javascript" src="./js/app.js"></script></head><body ng-controller="UserCtrl">Hello
<p th:text="${name}"></p>

<div>
<ul class="menu">
<li><a th:href="@{'userProfile/' + ${userid}}">Profile</a></li>
</ul>
<div ng-view="ng-view"></div>
</div>
<div class="input-group">
<div class="controls">    <a ng-click="logout()" class="btn btn-small">Logout</a></div>
</div>
</body></html>

Authentication

Now we have the application ready with all the required backend details for adding the authentication part. Remember we are using spring-security for authentication and authorization of an application.

package com.betterjavacode.benefits;

import javax.sql.DataSource;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@ComponentScan("com.betterjavacode.benefits.services")
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

public static final Logger LOGGER = LogManager.getLogger(SecurityConfig.class);

@Autowired
private SimpleAuthenticationSuccessHandler loginSuccess;

@Autowired
private LogoutSuccess logoutSuccess;

@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;

@Autowired
private DataSource dataSource;

@Value("${spring.queries.users-query}")
private String usersQuery;

@Value("${spring.queries.roles-query}")
private String rolesQuery;

@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
LOGGER.info(" Enter >> configureGlobal() ");
auth.jdbcAuthentication()
.usersByUsernameQuery("select email,password_hash,enabled from user where email=?")
.authoritiesByUsernameQuery("select u.email,r.role from user u inner join user_role ur on(u.id=ur.user_id) inner join role r on(r.id=ur.role_id) where u.email=?")
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
LOGGER.info(" Exit << configureGlobal() ");
}

/**
* Handle Login - Authentication and Redirection
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/home")
.hasAuthority("ADMIN")
.antMatchers("/user")
.hasAnyAuthority("USER", "ADMIN")
.and()
.formLogin()
.loginPage("/login")
.successHandler(loginSuccess)
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccess)
.deleteCookies("JSESSIONID")
.invalidateHttpSession(false)
.permitAll()
.and()
.exceptionHandling()
.accessDeniedPage("/403");

}

/**
* Exclude resources from user-access
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");
}
}

What’s happening in this code?

  • When a user with role ADMIN or USER calls either /home or /user pages respectively, the user will need to log in.
  • Once the user inputs credentials, validation of credentials happens against the JDBC database authentication mechanism provided by spring-security.
  • If a user of the role USER tries to access the ADMIN home page, the user sees an error 403 page. Authentication Success Handler handles the redirection strategy.
  • If the user clicks the LOGOUT button on the page he is on, the session gets deleted and the user logs out of the application. The user will see the login page. All the cookies will be deleted. Logout Success Handler handles the redirection.

 

Changes in AngularJS User Interface Controller

As shown in user.html page, once the user with role USER is logged in, he sees URL for his profile information. If a user clicks this URL, the user sees his or her profile information. This page has a controller called UserCtrl which basically handles the logout on this initial page. User Profile is shown on userprofile.html page which has singleusercontroller. This angular js controller handles updating user profile information or logout. The github repository contains the rest of the code.

Handling CSRF Token

There are two ways we can handle Cross-Site Request Forgery token in the Spring application. The first way is by disabling this token generation. This is not a recommended approach as this put your application to possible CSRF security attacks for hackers. If you are just doing this for demo purposes, you can disable this in SecurityConfig.java by calling http.csrf().disable().

As Spring points out, a request coming through browsers should contain CSRF Protection.

We will be using spring security to handle CSRF token on the server-side rather than on the client-side.  So every request that comes to the server, we will add a CSRF token and then verified. Angular JS verifies the cookie for the CSRF token before a user can post any request.

Add a CSRF Filter Class

We will add a filter that will handle setting of CSRF token in a cookie. Angular JS expects a cookie name to be as XSRF-TOKEN. This class will look like below:

public class CSRFHeaderFilter extends OncePerRequestFilter {

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException 
{
  CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
  if (csrf != null) 
  {
    Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
    String token = csrf.getToken();
    if (cookie == null || token != null && !token.equals(cookie.getValue())) 
    {
      cookie = new Cookie("XSRF-TOKEN", token);
      cookie.setPath("/");
      response.addCookie(cookie);
    }
  }
  filterChain.doFilter(request, response);
}

}

Now we will enable csrf token in SecurityConfig as shown below

.and()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(new CSRFHeaderFilter(), CsrfFilter.class);

What is csrfTokenRepository?

