Sunday, June 17, 2018

Grails on Groovy > Invalidate Session > Error Handling - Session already invalidated

Problem is that in my grails application, when I invalidating the existing http session using session.invalidate() and creating a new session using request.getSession(true) is working fine for some time.
But this new session is not getting reflected everywhere in grails application. Due to this I do get 'Session already invalidated'.
I don't want to do request.getSession() everywhere, actually I would not get notified when this required or not. I am just using 'session'.
Grails holds the reference to a session object and every time you ask it for a session it returns the same reference.. so if you invalidate a session and then ask for the session it will return the same invalidated session, and cause 'session already invalidated' exception..
Execute following line Just after you do session.invalidate
import org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequest

session.invalidate()
GrailsWebRequest.lookup(request).session = null

Grails on Groovy > Grails Filter to Redirect HTTP to HTTPS > Redirecting WWW to Root with Grails > Grails Append Something to URL before Redirect > URL Modification On Grails Filters

The problem is need to modify http to https as well as add www to domain name if not exists. To do so have to modify in our Grails Filters.

For Grails applications, a filter can be used to improved security by redirecting traffic from regular HTTP to encrypted HTTPS. The convention is that filters are written in Groovy using filenames ending in Filters, and the files go into the grails-app/conf folder.
Redirecting from HTTP to HTTPS provides a better user experience than simply blocking HTTP requests, as redirecting seamlessly forwards users to the web pages they expect to see.
The example below shows the redirect code
package com.pkm

import grails.util.Environment

import javax.servlet.http.HttpServletRequest

class SecurityFilters {
    String getDomainName(HttpServletRequest request) {
        return request.getRequestURL().substring(0, request.getRequestURL().indexOf("/", 8)) + request.contextPath
    }
    String getFullRequestURI(HttpServletRequest request) {
        String query = request.getQueryString()
        String request_uri = request.getAttribute("javax.servlet.forward.request_uri")
        if (request_uri == null) {
            return request.getRequestURL().toString().substring(0, request.getRequestURL().toString().length() - 1) + (query ? "?$query".toString() : "")
        }
        return request.getRequestURL().substring(0,request.getRequestURL().indexOf("/", 8)) + request_uri + (query ? "?$query".toString() : "")
    }

    def filters = {
        filter1(uri: "/**") {
            before = {
                Boolean isSecure = request.isSecure(), doRedirect = false
                String domain = getDomainName(request)
                String url = getFullRequestURI(request)

                println("SECURE=${isSecure.toString().capitalize()}" +
                        "\n\t >DOMAIN=${domain}" +
                        "\n\t\t>URL=${url}")

                /*if (!request.getServerName().toLowerCase().startsWith("www")) {
                    doRedirect = true
                    url = url.substring(0, url.indexOf("//")) + "//www." + url.substring(url.indexOf("//") + 2)
                }*/
                if (!request.isSecure() && !Environment.isDevelopmentMode()) {
                    doRedirect = true
                    url = "https://" + url.substring(url.indexOf("//") + 2)
                }
                if (!url.toLowerCase().endsWith("redirected=true-2")) {
                    doRedirect = true
                    url = url + (url.contains("?") ? "&redirected=true-2" : "?redirected=true-2")
                }
                if (doRedirect && request.isGet()) {
                    response.setStatus(302)
                    response.setHeader("Location", url)
                    response.flushBuffer()
                    return false
                }
            }
            after = { Map model ->

            }
            afterView = { Exception e ->

            }
        }
    }
}
If your server listens for https requests (or any requests on ports other than 80), you can add checks using the same format, replacing http and port 80 with the appropriate values. You can also redirect from any subdomain you want to the root site (or another subdomain), by simply swapping www with your subdomain.
And output would be like below. First request forwarded to second URL with additional parameters.
SECURE=False
  >DOMAIN=http://localhost:3346/CONTEXT_PATH
  >URL=http://localhost:3346/CONTEXT_PATH/home/index
SECURE=False
  >DOMAIN=http://localhost:3346/CONTEXT_PATH
  >URL=http://localhost:3346/CONTEXT_PATH/home/index?redirected=true-2

Grails on Groovy > Transform Collection / List to a Map with collectEntries > Get Map From Array List > Convert List To Corresponding Map Entity

Since Groovy 1.7.9 we can use the collectEntries method for a Collection to get a Map. We use a closure to transform the elements in the collection to a map entry. And the end result is a Map with all the map entries.
List<String> words = ["Grails", "On", "Groovy"]
Map map = words.collectEntries {
    [ (it): it.contains("G") ]
}
println(map)
Which will output as below:
[Grails:true, On:false, Groovy:true]

Grails on Groovy > Transactions > Transaction Block > Read Only Transactions > With New Transaction > Transactions With Read Only Stage

We all know that Grails services are transactional by default. When you create a service you see that there is a annotation @Transactional exists over class name. Transactional means all transactions will persist on database or no one will persist.
We can set transactions read only mode if we wish in a transactional block if we need. Below is a code snippet:
package com.pkm

import grails.transaction.Transactional
import org.springframework.transaction.TransactionStatus

@Transactional
class HomeService {
    TransactionStatus transactionStatus

    void callMe() {
        Table1 table1 = Table1.last()
        new Table2(table1: table1, subject: "S3", score: 3D).save()
        transactionStatus.setRollbackOnly()

        Table2.withNewTransaction { TransactionStatus tx ->
            table1 = Table1.last()
            new Table2(table1: table1, subject: "S4", score: 3D).save()
            tx.setRollbackOnly()
        }
    }
}
In above code block, we inject a bean named transactionStatus which actually maintain if a service definition is read only or not. We can set it to read only mode using transactionStatus.setRollbackOnly(). We can do the same job for when we do anything in withNewTransaction block. You can see there is another transactionStatus occur for that new region. So you can also set it to read only mode.

