I have two objects, a Job and a JobQueue, which contains a job, like this:

@JsonIgnore
@ManyToOne(targetEntity = Job.class)
@JoinColumn(name = "job_id", referencedColumnName = "jobId") //TODO check on the cascading
private Job job;

In our database, we have a foreign key constraint that requires JobQueue.job_id to be not null, and refer to a valid Job.

In LightAdmin, I created a Job, then went to the JobQueue page and created a JobQueue, and chose the Job from the dropdown. When I clicked save, I got this error in the UI:

    "could not execute statement; SQL [n/a]; constraint [null]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute statement"

And this error in the log file:

Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Column 'job_id' cannot be null
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:408) ~[na:1.8.0]

When I added '@NotNull' to the definition of the Job in the JobQueue object, and now when I click 'save', I get a UI validation error, "Required". So LightAdmin knows the field is empty, which is strange, since I chose a Job from the dropdown.

When I use the Chrome debugger I see this request payload being sent to the server:

job: "http://localhost:9090/admin/rest/jobs/5"
scheduledTime: "2014-09-23"
sendTime: "2014-09-11"

With this response:

{
  "errors" : [ {
    "entity" : "JobQueue",
    "message" : "Required",
    "invalidValue" : "null",
    "property" : "job"
  } ]
}

I verified that http://localhost:9090/admin/rest/jobs/5 is a valid URL, and it returns the job I referenced.

I checked out LightAdmin-Demo, and got it working, and it does not have this problem. I modified my code to be more like the demo, but the problem continues.

I try to run https://github.com/la-team/lightadmin-springboot with spring-boot-starter-parent 1.2.1.RELEASE and lightadmin.version=1.1.0.BUILD-SNAPSHOT.

Result: NoSuchMethodError - RepositoryRestMvcConfiguration.entityLinks() Which is strange because the lightadmin snapshot clearly has this method, and is also on classpath. What might be wrong here?

[ERROR] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - Servlet [lightadmin-dispatcher] in web application [] threw load() exception
java.lang.NoSuchMethodError: org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration.entityLinks()Lorg/springframework/hateoas/EntityLinks;
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration.entityLinks(LightAdminRepositoryRestMvcConfiguration.java:68) ~[lightadmin-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration$$EnhancerBySpringCGLIB$$59177c69.CGLIB$entityLinks$3(<generated>) ~[spring-core-4.1.4.RELEASE.jar:1.1.0.BUILD-SNAPSHOT]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration$$EnhancerBySpringCGLIB$$59177c69$$FastClassBySpringCGLIB$$1e1af318.invoke(<generated>) ~[spring-core-4.1.4.RELEASE.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration$$EnhancerBySpringCGLIB$$59177c69.entityLinks(<generated>) ~[spring-core-4.1.4.RELEASE.jar:1.1.0.BUILD-SNAPSHOT]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration.entityLinks(LightAdminRepositoryRestMvcConfiguration.java:53) ~[lightadmin-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration$$EnhancerBySpringCGLIB$$59177c69.CGLIB$entityLinks$2(<generated>) ~[spring-core-4.1.4.RELEASE.jar:1.1.0.BUILD-SNAPSHOT]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration$$EnhancerBySpringCGLIB$$59177c69$$FastClassBySpringCGLIB$$1e1af318.invoke(<generated>) ~[spring-core-4.1.4.RELEASE.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
    at org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration$$EnhancerBySpringCGLIB$$59177c69.entityLinks(<generated>) ~[spring-core-4.1.4.RELEASE.jar:1.1.0.BUILD-SNAPSHOT]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_51]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_51]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_51]
    at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_51]

1. Into each file field it is possible to upload 1 file of supported extension (jpg,jpeg,png) with size up to 10 Mb
2. It is possible to replace or delete uploaded file
3. Validation of extension and file size is displayed upon selecting a file to upload.
4. Image preview is displayed on List View, Quick View and Show View
5. It is possible to view original file
6. An entity can have more than 1 file field
7. Performance does not degrade significantly when multiple entity items have images (server-side resizing)

Currently if using Spring Data Evans instead of Dijkstra I obtain this error during startup:

Considering you upgraded to Spring 4.1 in POMs, could you support even latest release of Spring Data?

