How to add custom headers when using Spring+websocket+stomp - spring

Is it possible to add custom header from server side?
I tried to add an interceptor to outboundchannel, but couldn't add any custom header.
By the way my question is absolutely the same as 3 years ago from Glinskiy Vladislav: How to add custom headers to STOMP CREATED message in Spring Boot application?.
But there is still no answer with a solution.

Related

Spring Boot Form data Submitsion vs A8:2017-Insecure Deserialization

Is form attibute binding vulnerable to A8:2017-Insecure Deserialization
I was testing Spring boot form submission for my internal project when I came across -
OWASP TOP 10 A8:2017-Insecure Deserialization
As per my current project,
I am binding the form parameter and getting a SearchPOJO at my controller
using #RequestBody
I have the following doubts:-
Is it safe to pass the parameters as Spring may create the POJO, serialize it and then send it over to network, hence I am vulnerable to A8:2017-Insecure Deserialization?
Does Spring boot perform the same process in any different way?
If there is a vulnerability, then will sending form data using #RequestParam/#PathVariable shall solve the issue?
As of now we are using Thymleaf in Frontend We are also planing to
switch to React Frontend in the coming months.
OWASP TOP 10 A8.2017
I would be highly obliged if someone can clear my doubts.

Custom swagger documentation/ Where is my swagger setup?

I have a jhipster based Spring project, which uses yarn/angular on the front end, and Spring on the back. I am with trying to figure out how to customize the swagger page. Currently it auto-populates new API's using swagger-ui, which is great, but I needed to add more custom info to those API's, hence my problem.
But I'm confused on what's running swagger. It looks like there's a node package called swagger-ui-dist and I also see a src/main/webapp folder with a swagger-ui folder, containing an index.html page.
I think what I pretty much want is to replace the current swagger-ui auto setup, with swagger that reads a file that I can create online using Swagger editor.
Apologies, for what I hope are simple questions. I'm brand new at swagger and npm/yarn.
Thanks
So after a bit more research, I found you could create your own OpenAPI doc, but an easier method in Spring is to annotate the endpoint methods with the #APIOperation annotation. There are other swagger specific annotations as well.
In the parameters, you can give value="", notes="" and a number of other customized values that will clarify what your API does in Swagger. Then swagger auto fills it in when bringing up your swagger page.
I hope that helps anyone with the same issue I had.

Custom HttpMessageConverter for Spring Data REST

I'm about to dig into the code to find out, but thought I'd ask since I can't find any documentation or references. Spring-data-rest seems to support only JSON (specifically HAL+json). I know I can probably overlay an mvc controller on top of the spring-data-rest endpoint (and autowire the RepositoryRestResource) but that creates a bit of a maintenance issue. I'd like to use content negotiation to allow CSV endpoints if a message converter is available for the domain type.
Do spring-data-rest endpoints work with custom view implementations?
edit (more specific): Do sprint-data-rest endpoints work with custom HttpMessageConverters when serializing responses?

Can Spring Web Flow Work in Non Spring MVC application? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am working on evaluating Spring Web Flow for handling conversational flows in the web application that is currently used. Currently, the web application that we are using using is a custom company made MVC framework that was developed 10+ years back when there was no Spring MVC or Struts etc. There is a ControllerServlet in the application which is currently doing the work of managing the requests, similar to DispatcherServlet of Spring MVC.
Now, we want to take advantage of the Spring Web Flow features and renew the application and ease the developers life. I would like to know from all you people out here who had similar experiences in the past of migrating legacy MVC application to Spring Web Flow.
Please suggest the configurations and / or changes which I should be looking at to take this into right direction.
Some of the questions which come naturally to my mind are:
Configuration changes to web.xml? or adding a spring related xml file?
Any changes that we need to make to the JSP's? I am assuming Spring Web Flow will require me to make changes in the JSP's. What do you guys feel?
How could we get rid of the ControllerServlet? or better yet ask the ControllerServlet to refer to Spring Web-Flow for all the requests?
If Spring Web Flow is replacing the ControllerServlet, what happens to all the code that is written in it? what equivalenet of Spring Web Flow do we need to write?
Thanks,
Yogendra
Why replace, you can perfectly use Spring Web Flow (and/or Spring MVC for that matter) alongside your own MVC framework. You only have to be careful when you are crossing boundaries between the 2.
What we did in such a scenario was introduce a DispatcherServlet for only handling the Spring Web Flow request and everything else was handled as before. So you basically have 2 servlets instead of 1.
Another solution would/could be to replace your own servlet with a DispatcherServlet and let all requests for the old part of the application delegate to your own ControllerServlet, for this you could use the ServletWrappingController of Spring MVC.
Benefit of the last approach is that you could create a HandlerInterceptor which could move some stuff around from your own MVC framework to SWF and vice-versa.
In each and every car you would need to change the pages that use Spring Web Flow to use the Spring tag libraries so that form can be properly handled, for pages that aren't used/served by Spring Web Flow everything can remain the same.

Session handling in Struts 2.1.6

I have a project with the following setup:
Tomcat 6.x
Struts 2.1.6
DisplayTag 1.2
Spring 2.x (1 or 5, don't remember now)
I want to know to to do session controlling in every action of my app, like if the users weren't logged in, they're redirect to certain page to login (in the case of my project, either the user come to a special crafted url like login/SPECIALHASHTOLOGIN or won't enter at all.
Need more details?
Thx in advance.
I'm still new to S2 as well, but I believe what you will need to do is modify the default interceptor stack (or create a custom stack) and add a custom interceptor. This custom interceptor will need to implement SessionAware to access the user session, and must implement your custom logic (which action to redirect to, which URLs do not need protection, etc.).
Here is a good tutorial of a LoginInterceptor that behaves similar to what you are requesting.
Acegi security is a great way to add security to your web app if you're already using Spring. Here's a decent 1-hour Acegi tutorial.

Resources