We tell spring-security to expect CSRF token in the format that Angular wants to send it back , a header called X-XSRF-TOKEN instead of default X-CSRF-TOKEN. With these changes, we don’t have to do anything on client side.

private CsrfTokenRepository csrfTokenRepository() 
{
  HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
  repository.setHeaderName("X-XSRF-TOKEN");
  return repository;
}

Demo

In this post, we showed how to use spring security for authentication and authorization. Now we will show how to run the application. Once the application is built and run from eclipse, access the page https://localhost:8443/home , we will see below screen:

Using Spring Security in web application - login screenIt will be the same screen if you access https://localhost:8443/user. Now if we enter credentials of an admin user, we will see below screen:

User screen will be as below:

If you click logout, it will log the user out and show login screen again. In this way, we showed how we can use spring security for authentication and authorization. Code for this is available at Github repository.

References

  1. Spring Boot Security
  2. Login Page Angular JS and Spring Security

 

Producing and Consuming SOAP Webservice with Spring Boot – Part V

In this post, we will describe how to create a SOAP webservice from our existing Spring Boot REST API. In the last few posts, we have covered the following

  1. Spring Boot REST CRUD API – Part I
  2. Swagger Documentation for Spring Boot REST API – Part II
  3. Error Handling and logging in Spring Boot REST API – Part III
  4. Consuming RESTful Webservice – Part IV

This SOAP webservice will provide us user data from the database which is we have connected through Spring-data in Spring REST API.

1. Requirements

  1. Eclipse Mars2
  2. Maven 3.1 and above
  3. Spring 1.4 and above
  4. Java 7
  5. Tomcat 8

2. SOAP Web Service

We will use our existing Spring Boot REST API to build an application that will act as a SOAP web service to provide users data. For a given user id, web service will return user data.

Let’s create a schema file in src/main/resources directory and maven will create java classes based on this schema file.


<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="https://betterjavacode.com/benefits/soap" targetNamespace="https://betterjavacode.com/benefits/soap" elementFormDefault="qualified">
	<xs:element name="getUserRequest">
		<xs:complexType>
			<xs:sequence>
				<xs:element name="id" type="xs:int"/>
			</xs:sequence>
		</xs:complexType>
	</xs:element>
	<xs:element name="getUserResponse">
		<xs:complexType>
			<xs:sequence>
				<xs:element name="user" type="tns:user"/>
			</xs:sequence>
		</xs:complexType>
	</xs:element>
	<xs:complexType name="user">
		<xs:sequence>
			<xs:element name="id" type="xs:int"/>
			<xs:element name="firstname" type="xs:string"/>
			<xs:element name="middlename" type="xs:string"/>
			<xs:element name="lastname" type="xs:string"/>
			<xs:element name="username" type="xs:string"/>
			<xs:element name="createdate" type="xs:date"/>
			<xs:element name="jobtitle" type="xs:string"/>
			<xs:element name="email" type="xs:string"/>
		</xs:sequence>
	</xs:complexType>
</xs:schema>

 

3. Update Maven dependencies

Now to generate classes from schema, we have to make sure we have all the right dependencies in our pom.xml. We will also add spring boot service dependency to create a SOAP web service.


