Page 1 of 2

adding new mvc

Posted: Wed Sep 10, 2014 12:25 pm
by josephmak
Hi there, trying to add additional pages and form handling here.

I have a simple foo.html that looks like this (residing in site\src\main\webapp\WEB-INF\templates\myfolder\foo.html)

[begin]
<h1>Hi there!</h1>

<div th:if="${mystuff != null}">
My stuff:<br/>
<h2 th:text="${mystuff.data1}">mystuff data1 default value</h2>
<h2 th:text="${mystuff.data2}">mystuff data2 default value</h2>
<h2 th:text="${mystuff.data3}">mystuff data3 default value</h2>

</div>

<h1>Testing form</h1>

<form action="/myform/datapost" method="POST">
Text1 <input type="text" name="data1" /><br/>
Text2 <input type="text" name="data2" /><br/>
num3 <input type="text" name="data3" /><br/>
<input type="submit" value="submit"/>
</form>
[end]

I added the following in applicationContext-security.xml, so I am allowing things with /myform pattern. (otherwise I get an error on submit)
<sec:http pattern="/myform/**" security="none" />

My controller method looks like this, and I am able to see the data that I put into the form in that LOG line.
The MyData class is an extremely simple POJO.

@RequestMapping(value="/myform/datapost", method = RequestMethod.POST)
public ModelAndView doSomething5(@ModelAttribute("MyData")MyData data) {

LOG.info("Here is data: "+data.getData1()+","+data.getData2()+" "+data.getData3());

ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("myfolder/foo");

modelAndView.addObject("mystuff", data);

return new ModelAndView("myfolder/foo");
}

My little goal is to re-display the foo.html page with the data I entered but I am getting the following...



HTTP ERROR 500

Problem accessing /myform/datapost. Reason:

Exception evaluating SpringEL expression: "customer.anonymous" (layout/partials/header:5)
Caused by:

org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "customer.anonymous" (layout/partials/header:5)


and that looks like it is because this page does not know what customer it is dealing with.
How can I get around that?

It probably has to do with configuring the authentication-manager blAuthenticationManager section?

So the general question is how can one add additional mvc to the broadleaf demo that works with the rest of site?

Re: adding new mvc

Posted: Sat Sep 13, 2014 1:58 pm
by phillipuniverse
Use this HTML instead:

Code: Select all

<blc:form action="/myform/datapost" method="POST">
Text1 <input type="text" name="data1" /><br/>
Text2 <input type="text" name="data2" /><br/>
num3 <input type="text" name="data3" /><br/>
<input type="submit" value="submit"/>
</blc:form>


The blc:form tag is a Thymeleaf processor that will automatically add a hidden csrfToken input field to your form, which is used by the CsrfFilter. The error that you got was likely related to a CSRF token being expired because the CsrfFilter operates on every single POST request. If you just use a raw form tag then that parameter does not get added and thus the CsrfFilter throws that exception.

The problem with excluding certain URLs from Spring Security is that none of the Broadleaf filters will be run. Spring Security has a filter chain (see springSecurityFilterChain) and all of the Broadleaf filters (including the CustomerStateFilters which looks up and adds a customer as a request attribute) are hooked up as apart of the Spring Security filter chain. You can see the referenced Broadleaf filters in applicationContext-filter.xml and you can see how and when they are hooked up into Spring Security by looking at applicationContext-security.xml.

org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "customer.anonymous" (layout/partials/header:5)

This final error that you get is because since you excluded your URL from Spring Security completely, Broadleaf's CustomerStateFilter does not run and thus you get no Customer added as a request attribute (Thymeleaf exposes all request attributes as first-order citizens on the view layer without you explicitly adding them to the Model).

SO, all that said, here is what you need to do for all your stuff to work again:

1. Replace your <form> tag with <blc:form> (you should use this everywhere that you use the <form> tag)
2. Remove the exemption of /myform/** from Spring security (just delete that line)

and you should be good to go! Thanks for choosing Broadleaf and let us know if you have any other trouble getting things going!

Re: adding new mvc

Posted: Mon Sep 15, 2014 9:56 am
by josephmak
Thank you so much. <blc:form> works like a charm

Re: adding new mvc

Posted: Fri Sep 26, 2014 7:03 am
by Aliraza05
Thank you, problem resolved. I hadn't even considered that the problem could be coming from the http session on the client side. Would appreciate if you could briefly explain how the session remained active over multiple days or provide a link to some relevant reading that would get me up to speed.

I understand that the session data was asking a new database instance for a customer that doesn't exist. However I don't understand why the server doesn't check the validity of the session before making an expired request to the database?

Grateful for the support.