Authentication is not working, spring-security, spring mvc, hibernate, stringTemplate

[Marten Deinum]

THere is quite a lot 'wrong' with your setup.

YOur managers, that code makes me shudder. Don't write code like that..

Code:

	public List<Category> getListCategory() throws ServletException 
	{ 
		List<Category> categories = null;
		try 
		{ 
			productDao.sessionFactory.getCurrentSession().beginTransaction(); 
			categories = productDao.getListCategory();
			productDao.getSessionFactory().getCurrentSession().getTransaction().commit();
		} 
		catch (Throwable e) 
		{ 
			if (productDao.getSessionFactory().getCurrentSession().getTransaction().isActive()) 
			{
				productDao.getSessionFactory().getCurrentSession().getTransaction().rollback(); 
			} 
			throw new ServletException(e); 
		} 
		return categories;
	}

For starters your dao shouldn't expose the sessionfactory, next to that you shouldn't be messing around with transactions yourself! Put a @Transactional at the top of your manager and remove all of the clutter. Currently your manager/service is also coupled to the web layer due to your exception throwing, something else you really don't want. Which will leave you with the following.

Code:

@Transational
public class ProductManager 

	public List<Category> getListCategory()  { 
			return productDao.getListCategory();
	}

Now isn't that a lot better and easier to maintain.

The same goes for your dao's they are also coupled to the web stuff, ServletException again, and also one thing you NEVER should do is to prepare queries with adding strings together, this makes your vulnerable to sql injection. Use setparameter on the query object for that.

Code:

	public List<Product> getSearchProduct(String searchWord) 
	{ 
		return sessionFactory.getCurrentSession().createQuery("from Product WHERE name LIKE '%" + searchWord + "%' OR description LIKE '% " + searchWord + "%'").list(); 
	}

should be something like.

Code:

	public List<Product> getSearchProduct(String searchWord) {
		Query query = sessionFactory.getCurrentSession().createQuery("from Product WHERE name LIKE :searchword OR description LIKE :searchword");
		query.setParameter("searchword", "%"+searchWord+"%");
		return query.list(); 
	}

FOllowing as I already suggested you are duplicating things in your xml.

Code:

	<bean id="DeliveryFormController" class="com.jshop.web.DeliveryFormController">
		<property name="deliveryFormManager" ref="DeliveryFormManager" />
	</bean>

	<bean name="/delivery_form.html" class="com.jshop.web.DeliveryFormController" />

The second declaration '/delivery_form.html'does absolutly nothing. It only takes memory. YOu can remove all those beans... Saves/cuts your configuration in half.

Your controllers are also doint ugly things, I wonder why you have a manager/dao layer at all?!

Code:

			try 
			{ 
				productManager.getProductDao().sessionFactory.getCurrentSession().beginTransaction(); 
				products = productManager.getProductDao().getListProduct(); 
				productManager.getProductDao().getSessionFactory().getCurrentSession().getTransaction().commit();
			} 
			catch (Throwable e) 
			{ 
				if (productManager.getProductDao().getSessionFactory().getCurrentSession().getTransaction().isActive()) 
					productManager.getProductDao().getSessionFactory().getCurrentSession().getTransaction().rollback(); 
				throw new ServletException(e); 
			}

Argh..... That should ONLY read

Code:

products = productManager.getListProducts();

And you would have the manager delegate it. You don't want that code.....

Another note, you are using system.out for logging, another thing that isn't really nice/neat to do. You should use a logging framework (I expected either the use of commons-logging or slf4j judging from the jars in your project). System.out is slow, it is really slow, so if you use it a lot it will degrade your performance.

Next remove the component:scan because that is pretty much useless you don't have @Components/@Controller/@Service in your project, so no need for that.

You don't program to interfaces so your tx:annotation-driven needs to proxy-target-classes. Currently you don't have any (proper) transactions setup, hence your errors.

Move your validator, viewresolver and messagesource to the servlet.xml.

Haven't tried it but that should start your application and if you also apply the other things I mentioned your application will be easier to maintain.

I really hope that this isn't code that goes to production, because if I where a developer on the project I wouldn't give any guarantees for the quality, stability of the product.

If you only want it to get running do
1) add @Transactional to your managers
2) enable proxy-target-class on tx:annotation-driven
3) Move your validator, viewresolver and messagesource to the servlet.xml.

that should basically be it...

However if you want to improve the overal structure/architecture of your app, well take the above into account.