Description: Data displayed on the ListView, ShowView, FormView, and QuickView on first visit, is not updated when visiting the view for the next time.

Workaround: updated data is displayed after fully reloading the page For Quick View, reloading the page does not refresh the data. The data is refreshed after cleaning temporary internet files and data

ListView

1. Enter ListView: observe the data in item's fields:
2. Edit an item
3. Visit the ListView again:

Expected result: item # 269 displays values entered in step 2 Actual result: item # 269 displays values displayed in step 1:

ShowView

1. Nagivate to Show View of an item:
2. Edit the item > Save the changes Expected result: ShowView displays values entered in step 2 Actual result: ShowView displays values displayed in step1

FormView

1. Edit an item:
2. Change field values
3. Save
4. Edit the item again:

Expected result: Edit form displays values entered in step 2 Actual result: Edit form displays values displayed in step 1

Quick View

1. While on the List View, expand the Quick View for an item:
2. Edit the item > Save
3. Go to the List View > Refresh the page > Expand the Quick View for the edited item:

Expected result: values entered in step 2 are displayed Actual result: values displayed in step 1 are still displayed (even after reloading the page)

While trying out lightadmin-spring-travel demo. On running mvn clean install following Bad Gateway problem is reported on several steps:

Failure to transfer org.lightadmin:lightadmin:1.0.0-SNAPSHOT/maven-metadata.xml from http://lightadmin.org/nexus/content/repositories/releases was cached in the local repository, resolution will not be reattempted until the update interval of lightadmin-nexus-releases has elapsed or updates are forced. Original error: Could not transfer metadata org.lightadmin:lightadmin:1.0.0-SNAPSHOT/maven-metadata.xml from/to lightadmin-nexus-releases (http://lightadmin.org/nexus/content/repositories/releases): Failed to transfer file: http://lightadmin.org/nexus/content/repositories/releases/org/lightadmin/lightadmin/1.0.0-SNAPSHOT/maven-metadata.xml. Return code is: 502 , ReasonPhrase:Bad Gateway.

I am having a problem with the current version of lightadmin. You can reproduce it exactly with the lightadmin-springboot example:

git clone https://github.com/la-team/lightadmin-springboot.git
cd lightadmin-springboot
mvn package
java -jar target/lightadmin-boot.jar

results in

Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.lightadmin.core.web.json.DomainTypeToJsonMetadataConverter org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration.domainTypeToJsonMetadataConverter()] threw exception; nested exception is java.lang.NoSuchMethodError: org.lightadmin.core.config.context.LightAdminRepositoryRestMvcConfiguration.entityLinks()Lorg/springframework/data/rest/webmvc/support/RepositoryEntityLinks;
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188) ~[spring-beans-4.1.0.RELEASE.jar!/:4.1.0.RELEASE]
...

Finaly i'm working on the integration of light-admin in a real word application, i was trying to use the great NameExtractor feature as explain here but without any result. I even set breakpoints inside the method Apply() but the execution never stopped there.

Here's my code:

@Administration(OrderBundle.class)
public class OrderBundleAdministration {

    public static EntityMetadataConfigurationUnit configuration(
            EntityMetadataConfigurationUnitBuilder configurationBuilder) {
        return configurationBuilder.nameExtractor(userNameExtractor()).build();
    }

    private static EntityNameExtractor<Customer> userNameExtractor() {
        return new EntityNameExtractor<Customer>() {
            @Override
            public String apply(final Customer customer) {

                return String.format("%s, %s", customer.getId(),
                        customer.getAddress());
            }
        };
    }

}

I use Heroku as a fast and inexpensive solution for experiments and testing. For those experiment having something like LightAdmin would be really useful so i did some tinkering to get LA to work with the heroku deployment method.

Everything works except the fact that the application root seems to no be configured so all the resources and links are broken. I looked trough the settings but seems like there is nothing about it.

Here the code:

https://github.com/jimmyfm/lightadmin-heroku

And here the deployed app (might be asleep and take some time to load);

http://lightadmin.herokuapp.com/admin/dashboard

Edit an entry with a numeric field holding a value > Clear the value > Save

Expected result: 0 is displayed for the field

Actual result: old value is displayed

n2many relations did not keep order; fixed using a parallel hidden select keeping track of order and reordering original select (now suffixed with -n2mall) on form load

Bumps commons-collections4 from 4.0 to 4.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

• Want to take over the Java ecosystem? All you need is a MITM!
• Update: Want to take over the Java ecosystem? All you need is a MITM!

