DEVHIDE
Login Or Sign up

Spring CrudRepository save() doesn't POST, as it thinks its parameter is null

707 Views Asked by At

I'm using Spring Rest 4 (spring-boot-starter-data-jpa, spring-boot-starter-data-rest, spring-boot-starter-security) and using CrudRepository to access my Org data. The GET and PUT work OK, but my POST keeps seeing a null object from the browser.

Here is an abridged version of the reported error:

2017-08-30 06:27:00.049 ERROR 1312 --- [nio-8080-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is javax.validation.ConstraintViolationException: Validation failed for classes [com.logicaltiger.exchangeboard.model.Org] during persist time for groups [javax.validation.groups.Default, ]
List of constraint violations:[
    ConstraintViolationImpl{interpolatedMessage='may not be null', propertyPath=userId, rootBeanClass=class com.logicaltiger.exchangeboard.model.Org, messageTemplate='{javax.validation.constraints.NotNull.message}'}
    ConstraintViolationImpl{interpolatedMessage='may not be empty', propertyPath=address1, rootBeanClass=class com.logicaltiger.exchangeboard.model.Org, messageTemplate='{org.hibernate.validator.constraints.NotEmpty.message}'}
    ...
] with root cause

javax.validation.ConstraintViolationException: Validation failed for classes [com.logicaltiger.exchangeboard.model.Org] during persist time for groups [javax.validation.groups.Default, ]
List of constraint violations:[
    ConstraintViolationImpl{interpolatedMessage='may not be null', propertyPath=userId, rootBeanClass=class com.logicaltiger.exchangeboard.model.Org, messageTemplate='{javax.validation.constraints.NotNull.message}'}
    ConstraintViolationImpl{interpolatedMessage='may not be empty', propertyPath=address1, rootBeanClass=class com.logicaltiger.exchangeboard.model.Org, messageTemplate='{org.hibernate.validator.constraints.NotEmpty.message}'}
    ...
]

Here is an abridged version of what is being sent from the browser (Javascript):

$("#OrgPostBtn").click(function() {
    $.ajax({
        url: "/org",
        type: "POST",
        data: JSON.stringify({  provider: true, name: 'Org NEW', address1: 'Address 24',  [SNIP],  userId: 2 }),
        contentType: "application/json; charset=utf-8",
        headers: createAuthorizationTokenHeader(),
        dataType: "json",
        success: function (data, textStatus, jqXHR) {
            console.log("success: data: " + data + ", textStatus: " + textStatus + ", jqXHR: " + jqXHR);
        },
        error: function (jqXHR, textStatus, errorThrown) {
            console.log("error: jqXHR: " + jqXHR + ", textStatus: " + textStatus);
        }
    });
});

Here is the repository:

@RepositoryRestResource(path="org")
public interface OrgRepository extends CrudRepository<Org, Long> {

    @Override
    @PostAuthorize("returnObject.userId == principal.id || hasRole('ROLE_ADMIN')")
    public Org findOne(@Param("id") Long id);

    @Override
    @PostFilter("filterObject.user_id == principal.id || hasRole('ROLE_ADMIN')")
    public Iterable<Org> findAll();

}

And here is an abridged version of Org:

@Entity
@Table(name="org")
public class Org implements Serializable {
    private static final long serialVersionUID = -2808050088097500043L;

    @Id
    @Column(name="id")
    @GeneratedValue(strategy=GenerationType.AUTO)
    private Long id = Utilities.INVALID_ID;

    @Column(name="provider", nullable=false)
    @NotNull
    private boolean provider;

    @Column(name="name", length=100, nullable=false)
    @NotEmpty
    @Size(max=100)
    private String name;

    @Column(name="address1", length=50, nullable=false)
    @NotEmpty
    @Size(max=50)
    private String address1;

    @Column(name="user_id", nullable=false)
    @NotNull
    private Long userId;

    [SNIP]
}

So I'm doing no special handling of PUT or POST, and the PUT is handled OK. But my POST data isn't being recognized.

This is actually a degraded version of my original problem, that @PreAuthorize() or @PostAuthorize was seeing a null #entity from:

@Override
@SuppressWarnings("unchecked")
@PreAuthorize("#entity.userId == principal.id || hasRole('ROLE_ADMIN')")
public Org save(@Param("entity") Org entity);

So... I'm annotating the save argument(@Param), or I don't have an overriden save() at all. The program thinks I'm trying to POST a null object.

How do I fix this using the CrudRepository?

Thanks in advance,

Jerome.

spring-security spring-data-jpa spring-el spring-rest
Original Q&A
1

There are 1 best solutions below

0
On

I've figured out how to configure this repository for PUT and POST. On post-authorization use returnObject, like so:

@RepositoryRestResource(path="org")
public interface OrgRepository extends CrudRepository<Org, Long> {

    @Override
    @PostAuthorize("returnObject.userId == principal.id || hasRole('ROLE_ADMIN')")
    public Org findOne(@Param("id") Long id);

    @Override
    @PostFilter("filterObject.userId == principal.id || hasRole('ROLE_ADMIN')")
    public Iterable<Org> findAll();

    @Override
    @SuppressWarnings("unchecked")
    @PostAuthorize("reutrnObject.userId == principal.id || hasRole('ROLE_ADMIN')")

}

With this I'm getting: An ordinary user can PUT only his/her own Org records (userId match). An ordinary user can POST anything. An admin can PUT or POST anything.

Related Questions in SPRING-SECURITY

Related Questions in SPRING-DATA-JPA

Related Questions in SPRING-EL

Related Questions in SPRING-REST

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.