SivaLabs

So far our JCart application is running on Tomcat default port 8080 using HTTP protocol. In this article we will configure to use HTTPS by using Self Signed Certificate. For real projects you would have to buy certificate from a Trusted Authority. I would like to run ShoppingCart site on https://host:8443 and if anyone tries to access it from http://host:8080 it should redirect to https://host:8443. Similarly I would like to run Administration site on https://host:9443 and if anyone tries to access it from http://host:9090 it should redirect to https://host:9443.

Once the Admin User clicked on Password Reset Link that we sent via Email, we will validate the Token and if is valid then we will show a form to enter New Password, otherwise shows an error. @Controller public class UserAuthController extends JCartAdminBaseController { ... @RequestMapping(value="/resetPwd", method=RequestMethod.GET) public String resetPwd(HttpServletRequest request, Model model, RedirectAttributes redirectAttributes) { String email = request.getParameter("email"); String token = request.getParameter("token"); boolean valid = securityService.verifyPasswordResetToken(email, token); if(valid){ model.

We will provide a link to Forgot Password in Login page and create jcart-admin/src/main/resources/templates/public/forgotPwd.html template as follows: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" layout:decorator="layout/guestLayout"> <head> <title>Forgot Password</title> </head> <body > <div layout:fragment="content"> <form action="forgotPwd" th:action="@{/forgotPwd}" method="post"> <input type="email" class="form-control" name="email" placeholder="Email"/> <button type="submit" class="btn btn-primary btn-block btn-flat" th:text="#{label.submit}">Submit</button> </form> </div> </body> </html> When Admin user enters the email address and submit we will generate a token, store it in our DB and generates a Reset Password Link and send it to their email.

We are going to implement Admin User Forgot Password functionality where we need to send the Password Reset link to User email address. So let us look at how to configure Email server and send emails. Spring provides support for sending Emails using JavaMailSender. SpringBoot makes it even easier by providing a starter for emailing support. As we need Emailing feature in both Admin and ShoppingCart modules, we will implement the emailing functionality in jcart-core module.

Our JCart Administration site should only be accessible to authorized users only. So, we are going to use SpringSecurity to define the security constraints. Let us add the following spring-security dependencies to jcart-admin/pom.xml. <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency> If we have predefined set of Roles then we can specify the URL patterns and its required Roles something like this: http .authorizeRequests() .antMatchers("/login","/login/form**","/register","/logout").permitAll() .antMatchers("/admin","/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() But we need provision to dynamically create new roles as well, hence we can’t statically define constraints using role names.

As I am not really a good UI designer I searched for a free good looking UI website Admin templates and I found this fantastic template https://almsaeedstudio.com/preview. We will be using this template for our Administration web application. We are going to use Thymeleaf templates for our View layer. Thymeleaf offers facelets style templating mechanism. Basically we need 2 layout templates, one for unauthorized views like Login/ForgotPassword etc and another for authorized users.

We are going to create the JPA Entities for the database tables we designed. @Entity @Table(name="users") public class User { @Id @GeneratedValue(strategy=GenerationType.AUTO) private Integer id; @Column(nullable=false) @NotEmpty() private String name; @Column(nullable=false, unique=true) @NotEmpty @Email(message="{errors.invalid_email}") private String email; @Column(nullable=false) @NotEmpty @Size(min=4) private String password; private String passwordResetToken; @ManyToMany(cascade=CascadeType.MERGE) @JoinTable( name="user_role", joinColumns={@JoinColumn(name="USER_ID", referencedColumnName="ID")}, inverseJoinColumns={@JoinColumn(name="ROLE_ID", referencedColumnName="ID")}) private List<Role> roles; //setters & getters } @Entity @Table(name="roles") public class Role { @Id @GeneratedValue(strategy=GenerationType.AUTO) private Integer id; @Column(nullable=false, unique=true) @NotEmpty private String name; @Column(length=1024) private String description; @ManyToMany(mappedBy="roles") private List<User> users; @ManyToMany @JoinTable( name="role_permission", joinColumns={@JoinColumn(name="ROLE_ID", referencedColumnName="ID")}, inverseJoinColumns={@JoinColumn(name="PERM_ID", referencedColumnName="ID")}) private List<Permission> permissions; //setters & getters } @Entity @Table(name="permissions") public class Permission { @Id @GeneratedValue(strategy=GenerationType.

While developing database driven applications using some ORM framework, some people prefer Object first approach and others follow DB first approach. I prefer DB first approach. So, let us start listing down all the domain entities in our JCart application domain. Product Category Customer Order OrderItem Cart Address User Role Permission Let us create the database tables as follows: Though we identified Cart as a domain entity, we are not creating the table for holding the Cart details.

Let us create a root pom type maven project with 3 sub-modules jcart-core, jcart-admin and jcart-site. jcart-core module will contain all the core logic excluding web related stuff. jcart-admin module will contain all the administration related web functionality like Controllers, Security, Validators etc. jcart-site module will contain all the shoppingcart related web functionality like Controllers, Security, Validators etc. All these modules use SpringBoot, but as of now STS/IntellijIdea are not providing option to create multi-module SpringBoot application, we will be creating Maven modules and then configure SpringBoot dependencies manually.

Now that we have completed the most difficult part (writing Introduction to technical article series is much harder than you think!!), so let’s start the fun part. Coding!!! Note: It is going to be a fast paced tutorial. Obviously we can’t cover every little bit of all the technologies used in our application. So I would suggest to explore more on individual technologies like Spring, Thymeleaf on your own. I would strongly suggest to checkout the code from https://github.