Spring Current Security Context

Spring Security framework has two key context objects which an application must interact with:

• SecurityContextHolder – SecurityContextHolder contains information about the current security context of the application, which includes detailed information about the user currently working with the application.
• UserDetailsService – UserDetailsService is used to create a UserDetails object by implementing the single method of this interface: UserDetails loadUserByUsername (String username) throws UsernameNotFoundException

There are four steps needed to secure a web application with a login page via the Spring Security framework:

1. The user logs in with a name and a password. These two credentials are combined into an instance of the class UsernamePasswordAuthenticationToken. Then, they are passed to the AuthenticationManager for verification.
2. If the username does not match the password, the BadCredentialsException is returned along with the message “Bad Credentials.”
3. If the username and password match, it will return a populated authentication instance.
4. The user sets a security context by calling the SecurityContextHolder.getContext().setAuthentication() method, where the object that returned from authenticationProvider.authenticate() is passed.

Caused by: org.postgresql.util.PSQLException: Large Objects may not be used in auto-commit mode.

A large object refers to the entity property that is modified by @Lob. It may be persisted in several records.

However, in database management system, auto-commit means that each query or persistence is considered as one transaction, and implemented immediately. So, it seems that this setup conflicts a lob property, which may need several statements to persist it.

It may need a transaction to wrap several statements together, between BEGIN and COMMIT.  Turning off the auto-commit mode could be a solution, however, using @Transactional to wrap statements should be a fundamental solution.

I solved the error by this way.

Difference between @Bean and @Component

@Component(Spring stereotype Annotation):

It modifies classes. All components can be auto-wired in Spring context as the Component scan is turned on.

@Bean: 

It modifies methods in a @Configuration class. The instance returned by this method will be registered in the Spring application context. By default, the bean has the same name as the method name. It is an explicit way to declare a bean in the IoC container. They are injected by the framework just like constructor dependencies are resolved

When source code is not available, it is not able to modify a class with a @Component.  So it cannot be auto-wired. In this case, using @Bean is the option.

@Bean methods and inter-dependencies

1. Injecting by type
The dependent type has only one instance. It can be injected by the type directly.
2. Injecting by name
If there are more that one instance of the same type for a target injection point. 
3.Injecting by name to matching qualifier
4. Injecting by qualifiers on both sides.




References:

SPRING STEREOTYPE ANNOTATIONS

Spring Method @Bean Dependency Injection

Spring Security CheckList

Adding Spring boot security follows certain steps.

1) adding spring security starter in the pom file
2) creating a Security configuration class modified by @Configuration and @EnableWebSecurity
3) modify user repository so as to query a user or user password by its username
4) adding a Spring UserDetail class extends User. it implements UserDetails(Spring Security)
5) adding a @service component, i.e. UserDetailsService implements UserDetailsService.
6) Putting a set of roles in the User entity; User has a set roles
7) Adding a Role entity. One user has many roles.
8) Adding Security Test dependency, i.e. spring-security-test

More than one row with the given identifier was found: 8

First time met this hibernate exception.
I think this issue should due to one to one relationship.

One driver has one car; one car has one driver who is driving it.
driver 1--1 car

I defined the driver as an inverse side and car as an owning side.
it means in the car Table, it will keep a foreign key reference to the driver table.

in avoidance of such an exception.

1) setting foreign key only from the car Table, not from both sides.
Otherwise leading to this exception



org.hibernate.HibernateException: More than one row with the given identifier was found: 8, for class: com.mytaxi.domainobject.CarDO
at org.hibernate.loader.entity.AbstractEntityLoader.load(AbstractEntityLoader.java:86) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.entity.EntityLoader.loadByUniqueKey(EntityLoader.java:143) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.persister.entity.AbstractEntityPersister.loadByUniqueKey(AbstractEntityPersister.java:2122) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.type.EntityType.loadByUniqueKey(EntityType.java:692) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.type.EntityType.resolve(EntityType.java:434) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.engine.internal.TwoPhaseLoad.doInitializeEntity(TwoPhaseLoad.java:154) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.engine.internal.TwoPhaseLoad.initializeEntity(TwoPhaseLoad.java:128) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.initializeEntitiesAndCollections(Loader.java:1133) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.processResultSet(Loader.java:992) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.doQuery(Loader.java:930) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:336) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.doList(Loader.java:2617) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.doList(Loader.java:2600) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2429) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.Loader.list(Loader.java:2424) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:501) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.hql.internal.ast.QueryTranslatorImpl.list(QueryTranslatorImpl.java:371) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.engine.query.spi.HQLQueryPlan.performList(HQLQueryPlan.java:216) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.internal.SessionImpl.list(SessionImpl.java:1326) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.internal.QueryImpl.list(QueryImpl.java:87) ~[hibernate-core-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.jpa.internal.QueryImpl.list(QueryImpl.java:606) ~[hibernate-entitymanager-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.jpa.internal.QueryImpl.getResultList(QueryImpl.java:483) ~[hibernate-entitymanager-5.0.11.Final.jar:5.0.11.Final]
at org.hibernate.jpa.criteria.compile.CriteriaQueryTypeQueryAdapter.getResultList(CriteriaQueryTypeQueryAdapter.java:50) ~[hibernate-entitymanager-5.0.11.Final.jar:5.0.11.Final]
at org.springframework.data.jpa.repository.query.JpaQueryExecution$CollectionExecution.doExecute(JpaQueryExecution.java:118) ~[spring-data-jpa-1.10.6.RELEASE.jar:na]
at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:82) ~[spring-data-jpa-1.10.6.RELEASE.jar:na]
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116) ~[spring-data-jpa-1.10.6.RELEASE.jar:na]
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106) ~[spring-data-jpa-1.10.6.RELEASE.jar:na]
at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:482) ~[spring-data-commons-1.12.6.RELEASE.jar:na]
at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:460) ~[spring-data-commons-1.12.6.RELEASE.jar:na]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.5.RELEASE.jar:4.3.5.RELEASE]
at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:61) ~[spring-data-commons-1.12.6.RELEASE.jar:na]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.5.RELEASE.jar:4.3.5.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) ~[spring-tx-4.3.5.RELEASE.jar:4.3.5.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) ~[spring-tx-4.3.5.RELEASE.jar:4.3.5.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) ~[spring-tx-4.3.5.RELEASE.jar:4.3.5.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.5.RELEASE.jar:4.3.5.RELEASE]
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136) ~[spring-tx-4.3.5.RELEASE.jar:4.3.5.RELEASE]