This is a security fix for a vulnerability in your Apache Maven pom.xml file(s).

The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. This leaves your build vulnerable to allowing a Man in the Middle (MITM) attackers to execute arbitrary code on your or your computer or CI/CD system.

This vulnerability has a CVSS v3.0 Base Score of 8.1/10.

POC code has existed since 2014 to maliciously compromise a JAR file in-flight. MITM attacks against HTTP are increasingly common, for example Comcast is known to have done it to their own users.

This contribution is a part of a submission to the GitHub Security Lab Bug Bounty program.

Detecting this and Future Vulnerabilities

This vulnerability was automatically detected by LGTM.com using this CodeQL Query.

As of September 2019 LGTM.com and Semmle are officially a part of GitHub.

You can automatically detect future vulnerabilities like this by enabling the free (for open-source) LGTM App.

I'm not an employee of GitHub nor of Semmle, I'm simply a user of LGTM.com and an open-source security researcher.

Source

Yes, this contribution was automatically generated, however, the code to generate this PR was lovingly hand crafted to bring this security fix to your repository.

The source code that generated and submitted this PR can be found here: JLLeitschuh/bulk-security-pr-generator

Opting-Out

If you'd like to opt-out of future automated security vulnerability fixes like this, please consider adding a file called .github/GH-ROBOTS.txt to your repository with the line:

User-agent: JLLeitschuh/bulk-security-pr-generator
Disallow: *

This bot will respect the ROBOTS.txt format for future contributions.

Alternatively, if this project is no longer actively maintained, consider archiving the repository.

CLA Requirements

This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.

It is unlikely that I'll be able to directly sign CLAs. However, all contributed commits are already automatically signed-off.

The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information).

- Git Commit Signoff documentation

If signing your organization's CLA is a strict-requirement for merging this contribution, please feel free to close this PR.

Tracking

All PR's generated as part of this fix are tracked here: https://github.com/JLLeitschuh/bulk-security-pr-generator/issues/2

I am attaching zip file of the code that has visualization code in it. if you know how to submit the code, either let me know the process or go ahead and merge the code.

light-admin-master.zip

Failed to execute goal on project lightadmin-sandbox: Could not resolve dependencies for project org.lightadmin:lightadmin-sandbox:war:1.2.0.BUILD-SNAPSHOT: Failed to collect dependencies at org.lightadmin:light-logging-configurer:jar:1.0.0.BUILD-SNAPSHOT: Failed to read artifact descriptor for org.lightadmin:light-logging-configurer:jar:1.0.0.BUILD-SNAPSHOT: Could not transfer artifact org.lightadmin:light-logging-configurer:pom:1.0.0.BUILD-SNAPSHOT from/to lightadmin-nexus-snapshots (http://lightadmin.org/nexus/content/repositories/snapshots): Failed to transfer file: http://lightadmin.org/nexus/content/repositories/snapshots/org/lightadmin/light-logging-configurer/1.0.0.BUILD-SNAPSHOT/light-logging-configurer-1.0.0.BUILD-SNAPSHOT.pom. Return code is: 503 , ReasonPhrase:Service Temporarily Unavailable.

Hi All

Can we have multiple roles(baseUrl and basePackage) in lightadmin?

Example: /employee should have access to employee modules and /admin should have access to admin modules

Hi, I was trying to push (deploy) the latest BUILD-SNAPSHOT to the LA Nexus Repo. But got the following error: Could not transfer metadata org.lightadmin:lightadmin:1.2.0.BUILD-SNAPSHOT/maven-metadata.xml from/to lightadmin-nexus (http://lightadmin.org/nexus/content/repositories/snapshots): Failed to transfer http://lightadmin.org/nexus/content/repositories/snapshots/org/lightadmin/lightadmin/1.2.0.BUILD-SNAPSHOT/maven-metadata.xml. Error code 500, Internal Server Error Seems like the Nexus repository is down. Can anyone please make it up again? Thanks!!