Grails on Groovy > Create Criteria > Create Alias > Grails Create Alias > Create Alias With Additional Criteria

We frequently use createAlias to create alias between entity. It actually create connection based on foreign key and primary key between two entities. Below is a example how we create alias between entities:
Table1.createCriteria().list {
    createAlias("scores", "scores")
}
Which will produce SQL like below where we can see that foreign key of table1 create a link with table2_child based on primary key id as following:
select ... from table1 this_ inner join table2_child scores1_ on (this_.id=scores1_.table1_id)
But if we need more on add to filter when joining them, yeah, we can do that. We can add extra conditions to on part of that SQL. To do so, first need to create a groovy file like below:
package com.pkm

import org.hibernate.Criteria
import org.hibernate.HibernateException
import org.hibernate.criterion.CriteriaQuery
import org.hibernate.criterion.Criterion
import org.hibernate.engine.spi.TypedValue

class CustomSqlJoin implements Criterion {
    private Double score = null;

    CustomSqlJoin(Double score) {
        this.score = score
    }

    //Use Example > createAlias("scores", "scores", JoinType.INNER_JOIN, new CustomSqlJoin(2D))
    @Override
    String toSqlString(Criteria criteria, CriteriaQuery criteriaQuery) throws HibernateException {
        String alias = criteriaQuery.getSQLAlias(criteria)
        return "${alias}.score > ${this.score}"
    }

    @Override
    TypedValue[] getTypedValues(Criteria criteria, CriteriaQuery criteriaQuery) throws HibernateException {
        return new TypedValue[0]
    }
}
And you can use the above custom condition using as below example:
Table1.createCriteria().list {
    createAlias("scores", "scores", JoinType.INNER_JOIN, new CustomSqlJoin(2D))
    "ne" "id", System.currentTimeMillis()
}
Which will generate below SQL
select ... from table1 this_ inner join table2_child scores1_
on this_.id=scores1_.table1_id and ( scores1_.score > 2.0 )
where this_.id<>?

Saturday, June 16, 2018

How to handle HTTP 403 forbidden error in Java

Sometimes when trying to connect to a web service using a java client, we may face a 403 forbidden HTTP response code, it is workable but in some reason the service is accessible normally from web browsers.
The HTTP 403 forbidden error doesn’t necessarily occur due to missing authentication attributes or invalid authentication, some web services would only authorize web browsers or some specific clients to access them, while they deny any requests coming from third-party clients. And we are going to handle this situation.
This problem is normally resolved by imitating the web browser request so that the web service deals with the java client as if it was a web browser.
Below is a typical request logged from a browser:
GET /feeds HTTP/1.1
Host: publicservice.com:443
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: OGP=-4061129:; SID=FAYIU7tO....
Referer: https://clients5.google.com/pagead/drt/dn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
X-Client-Data: CIa2yQEIpLbJAQjBtskBCKmdygEIqKPKARiSo8oB
As noticed, the “User-Agent” header specifies the name and the type of the client which is trying to access the service, so in order to imitate the web browser we need to add this header to our request. Following is how to add it using HttpUrlConnection:
String url = "https://xxx.com/yyy";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36");

Grails on Groovy > Bind Metamethod of Hibernate Criteria Builder > Create Custom Function / Custom Method Under HibernateCriteriaBuilder > HibernateCriteriaBuilder Meta Method

To bind custom method with hibernate criteria builder you first need to create a groovy file named HibernateCriteriaListener like below:
package com.pkm

import grails.util.Holders
import org.codehaus.groovy.grails.commons.GrailsApplication
import org.grails.datastore.mapping.core.Datastore
import org.grails.datastore.mapping.engine.event.*
import org.springframework.context.ApplicationEvent
import grails.orm.HibernateCriteriaBuilder

class HibernateCriteriaListener extends AbstractPersistenceEventListener {
    protected HibernateCriteriaListener(Datastore datastore) {
        super(datastore)

        HibernateCriteriaBuilder.metaClass.myMethod = { info, value = null ->
            println("NAME=${info} VALUE=${value}")
        }
    }

    @Override
    protected void onPersistenceEvent(AbstractPersistenceEvent event) {

    }

    @Override
    boolean supportsEventType(Class<? extends ApplicationEvent> aClass) {
        return false
    }

    static void initialize(GrailsApplication application) {
        application.mainContext.eventTriggeringInterceptor.datastores.each { k, datastore ->
            Holders.applicationContext.addApplicationListener(new HibernateCriteriaListener(datastore))
        }
    }
}
Now we need to register the above functionality from BootStrap, so you need to do following:
import com.pkm.HibernateCriteriaListener
import org.codehaus.groovy.grails.commons.GrailsApplication
import org.codehaus.groovy.grails.web.servlet.GrailsApplicationAttributes
import org.hibernate.dialect.function.SQLFunctionTemplate
import org.springframework.context.ApplicationContext

class BootStrap {
    def init = { servletContext ->
        ApplicationContext applicationContext = servletContext.getAttribute(GrailsApplicationAttributes.APPLICATION_CONTEXT)
        GrailsApplication application = (GrailsApplication) applicationContext.getBean("grailsApplication")

        /* REGISTER HIBERNATE EVENT LISTENER */
        HibernateCriteriaListener.initialize(application)
    }

    def destroy = {

    }
}
And finally you can use custom criteria method using below sample:
Table1.createCriteria().list {
    delegate.myMethod("name", "value")
}