Returning 403 to client

162 views
Skip to first unread message

Matt Raible

unread,
Apr 8, 2021, 5:36:05 PM4/8/21
to JHipster dev team
Hey all,

I’m updating my “JHipster 6 Demo” for JHipster 7 and wanted to make sure the following code is still the best way to block access to an entity. The reason I ask is because this results in a blank page on the client. 
if (blog.isPresent() && blog.get().getUser() != null &&
    !blog.get().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
    return new ResponseEntity<>("error.http.403", HttpStatus.FORBIDDEN);
}
This is the same code I used with JHipster 6 and the behavior seems the same.

For reference, here’s the result when you try to go to a blog (via the URL) that you don’t have access to.


In JHipster 6, it’s similar.



Matt Raible

unread,
Apr 8, 2021, 7:15:23 PM4/8/21
to JHipster dev team
I noticed something else strange after deploying my JHipster 7 blog app to Heroku. I removed “faker” in application-dev.yml so I wouldn’t be working with fake data locally. However, when I deployed it to Heroku, I ended up with faker data for one entity.

If you log in to https://blog-jh-7.herokuapp.com with admin/admin, you’ll see some fake data for the “Tag” entity. I deleted a few, so they’re not all there, but it seems strange that this could happen. The only thing I can think of is Heroku re-used a database or something. Can someone else try and reproduce?

——
INFO! Using JHipster version installed locally in current project's node_modules
##### **JHipster Version(s)**

```
bl...@0.0.1-SNAPSHOT /Users/mraible/dev/jhipster7-demo/blog
└── generator...@7.0.1 

```


##### **JHipster configuration, a `.yo-rc.json` file generated in the root folder**


<details>
<summary>.yo-rc.json file</summary>
<pre>
{
  "generator-jhipster": {
    "blueprints": [],
    "otherModules": [],
    "applicationType": "monolith",
    "baseName": "blog",
    "jhipsterVersion": "7.0.1",
    "skipClient": false,
    "skipServer": false,
    "skipUserManagement": false,
    "skipCheckLengthOfIdentifier": false,
    "skipFakeData": false,
    "jhiPrefix": "jhi",
    "entitySuffix": "",
    "dtoSuffix": "DTO",
    "testFrameworks": ["cypress"],
    "pages": [],
    "creationTimestamp": 1617904976856,
    "serviceDiscoveryType": false,
    "reactive": false,
    "authenticationType": "jwt",
    "packageName": "org.jhipster.blog",
    "serverPort": "8080",
    "cacheProvider": "ehcache",
    "enableHibernateCache": true,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "postgresql",
    "buildTool": "maven",
    "serverSideOptions": [],
    "websocket": false,
    "searchEngine": false,
    "messageBroker": false,
    "enableSwaggerCodegen": false,
    "clientFramework": "angularX",
    "withAdminUi": true,
    "clientTheme": "none",
    "enableTranslation": true,
    "nativeLanguage": "en",
    "packageFolder": "org/jhipster/blog",
    "jwtSecretKey": "YourJWTSecretKeyWasReplacedByThisMeaninglessTextByTheJHipsterInfoCommandForObviousSecurityReasons",
    "clientPackageManager": "npm",
    "clientThemeVariant": "",
    "languages": ["en", "es"],
    "entities": ["Blog", "Post", "Tag"],
    "lastLiquibaseTimestamp": 1617913381000,
    "herokuAppName": "blog-jh-7",
    "herokuDeployType": "git",
    "herokuJavaVersion": "11"
  }
}

</pre>
</details>


##### **JDL for the Entity configuration(s) `entityName.json` files generated in the `.jhipster` directory**

<details>
<summary>JDL entity definitions</summary>

<pre>
entity Blog {
  name String required minlength(3)
  handle String required minlength(2)
}
entity Post {
  title String required
  content TextBlob required
  date Instant required
}
entity Tag {
  name String required minlength(2)
}
relationship ManyToOne {
  Blog{user(login)} to User
  Post{blog(name)} to Blog
}
relationship ManyToMany {
  Post{tag(name)} to Tag{entry}
}

paginate Post, Tag with infinite-scroll

</pre>
</details>


##### **Environment and Tools**

openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.8+10)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.8+10, mixed mode)

git version 2.29.2

node: v14.15.0

npm: 6.14.11

Docker version 20.10.5, build 55c4c88

docker-compose version 1.28.5, build c4eb3a1f

Congratulations, JHipster execution is complete!
Sponsored with ❤️  by @oktadev.
——


Thanks,

Matt

<jhipster7.png>

In JHipster 6, it’s similar.

<jhipster6.png>



Frederik Hahne

unread,
Apr 9, 2021, 3:44:19 AM4/9/21
to Matt Raible, JHipster dev team
I can try the Heroku thing over the weekend.

--
You received this message because you are subscribed to the Google Groups "JHipster dev team" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jhipster-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jhipster-dev/6AEDAA0F-E8EE-4C8C-9EEC-7F4FEA68EB67%40raibledesigns.com.
Reply all
Reply to author
Forward
0 new messages