I am using spring=data-rest and I would like to remove ALPs url(/profile) from my rest service.
I have gone through below issues, but still open for long time
Disabling ALPS does not remove the profile link [DATAREST-1119]
DATAREST-1119: Remove profile link in case ALPS is disabled
I tried configurations as below to disable ALPs, but no luck when go and hit /profile still it is active/available
#Configuration
public class ApiRestConfiguration implements RepositoryRestConfigurer {
#Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config, CorsRegistry cors) {
System.err.println("Disabled alps**********************");
config.getMetadataConfiguration().setAlpsEnabled(false);
}
}
If anyone is able to fix it please do share your fixes.
Related
I have a Spring Boot project with webapp folder like:
webapp\
myapp\
api\
dashboard.xhtml
auth\
login.xhtml
register.xthml
When I run the sever I need to always enter the url http://localhost:8080/myapp/auth/login.xhtml to begin.
I found this very annoying and want to automatically redirect to this url when I enter just http://localhost:8080.
How can I achieve this?
You can make a new configuration inheriting the WebMvcConfigurer class.
In Spring Boot, the MVC part is measuring automatically, so you wouldn't do any more request controlling part in case you are new to it.
The WebMvcConfigurer class offers addViewControllers virtual function, so that you can override it and add your own controller inside it.
Just like:
#Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/")
.setViewName("forward:/helloworld.xhtml");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
For more detailed part, you can find it here.
I'm working on a Java application where a user registers a password for his/her account. The following are being used:
Spring Boot
Spring MVC
Spring Web Flow
Spring Security
Thymeleaf
Interceptor (for checking the session in the preHandle method)
For the Spring Security part, there's really no authentication required. I just use it to handle CSRF and the configuration is as follows:
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
// CSRF feature only
http.authorizeRequests().anyRequest().permitAll();
}
}
Now, this is where things get messy. When I deploy it to Tomcat in a Unix environment, ;jsessionid gets appended to the URL and Spring Security is not happy. I have scrounged the Internet and found the following solutions to remove it (alongside my results).
server.servlet.session.tracking-modes=cookie in application.properties does nothing.
web.xml
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
or
#Configuration
public class WebConfig implements WebApplicationInitializer {
#Override
public void onStartup(ServletContext servletContext) {
HashSet<SessionTrackingMode> set = new HashSet<>();
set.add(SessionTrackingMode.COOKIE);
servletContext.setSessionTrackingModes(set);
}
}
yields an IllegalArgumentException: The session tracking mode [COOKIE] requested for context [/<context-name>] is not supported by that context
I'm about to pull what remains of my hair off so I reverted any cookie-related changes and thought of just allowing semicolons in the URL (I know, I know, not secure) using the snippet below in the same SecurityConfig class.
#Bean
public HttpFirewall allowUrlSemicolonHttpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowSemicolon(true);
return firewall;
}
#Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.httpFirewall(allowUrlSemicolonHttpFirewall());
}
And voila! The web flow runs on an infinite redirect.
Questions:
Has anyone ever encountered IllegalArgumentException: The session tracking mode [COOKIE] requested for context [/<context-name>] is not supported by that context before? I've searched far and wide and the closest that I could find is this.
Could the reason behind server.servlet.session.tracking-modes=cookie not working be the same as above?
Could the infinite redirect be caused by http.authorizeRequests().anyRequest().permitAll()? I tried using anonymous() but the result was the same.
Is it possible to know which part exactly is causing the infinite redirect?
Please note that allowing semicolons in the URL is working fine and dandy in my localhost, so I have a hunch that what's causing the redirects is SSL-related. In the same way that locally ;jsessionid is not being appended to the URL.
My next step is to try configuring SSL locally in an attempt to replicate the issue. In the meantime, any help would be highly appreciated. My apologies if there's too much information here; I'm willing to repost it as multiple questions if that's necessary.
Spring Boot 2.6.3 with Springdoc.
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.5</version>
</dependency>
In applicaton.yaml, when I set the path as /v3/api-docs or remove it, that means use the default path "/v3/api-docs".
