I am currently working on a Spring Web services(SOAP) project. The requirement is to validate the request payload and return the error response if validation fails and log it. I have extended PayloadValidatingInterceptor to return custom validation message.
As part of logging requirement, we need to print the header values from Request Headers (HttpServletRequest) for tracking purpose.
How to access HttpServletRequest in the implementation of PayloadValidatingInterceptor?
Is it possible to inject HttpServletRequest?
version details:
Spring-Boot : 2.2.6
Spring-ws-core : 3.0.8
Please help.
Related
We are using the Netflix DGS framework to build our backend to provide a GraphQL API.
In addition to that we use Keykloak as an identity provider which comes with a handy Spring module to add support for authentication and authorization out of the box.
Every request contains a JWT token, which gets validated and from there a SecurityContext object is being generated which is then available in every endpoint.
This is working great for HTTP requests. GraphQL queries and mutations are sent via HTTP, therefore no problem here.
Subscriptions on the other hand use the web socket protocol. A WS request does not contain additional headers, therefore no JWT token is sent with the request.
We can add the token via a payload, the question is now how to set up a Spring Security Filter which creates a Security Context out of the payload.
I guess this is rather Spring specific, basically a filter which intercepts any web socket request (ws://... or wss://...) is needed.
Any help or hint is very much appreciated!
The only way to use headers in web socket messages is in the connection_init message. the headers will be sent by the client in the payload of the message.
The solution I propose is done in 2 steps (We will assume that the name of the header element is "token"):
Intercept the connection_init message, then force the insertion of a new element (token) in the subscription request.
Retrieve the element (token) of the header during the interception of the subscription and feed the context.
Concretely, the solution is the implementation of WebSocketGraphQlInterceptor interface
#Configuration
class SubscriptionInterceptor implements WebSocketGraphQlInterceptor {
#Override
public Mono<Object> handleConnectionInitialization(WebSocketSessionInfo sessionInfo, Map<String, Object> connectionInitPayload) {
sessionInfo.getHeaders().add("token", connectionInitPayload.get("token").toString());
return Mono.just(connectionInitPayload);
}
#Override
public Mono<WebGraphQlResponse> intercept(WebGraphQlRequest request, Chain chain) {
List<String> token = request.getHeaders().getOrEmpty("token");
return chain.next(request).contextWrite(context -> context. Put("token", token.isEmpty() ? "" : token.get(0)));
}
}
I have a Quarkus microservice doing authentication and authorization with Keycloak using quarkus-oidc and quarkus-keycloak-authorization extensions.
when i use quarkus.keycloak.policy-enforcer, reader & writer interceptors and container request & container response filters and exception mapper (with disable proactive) not working on 401 error. do you have any idea??
We are using spring boot 2.4.5 with webflux and calling a service with client credentials grant type. What we noticed is that webclient is not following redirects.
How can we enable webclient to follow redirects where it can continue passing access token until it get the http 200?
Adding following code snippet does not pass the access token to redirected url and it is returning 401.
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(
HttpClient.create().followRedirect(true)
))
The sensitive headers like the Authorization are removed from the initialized request when redirecting to a different domain.
You can use the following variant of followRedirect(boolean):
followRedirect(boolean followRedirect, Consumer<HttpClientRequest> redirectRequestConsumer)
In order to re-add the Authorization header using redirectRequestConsumer.
For more details see the Javadoc here and Reactor Netty documentation here.
I'm getting deprecated message for the bean Wss4jSecurityInterceptor. I'm using >spring-boot-starter-ws(1.4.7-RELEASE). spring-ws-security(2.4.4-RELEASE), org.apache.ws.security wss4j (1.6.9).
How to add the username token to consume SOAP services using Spring WebService Template ?
Sorry..Silly error..Need to upgrade to "org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor;"...wss4j2 instead of wss4j.
However still Null pointer exception " Received Fault message for request Exception=null.
Settled. The application message exception object isn't extracted properly from the SoapFaultClientException.. e.getSoapFault().getFaultDetail()
How can I change the render of Spring Oauth2 errors? For example when you try to access rest resource which is protected without providing Bearer header, this error is rendered by Spring Framework :
<oauth>
<error_description>Full authentication is required to access this resource</error_description>
<error>unauthorized</error>
</oauth>
I want it to render like my other API responses and error messages which I am handling with #ControllerAdvice and #ExceptionHandler annotations.
I have tried to provide WebResponseExceptionTranslator but it only triggers when I provide bad credentials.
I see that the DefaultOAuth2ExceptionRenderer is responsible for rendering this errors, but could not manage to change it.