<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>com.betterjavacode</groupId>
 <artifactId>Benefits</artifactId>
 <packaging>war</packaging>
 <version>0.0.1-SNAPSHOT</version>
 <name>Benefits Maven Webapp</name>
 <url>http://maven.apache.org</url>
 <parent>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-parent</artifactId>
 <version>1.4.2.RELEASE</version>
 </parent>
 <dependencies>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web</artifactId>
 </dependency>
<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-data-jpa</artifactId>
 </dependency>
 <dependency>
 <groupId>mysql</groupId>
 <artifactId>mysql-connector-java</artifactId>
 <scope>runtime</scope>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-jdbc</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-test</artifactId>
 </dependency>
 <dependency>
 <groupId>org.slf4j</groupId>
 <artifactId>slf4j-api</artifactId>
 </dependency>
 <dependency>
 <groupId>io.swagger</groupId>
 <artifactId>swagger-jersey2-jaxrs</artifactId>
 <version>1.5.12</version>
 </dependency>
 <dependency>
 <groupId>io.springfox</groupId>
 <artifactId>springfox-swagger2</artifactId>
 <version>2.6.1</version>
 <scope>compile</scope>
 </dependency>
 <dependency>
 <groupId>io.springfox</groupId>
 <artifactId>springfox-swagger-ui</artifactId>
 <version>2.6.1</version>
 <scope>compile</scope>
 </dependency>
 <dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-api</artifactId>
 </dependency>
 <dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-core</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web-services</artifactId>
 </dependency>
 <dependency>
 <groupId>wsdl4j</groupId>
 <artifactId>wsdl4j</artifactId>
 </dependency>
 <dependency>
 <groupId>javax.xml.bind</groupId>
 <artifactId>jaxb-api</artifactId>
 <version>2.1</version>
 </dependency>
 <dependency>
 <groupId>junit</groupId>
 <artifactId>junit</artifactId>
 <scope>test</scope>
 </dependency>
 </dependencies>
 <build>
 <plugins>
 <plugin>
 <artifactId>maven-compiler-plugin</artifactId>
 <version>3.3</version>
 <configuration>
 <source>1.8</source>
 <target>1.8</target>
 </configuration>
 </plugin>
 <plugin>
 <artifactId>maven-war-plugin</artifactId>
 <version>2.6</version>
 <configuration>
 <warSourceDirectory>WebContent</warSourceDirectory>
 <failOnMissingWebXml>false</failOnMissingWebXml>
 </configuration>
 </plugin>
 <plugin>
 <groupId>org.codehaus.mojo</groupId>
 <artifactId>jaxb2-maven-plugin</artifactId>
 <version>1.6</version>
 <executions>
 <execution>
 <id>xjc</id>
 <goals>
 <goal>xjc</goal>
 </goals>
 </execution>
 </executions>
 <configuration>
 <schemaDirectory>${project.basedir}/src/main/resources/</schemaDirectory>
 <outputDirectory>${project.basedir}/src/main/java</outputDirectory>
 <clearOutputDir>false</clearOutputDir>
 <schemaLanguage>WSDL</schemaLanguage>
 <generatePackage>com.betterjavacode.benefits.soap</generatePackage>
 <forceRegenerate>true</forceRegenerate>
 <scehmas>
 <schema>
 <url>http://localhost:8080/benefits/endpoints/users.wsdl</url>
 </schema>
 </scehmas>
 </configuration>
 </plugin>
 </plugins>
 <finalName>Benefits</finalName>
 </build>
 </project>

 

If we run the project with maven build now, the plugin jaxb2-maven-plugin will generate classes under com.betterjavacode.benefits.soap directory. It will also enable our wsdl SOAP url for users. This will generate following java objects

  • GetUserRequest
  • GetUserResponse
  • ObjectFactory
  • package-info
  • User

4. Defining the service

Next, we will define an interface for our service. This will look like below


package com.betterjavacode.benefits.services;

public interface UserAccountService
{
    public com.betterjavacode.benefits.soap.user.getUserDetails(int id);
}

Implementation of this service will be mapping out entity class User to generated class for soap service User. Using the id as a key to get user data from repository, we will map to soap service user. For post purposes, we will not show the implementation of this interface.

5. Creating the Service Endpoint

What is a service endpoint? When a SOAP request for defined URL is handled by Spring servlet, Spring servlet redirects that request to service endpoint. Service endpoint then processes that request to create a response. Our spring-boot-starter-web-services dependency will bring all the necessary classes for annotation purposes.


package com.betterjavacode.benefits.services.endpoints; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.ws.server.endpoint.annotation.Endpoint; 
import org.springframework.ws.server.endpoint.annotation.PayloadRoot; 
import org.springframework.ws.server.endpoint.annotation.RequestPayload; 
import org.springframework.ws.server.endpoint.annotation.ResponsePayload; 
import com.betterjavacode.benefits.services.UserAccountService; 
import com.betterjavacode.benefits.soap.GetUserRequest; 
import com.betterjavacode.benefits.soap.GetUserResponse; 
import com.betterjavacode.benefits.soap.User; 