The Swagger UI page shows up correctly with the APIs
http://localhost:8080/swagger-ui/index.html
But I want to overite the path as below
api-docs.path: /bus/v3/api-docs
then Swagger UI displays the "Failed to load remote configuration" error:
Make sure to add "/v3/api-docs/**" in configure method.
#Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/swagger-ui/**", "
/v3/api-docs/**");
}
}
If you are using Spring Security in your app, you must include the URL in the configs.
Add the code below please to your project.
#Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/swagger-ui/**", "/bus/v3/api-docs/**");
}
}
I had the same problem, If you are behind a reverse proxy, the fix was to add the following property in application.yml
server:
forward-headers-strategy: framework
this is needed due to the following
Swagger relies on internal routing to make requests from the clients perspective. Putting the service behind a reverse-proxy without providing the X-Forwarded headers will result in the user not being able to use the documentation as intended
source -> https://medium.com/swlh/swagger-spring-boot-2-with-a-reverse-proxy-in-docker-8a8795aa3da4
Perform "Empty cache and hard refresh" in your browser.
I think I have solved the problem (thanks to #Ivan Zaitsev), just wanted to add more clarification to the answer.
I too have changed the api-docs.path property and I had the same problem. When I inspect the requests on swagger UI page, swagger-config request returns 404 since it was still trying to get the config from the old URL.
Even though I have changed api-docs.path property, here is the request URL that tries to retrieve swagger-config.
http://localhost:8080/api/v3/api-docs/swagger-config
It turned out to be a problem related to openapi-ui, because I was able to solve it when I cleared the browser cache and cookies. It is better do to the tests with incognito browser since it does not hold any data on the session.
If you are using SpringBoot v3, you must use springdoc-openapi v2:
https://springdoc.org/v2/
With gradle, for example:
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'
Mpjwt configuration for open liberty server.xml
<mpJwt
id="keycloakJwt"
jwksUri="https://auth.ura.go.ug/auth/realms/sso/protocol/openid- connect/certs"
issuer="https://auth.ura.go.ug/auth/realms/sso"
userNameAttribute="preferred_username"
audiences="askura-etax-ws">
</mpJwt>
Unprotected route return the following error when accessed CWWKS5522E: The MicroProfile JWT feature cannot perform authentication because a MicroProfile JWT cannot be found in the request.
#PermitAll
#Path("/test")
public class TestResource {
#Inject
AppProperty appProperty;
#GET
#Path("/ping")
#Produces(MediaType.TEXT_PLAIN)
public String test() {
return "TEST";
}
}
The code around the CWWKS5522E message was recently updated in https://github.com/OpenLiberty/open-liberty/pull/15606 in 21.0.0.2 to not be issued when the resource is unprotected. Please confirm if you are using at least that release or a newer one. If you are, please open an issue in https://github.com/OpenLiberty/open-liberty/issues and we can assist you in debugging your problem.
Regards,
Teddy
I've gone ahead and tried almost any tutorial with the hopes it wouldfix this.
I'm new to spring boot.
So I have a spring boot web application setup, but css, jscript and any other static content won't be loaded in template. It's not a problem with the css or jscript as implementing them directly into the html file will make it work.
This (http://prntscr.com/lk6f6q) is how my project looks like. "test".js just includes a simple alert call.
Html: https://hastebin.com/ixejakiqev.xml
Pom: https://hastebin.com/vakinawuva.xml
What am I doing wrong? I'm trying to solve this since a week and nothing seems to work. Am I maybe missing a library?
Check the exact issue using network tab of the browser.
and also ensure that you have a class something like below to handle static resources.
#Configuration
#EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
#Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler(
"/webjars/**",
"/img/**",
"/css/**",
"/js/**")
.addResourceLocations(
"classpath:/META-INF/resources/webjars/",
"classpath:/static/img/",
"classpath:/static/css/",
"classpath:/static/js/");
}
}
The security config did not allow unverified access to the static resources.