[jolsys]

Thank you for checking. I complied with your instructions, but I can not figure out one thing. when I add @ Transactional as you said, it gives me an error
applicationContext.xml

Code:

<beans >	
	<bean id="shoppingCart" class="com.jshop.model.ShoppingCart" scope="session"><aop:scoped-proxy/></bean>

	<bean name="ProductManager" class="com.jshop.service.ProductManager"> 
		<property name="productDao" ref="ProductDao" /> 
	</bean>
	<bean id="ProductDao" class="com.jshop.model.ProductDao"> 
		<property name="sessionFactory" ref="mySessionFactory" /> 
	</bean>
	<bean name="CategoryManager" class="com.jshop.service.CategoryManager"> 
		<property name="categoryDao" ref="CategoryDao" /> 
	</bean>
	<bean id="CategoryDao" class="com.jshop.model.CategoryDao"> 
		<property name="sessionFactory" ref="mySessionFactory" /> 
	</bean>
	...................
	<bean id="myDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
		<property name="url" value="jdbc:mysql://localhost/jshop?useUnicode=true&amp;characterEncoding=UTF-8" />
		<property name="username" value="root"/>
		<property name="password" value="admin1029"/>
	</bean>

<bean id="mySessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean" > 
		<property name="dataSource" ref="myDataSource"/> 
		<property name="hibernateProperties"> 
			<props> 
			<prop key="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</prop>
			<prop key="hibernate.current_session_context_class">thread</prop> 
			</props> 
		</property> 
		<property name="mappingResources" > 
			<list> 	<value>com/jshop/hibernate/Product.hbm.xml</value>.................</list> 
		</property> 
	</bean>
	
  	<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> 
		<property name="sessionFactory" ref="mySessionFactory" /> 
	</bean>
	
	<tx:annotation-driven transaction-manager="transactionManager" proxy-target-class="true" />
</beans>

jshop-servlet.xml

Code:

<beans >
	<bean id="simpleUrlMapping"
		class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
		<property name="mappings">
			<props>
				<prop key="/index.html">indexController</prop>
				<prop key="/product.html">ProductController</prop>
				......................
			</props>
		</property>
		<property name="alwaysUseFullPath" value="true"/>
	</bean>
 	
	<!-- Validation                                                      -->
	<bean id="productValidator" class="com.jshop.validator.ProductValidator" 
		lazy-init="default" autowire="default" dependency-check="default" /> 
	
	<!-- Controllers                                                     -->
	<bean id="indexController" 	class="org.springframework.web.servlet.mvc.ParameterizableViewController">
		<property name="viewName" value="index"/>
	</bean>
	
	<bean id="ProductController" class="com.jshop.web.ProductController">
		<property name="productManager" ref="ProductManager" />
		<property name="shoppingCart" ref="ShoppingCartService" />
	</bean>
	..........	
	<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> 
		<property name="basenames">
            <list><value>error-messages</value></list>
        </property>
	</bean>
	
	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass" value="com.jshop.template.StringTemplateView" />
		<property name="prefix" value="/WEB-INF/template/" />
		<property name="suffix" value=".st" />
		<property name="requestContextAttribute" value="rc" />
	</bean>
</beans>

ProductManager.java

Code:

@Transactional
public class ProductManager{ 
         .....
	public List<Category> getListCategory()  { 
			return productDao.getListCategory();
	}....}

errors

Code:

org.hibernate.HibernateException: createQuery is not valid without active transaction
	at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:338)
	at $Proxy6.createQuery(Unknown Source)
	at com.jshop.model.ProductDao.getListCategory(ProductDao.java:96)
	at com.jshop.service.ProductManager.getListCategory(ProductManager.java:144)
	at com.jshop.service.ProductManager$$FastClassByCGLIB$$cadeecd2.invoke(<generated>)
	at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
	at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:700)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:635)
	at com.jshop.service.ProductManager$$EnhancerByCGLIB$$10f3ff7c.getListCategory(<generated>)
	at com.jshop.web.EditProductController.referenceData(EditProductController.java:61)
	at org.springframework.web.servlet.mvc.SimpleFormController.referenceData(SimpleFormController.java:214)
	at org.springframework.web.servlet.mvc.AbstractFormController.showForm(AbstractFormController.java:574)
	at org.springframework.web.servlet.mvc.SimpleFormController.showForm(SimpleFormController.java:198)
	at org.springframework.web.servlet.mvc.SimpleFormController.showForm(SimpleFormController.java:175)
	at org.springframework.web.servlet.mvc.AbstractFormController.showNewForm(AbstractFormController.java:338)
	at org.springframework.web.servlet.mvc.AbstractFormController.handleRequestInternal(AbstractFormController.java:278)
	at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
	at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
	at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
	at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

[Marten Deinum]

As I already stated a couple of times before

And again remove the current-session-context stuff from your hibernate session factory, your current implementation is going to break proper tx management.

If you did as I said, it should have really cleaned up your code .

[jolsys]

OMG I'm absent-minded person, thanks for your response

[Marten Deinum]

Your welcome... Can happen, especially with all the things you changed, removing a single line of xml is then easily overlooked... (Happens to me also from time to time ).

[jolsys]

You have helped me so much with my application, thank you for it, without you I probably would have been far away.