@Endpoint 
public class UserAccountServiceEndpoint 
{ 
  // private static final String TARGET_NAMESPACE ="http://com/betterjavacode/benefits/webservices/useraccountservice";  
  private static final String TARGET_NAMESPACE =   "https://betterjavacode.com/benefits/soap"; 
  @Autowired private UserAccountService userAccountService; 
  @PayloadRoot(localPart = "getUserRequest", namespace = TARGET_NAMESPACE) 

  public @ResponsePayload GetUserResponse getUserRequest(@RequestPayload    GetUserRequest request) 
  {  
     GetUserResponse response = new GetUserResponse(); 
     User user = userAccountService.getUserDetails(request.getId()); 
     response.setUser(user); 
     return response; 
   } 
}

@Endpoint annotation allows the class to be defined as service endpoint and included in @Component annotation for scanning. Make sure the namespace defined in this class matches with XSD schema definition. Otherwise, you can run into error for “No Endpoint defined for“.

6. Configuration

Next, we will configure our configuration class to generate wsdl endpoint. This configuration class will be annotated by @EnableWs to provide web service configuration.


package com.betterjavacode.benefits;

import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.ws.config.annotation.EnableWs;
import org.springframework.ws.config.annotation.WsConfigurerAdapter;
import org.springframework.ws.transport.http.MessageDispatcherServlet;
import org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition;
import org.springframework.xml.xsd.SimpleXsdSchema;
import org.springframework.xml.xsd.XsdSchema;

@Configuration
@EnableWs
@ComponentScan("com.betterjavacode")
public class AppConfig extends WsConfigurerAdapter
{

    @Bean
	public ServletRegistrationBean messageDispatcherServlet(ApplicationContext applicationContext)
	{
		MessageDispatcherServlet servlet = new MessageDispatcherServlet();
		servlet.setApplicationContext(applicationContext);
		return new ServletRegistrationBean(servlet,"/benefits/endpoints/*");
	}

	@Bean(name="users")
	public DefaultWsdl11Definition defaultWsdl11Definition(XsdSchema usersSchema)
	{
		DefaultWsdl11Definition wsdl11definition = new DefaultWsdl11Definition();
		wsdl11definition.setPortTypeName("UserAccountService");
		wsdl11definition.setLocationUri("/endpoints");
		wsdl11definition.setTargetNamespace("http://com/betterjavacode/benefits/webservices/useraccountservice");
		wsdl11definition.setSchema(usersSchema);
		return wsdl11definition;
	}

	@Bean
	public XsdSchema usersSchema()
	{
		return new SimpleXsdSchema(new ClassPathResource("employees.xsd"));
	}
}

Few important points about this configuration class are

  • MessageDispatcherServlet is a required servlet to dispatch web service messages. We set this servlet with a bean to handle the URL from which request will be coming.
  • DefaultWsdl11Definition creates SOAP for the given XSD schema
  • XsdSchema provides an abstraction for our users XSD schema

7. Running the SOAP Webservice

Now build our project with maven. Run the spring boot application through eclipse to start the embedded tomcat server. Once the tomcat server starts, if we access url http://localhost:8080/benefits/endpoints/users.wsdl

Output in the browser will be as below

Here we showed how to create a simple SOAP webservice which we have combined with Spring Boot REST API service. We can also test this SOAP webservice using Soap UI, as shown in below screenshot

8. Consuming the SOAP web service

In previous steps, we showed how to produce a SOAP web service, now we will show how to consume this SOAP web service programmatically.

