How to implement a user data change form in spring boot + spring security?

P

puppylen2022-02-17 18:21:44

Java

puppylen, 2022-02-17 18:21:44

Good afternoon.
I deal with spring, I make a simple CRUD application. I did authorization and registration, during registration I check the password for the number of characters and complexity.

I decided to add a Personal Account, where the user can change his mail, name and (if necessary, password) himself.
there are no problems with changing the password, they can’t figure out how to change the mail and name without a password, because I have to fill in the password fields and confirm the password, and if I just change the name and mail, the validator swears that the password cannot be empty.

User class:

public class User{
@Id
  @GeneratedValue(strategy = GenerationType.IDENTITY)
  @Column(name = "id")
  private int id;
  
  @Column(name = "username")
  @NotBlank(message = "не может быть пустым")
  @Size(min = 2, message = "длина имени должна быть от 2 до 50 символов")
  @Size(max = 50,message = "длина имени должна быть от 2 до 50 символов")
  private String username;
  
  @Column(name = "password")
  @NotBlank(message = "не может быть пустым")
  @PaswordCheckStrong(message = "длина пароля от 8 до 128 латинских символов, должен содержать спец символы #[email protected]$%^&*- и одну большую и маленькую букву")
  private String password;
  
  @Transient
  private String passwordConfirm;
  
  @Column(name = "email",unique = true)
  @Email(message = "формат email не верный")
  @NotBlank(message = "email не может быть пустым")
  private String email;

//def constructor + getter + setter
}

Annotation PasswordCheckStrong - simply checks the quality of the password by regex.

When passed to the template - I get the current user from

model.addAttribute("currentUser", (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal());

in thymeleaf I access fields through th:object="${currentUser}" and th:input="*{id}",th:input="*{username}" and so on.

I myself could not think of anything better than removing th: object and adding user strings to modell.addAtribute.

User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal());
String username =  user.getUsername();
String email = user.getEmail();
model.addAttribute("username", username);
model.addAttribute("email", email);

in the thymeleaf form, change them and return them as normal Strings and only then process and add them to User.

But it doesn’t look nice, how are such tasks solved correctly?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

puppylen, 2022-02-17
@puppylen

Blunted, removed the validation in the signature of the controller method, and changed the fields I needed through a temporary user:

public String saveUser(@ModelAttribute("currentUser") User user,Model model, Principal principal) {
    User tempUser = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    tempUser.setEmail(user.getEmail());
    tempUser.setUsername(user.getUsername());
                userService.save(tempUser);