8.1 Create a client class

Under package com.betterjavacode.benefits.views, define a class UserClient which will extend a WebServiceGatewaySupport class. WebServiceGatewaySupport class provides web service methods.


package com.betterjavacode.benefits.views; 

import org.springframework.ws.client.core.support.WebServiceGatewaySupport; 
import org.springframework.ws.soap.client.core.SoapActionCallback; 
import com.betterjavacode.benefits.soap.GetUserRequest; 
import com.betterjavacode.benefits.soap.GetUserResponse; 

public class UserClient extends WebServiceGatewaySupport 
{

   public GetUserResponse getUserById(int userid) 
   { 
      GetUserRequest userrequest = new GetUserRequest(); userrequest.setId(userid); 
      GetUserResponse response = (GetUserResponse) getWebServiceTemplate().marshalSendAndReceive(userrequest, new SoapActionCallback("http://localhost:8080/benefits/endpoints/getUserResponse"));  
      return response;  
    }  
}

8.2 Configure the client for Spring Bean support

We will configure Jaxb2Marshaller to support JAXB to set context path. This will help us marshal and unmarshal our xml request and response through.


package com.betterjavacode.benefits.views; 

import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.oxm.jaxb.Jaxb2Marshaller; 

@Configuration 
public class ClientAppConfig 
{ 

   @Bean 
   public Jaxb2Marshaller marshaller() 
   {  
       Jaxb2Marshaller marshaller = new Jaxb2Marshaller(); 
       marshaller.setContextPath("com.betterjavacode.benefits.soap"); 
       return marshaller;  
    } 
    
    @Bean 
    public UserClient userClient(Jaxb2Marshaller marshaller)  
    {  
        // WSDL URL - http://localhost:8080/benefits/endpoints/users.wsdl 
        UserClient uc = new UserClient(); 
        uc.setDefaultUri("http://localhost:8080/benefits/endpoints/users.wsdl"); 
        uc.setMarshaller(marshaller);  
        uc.setUnmarshaller(marshaller);
        return uc; 
     }  
}

8.3 Run the SOAP web service client

We will define a class with the main method to pass an argument of user id. Our client will call the web service with a passed argument to return the data if that user id exists in the database.

9. Conclusion

In this article, we showed how to create a SOAP web service and how to build a client to consume the same SOAP web service using Spring Boot. The code for this is available at github

10. References

  1. Spring Web services tutorial
  2. SOAP Web service producer and consumer
  3. Consuming a web service in java and SOAP UI

 

How To – Spring Boot CRUD Rest API Example – Part I

As part of this post, we will learn how to write a CRUD Rest API using Spring Boot. Spring boot provides some cool features to create a production-ready Spring application that can be deployed as a war file on any environment. This will be a series of posts, but we will start with the creation of a simple REST API.

What you’ll need 

  1. Eclipse Mars.2 Release
  2. Java version 1.8
  3. MySQL 5.0 or higher
  4. Maven 3.0 or higher

What we’ll cover 

In this article, we will cover the following items

  1. Create a Maven project
  2. Assemble pom file for all dependencies
  3. Create entity classes
  4. Business logic to handle data
  5. A REST controller
  6. Run the API in tomcat

Create a Maven project

As the first step, let’s create a maven project in eclipse. You can create this by going into File > New > Maven Project.

Select an Archtype as maven-archtype-webapp.

Enter artifactid as benefits and groupid as com.betterjavacode

Assemble pom file for all dependencies

We will be using spring-boot and all the required dependencies including spring-data. Spring data JPA provides a lot of useful enhancements that you can seamlessly use with spring-boot project. Spring-data will cover the data access layer which basically implements persistence. Once we use spring-data, we don’t have to add any external hibernate or eclipselink JPA APIs. Also, some of the data access repositories provided by spring-data make implementing data access layer code less worrisome.

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>com.betterjavacode</groupId>
 <artifactId>Benefits</artifactId>
 <packaging>war</packaging>
 <version>0.0.1-SNAPSHOT</version>
 <name>Benefits Maven Webapp</name>
 <url>http://maven.apache.org</url>
 <parent>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-parent</artifactId>
 <version>1.4.2.RELEASE</version>
 </parent>
 <dependencies>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web</artifactId>
 </dependency>

 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-data-jpa</artifactId>
 </dependency>
 <dependency>
 <groupId>mysql</groupId>
 <artifactId>mysql-connector-java</artifactId>
 <scope>runtime</scope>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-jdbc</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-test</artifactId>
 </dependency>
 <dependency>
 <groupId>org.slf4j</groupId>
 <artifactId>slf4j-api</artifactId> 
 </dependency>
 <dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-api</artifactId>
 </dependency>
 <dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-core</artifactId>
 </dependency>
 <dependency>
 <groupId>junit</groupId>
 <artifactId>junit</artifactId>
 <scope>test</scope>
 </dependency>
 </dependencies>
 <build>
 <plugins>
 <plugin>
 <artifactId>maven-compiler-plugin</artifactId>
 <version>3.3</version>
 <configuration>
 <source>1.8</source>
 <target>1.8</target>
 </configuration>
 </plugin>
 <plugin>
 <artifactId>maven-war-plugin</artifactId>
 <version>2.6</version>
 <configuration>
 <warSourceDirectory>WebContent</warSourceDirectory>
 <failOnMissingWebXml>false</failOnMissingWebXml>
 </configuration>
 </plugin>
 </plugins>
 <finalName>Benefits</finalName>
 </build>
</project>

Create entity classes

We will be creating a rest API for Benefits service which will have companies and users as main objects. We are only covering basic data model classes at the moment, but as part of the series, we will develop a web application. Each company will have a company profile and each user will user profile. So we will have four basic entities Company, CompanyProfile, User, UserProfile.

package com.betterjavacode.benefits.entities;

import java.io.Serializable;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.OneToOne;
import javax.persistence.Table;

@Entity(name = "Company")
@Table(name = "company")
public class Company implements Serializable {

/**
*
*/
private static final long serialVersionUID = 1L;

public Company() {

}

@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int id;

@Column
private String name;

@Column
private int statusid;

@OneToOne(cascade = CascadeType.PERSIST, fetch = FetchType.EAGER)
@JoinColumn(name = "companyprofileid")
private CompanyProfile cp;

@Column
private String type;

@Column
private String ein;

public int getId() {
return id;
}

public void setId(int id) {
this.id = id;
}

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

public int getStatusid() {
return statusid;
}

public void setStatusid(int statusid) {
this.statusid = statusid;
}

public CompanyProfile getCp() {
return cp;
}

public void setCp(CompanyProfile cp) {
this.cp = cp;
}

public String getType() {
return type;
}

public void setType(String type) {
this.type = type;
}

public String getEin() {
return ein;
}

public void setEin(String ein) {
this.ein = ein;
}

}

package com.betterjavacode.benefits.entities;

import java.io.Serializable;
import java.util.Date;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.OneToOne;
import javax.persistence.Table;

@Entity(name = "User")
@Table(name = "user")
public class User implements Serializable {

/**
*
*/
private static final long serialVersionUID = 1L;

public User() {

}

@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int id;

@Column
private Date createdate;

@Column
private String email;

@Column
private String firstname;

@Column
private String middlename;

@Column
private String lastname;

@Column
private String username;

@Column
private String jobtitle;

@OneToOne(cascade = CascadeType.PERSIST, fetch = FetchType.EAGER)
@JoinColumn(name = "userprofileid")
private UserProfile userprofile;

public int getId() {
return id;
}

public void setId(int id) {
this.id = id;
}

public Date getCreatedate() {
return createdate;
}

public void setCreatedate(Date createdate) {
this.createdate = createdate;
}

public String getEmail() {
return email;
}

public void setEmail(String email) {
this.email = email;
}

public String getFirstname() {
return firstname;
}

public void setFirstname(String firstname) {
this.firstname = firstname;
}

public String getMiddlename() {
return middlename;
}

public void setMiddlename(String middlename) {
this.middlename = middlename;
}

public String getLastname() {
return lastname;
}

public void setLastname(String lastname) {
this.lastname = lastname;
}

public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;
}

public String getJobtitle() {
return jobtitle;
}

public void setJobtitle(String jobtitle) {
this.jobtitle = jobtitle;
}

public UserProfile getUserprofile() {
return userprofile;
}

public void setUp(UserProfile up) {
this.userprofile = up;
}

}

Business logic to handle the data

Part of our architecture for REST API, we will have the following three layers

  1. Rest layer
  2. Business object layer
  3. Data access layer

So in the Business object layer, we will implement all the managers which will handle the processing of rest requests to create, update, read, or delete the data. In subsequent posts, we will enhance this layer to handle logging, error handling, and more.

package com.betterjavacode.benefits.managers;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;

import com.betterjavacode.benefits.entities.User;
import com.betterjavacode.benefits.interfaces.UserManager;
import com.betterjavacode.benefits.repositories.UserRepository;

public class UserManagerImpl implements UserManager {

private UserRepository userRepository;

@Autowired
public void setUserRepository(UserRepository userRepository) {
this.userRepository = userRepository;
}

@Override
public User createUser(User u) {
if (u != null) {
User user = userRepository.save(u);
return user;
} else {
return null;
}
}

@Override
public User updateUser(User u) {
// TODO Auto-generated method stub
return null;
}

@Override
public User getUser(int id) {
User user = userRepository.findOne(id);
if (user == null) {
return null;
}
return user;
}

@Override
public List getAllUsers() {
List userList = (List) userRepository.findAll();
return userList;
}

@Override
public void deleteUser(int guid) {
// TODO Auto-generated method stub
User user = userRepository.findOne(guid);
if (user == null) {
return;
}
userRepository.delete(user);
}

}

A REST controller

One of the best uses of Spring boot is to create rest API and the feature it offers for the same is to use the REST controller. Spring-boot offers an annotation for the same as @RestController.

package com.betterjavacode.benefits.controller;

import java.util.List;

import javax.ws.rs.core.Response;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.betterjavacode.benefits.entities.User;
import com.betterjavacode.benefits.interfaces.UserManager;

@RestController
@RequestMapping("benefits/v1")
public class UserService {

@Autowired
UserManager userMgr;

@RequestMapping(value = "/users/", method = RequestMethod.POST)
public User createUser(User user) {
User u = userMgr.createUser(user);
return u;
}

@RequestMapping(value = "/users/{id}", method = RequestMethod.GET)
public User getUser(@PathVariable("id") int id) {
User u = userMgr.getUser(id);
return u;
}

@RequestMapping(value = "/users/", method = RequestMethod.GET)
public List getAllUsers() {
List cList = userMgr.getAllUsers();
return cList;
}

@RequestMapping(value = "/users/", method = RequestMethod.PUT)
public User updateUser(User user) {
User u = userMgr.updateUser(user);
return u;
}

@RequestMapping(value = "/users/{id}", method = RequestMethod.DELETE)
public Response deleteUser(@PathVariable("id") int id) {
userMgr.deleteUser(id);
return Response.status(Response.Status.OK)
.build();
}
}

package com.betterjavacode.benefits.controller;

import java.util.List;

import javax.ws.rs.core.Response;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.betterjavacode.benefits.entities.Company;
import com.betterjavacode.benefits.interfaces.CompanyManager;

@RestController
@RequestMapping("benefits/v1")
public class CompanyService {

@Autowired
CompanyManager compMgr;

@RequestMapping(value = "/companies/", method = RequestMethod.POST)
public Company createCompany(Company company) {
Company c = compMgr.createCompany(company);
return c;
}

@RequestMapping(value = "/companies/{id}", method = RequestMethod.GET)
public Company getCompany(@PathVariable("id") int id) {
Company c = compMgr.getCompany(id);
return c;
}

@RequestMapping(value = "/companies/", method = RequestMethod.GET)
public List getAllCompanies() {
List cList = compMgr.getAllCompanies();
return cList;
}

@RequestMapping(value = "/companies/", method = RequestMethod.PUT)
public Company updateCompany(Company company) {
Company c = compMgr.updateCompany(company);
return c;
}

@RequestMapping(value = "/companies/{id}", method = RequestMethod.DELETE)
public Response deleteCompany(@PathVariable("id") int id) {
compMgr.deleteCompany(id);
return Response.status(Response.Status.OK)
.build();
}
}

Run the API in tomcat

We are using embedded tomcat in this Spring-boot project. So once we are done building and installing the code through maven, we can run the project through eclipse or standalone war file in tomcat. For our demo purposes, we will run this application through the eclipse, which will start embedded tomcat.

If we execute the URL http://localhost:8080/benefits/v1/users/1 – it will display JSON for user data as below

You can find the source code for this project Github Repository.