Spring webflow prevent GET method in transition - spring

I am using spring webflow 2.3.1.RELEASE in my project.
The customer's security team raised and issue witch is "It is possible to change the http method from POST to GET and the application accepts the change and continues working."
So I need to prevent this change and make my transitions accept only POST method. Or throw exception if I get any request parameter other than execution in the url.
How can I do this?

You could create your own FlowExecutionListener and throw an exception when the request method is different than POST and/or when request parameters are present.
see the documentation here and API here

I solved the problem using interceptors of the FlowHandlerMapping.
I've created a class and named it MethodInterceptor, implementend org.springframework.web.context.request.WebRequestInterceptor.
in the "public void preHandle(WebRequest request) throws Exception" method, I checked the request method, if it was get, I checked the request parameters to be either empty or contain only the execution parameter. If the condition didn't meet, I threw an exception.

Related

How can I test my controller for throwing an exception in Kotlin?

So I have a controller with one GET method. I need to test it. When I write in URL request with incorrect iso code of the country, it throws me back a custom exception. So how can I test it?
So here 'UA' is incorrect argument
#Test
fun check_for_incorrect_iso_code() {
mockMvc.perform(get("/countries/UA"))
.andDo(print())
.andExpect(status().is4xxClientError)
}
Test is working, but I need to extend it and check if it throws my custom exception - 'InvalidIsoCodeException' for example.
Thanks for the answer.
Your Java code is throwing an InvalidIsoCodeException but your server/controller cannot throw exceptions. Instead it sends back an HTTP response to the client. The InvalidIsoCodeException is mapped by Spring to a specific response. You're already checking the status of the response with .andExpect(status().is4xxClientError()). You can also verify the body of the response if you want to be more specific.
If you want to test for the exception then you have to test your controller like a normal Java class without MockMVC.

How can I handle Tomcat's MaxUploadSizeExceededException in Spring?

I have done some research around this with conflicting results. To handle this error, some say that I need to implement HandlerExceptionResolver in one of my controllers.
Here are some links for that:
How to handle MaxUploadSizeExceededException
Handling MaxUploadSizeExceededException with Spring MVC
http://www.raistudies.com/spring/spring-mvc/file-upload-spring-mvc-annotation/
On the other hand, other people are saying that this approach is futile such that the Exception is occuring outside the request handling flow:
http://forum.spring.io/forum/spring-projects/web/124409-handling-maxuploadsizeexceededexception-in-spring (The second poster in the thread)
MaxUploadSizeExceededException doesn't invoke the exception handling method in Spring
I have tried the above solutions but they do not work for me. It appears that the Exception occurs outside of Spring, as expected. I am unable to catch this even with HandlerExceptionResolver.
Trying following the approach specified in the link below. Basically, you configure an error page for any un handled exception and then define a handler for the error page. Looks like a decent workaround.
Here is the link http://www.javacodegeeks.com/2013/11/how-to-custom-error-pages-in-tomcat-with-spring-mvc.html
Hope this helps.

The difference between exchange method and execute method in spring rest template?

I have three questions!
First.
I am using the spring framework for sending the data through rest protocol.
restTemplate.exchange(requestUrl,HttpMethod.POST, request, listVo.getClass());
org.springframework.web.client.RestTemplate.exchange(String url, HttpMethod method, HttpEntity<?> requestEntity, Class<? extends Object> responseType, Object... uriVariables) throws RestClientException
I used it without any problem, but I want to know the purpose of the parameter, responseType.
The client don't use response data, but just use response status code / msg. So, I sent some meaningless
String data instead. But the error thrown that they accept "null". So I sent a "null" String. not null.
Then, the error got rid of. But there was another problem. Right after the client received the data from the server and paused for a long time. Then next line of codes are executed. What is problem?
Second
I can't find any references that use execute method of Spring RestTemplate.
Third
Like the title, What is the difference between the exchange method and the execute method in spring rest template?
Thanks for your time and effort.
Cheers.
exchange return type is ResponseEntity<T> while execute is T
Taken from "Pivotal Certified Spring Web Application Developer Exam" book
The execute and exchange methods can be used for any type of REST calls
The execute method can also be given a RequestCallback implementation as a parameter, which tells the RestTemplate what to do with the request before sending it to the server.

How to send the send status code as response for 404 instead of 404.jsp as a html reponse in spring?

I created web application in spring and handled exception mappings for 404 and 500.If system doesn't find any resources for requested URL it redirects into custom 404.jsp instead of regular 404 page.Everything works fine till have decided to add a webservice in my app.I have included one more controller as a webservice there is no view for this controller and this needs to be invoke through curl command.
User may get into change the curl script.If they changed the URL it should show 404 status code.But it returns the custom 404.jsp as a html response instead of status code.Because dispatcher servlet will takes all urls with /*.
How I can solve this issue?
Please share your suggestions.
Spring 3.2 introduced the #ControllerAdvice, and as mentioned in the documentation:
It is typically used to define #ExceptionHandler
That means you can use the #ControllerAdvice to assist your #Controller like the following:
#ControllerAdvice
class GlobalControllerExceptionHandler {
#ResponseStatus(HttpStatus.NOT_FOUND) // 404
#ExceptionHandler(Exception.class)
public void handleNoTFound() {
// Nothing to do
}
}
For further details please refer to this tutorial and this answer.

How to configure spring HandlerExceptionResolver to handle NullPointerException thrown in jsp?

From a jsp is thrown a NullPointerException for example using <% null.toString(); %>
This exception is not handled by the HandlerExceptionResolver, but thrown to the web container(tomcat) and converted into a code 500 error.
How can I configure spring to get that error in my HandlerExceptionResolver ?
Details:
Spring can be configured to handle exceptions thrown inside Controllers, but not exceptions thrown by view.
Of course i can resolve the NullPointerException, but i want to design a solution that will gracefully resolve any possible problem on the web application in order to display a user friendly message to the user.
See the HandlerInterceptor interface instead. You'll want the afterCompletion method. You can then intercept the response and then set the appropriate header information to redirect to a container-configured error web page. You're right that Spring doesn't have this functionality, this is going to have to be specified by the web.xml which determines which codes map to which pages.
I have not worked with this particular bit of the spring framework, but the docs say
"Interface to be implemented by objects than can resolve exceptions thrown during handler mapping or execution, in the typical case to error views. Implementors are typically registered as beans in the application context.
Error views are analogous to the error page JSPs, but can be used with any kind of exception including any checked exception, with potentially fine-granular mappings for specific handlers."
so I'd imagine that given that NullPointer extends RuntimeException the framework isn't designed to catch it. Is there a reason the exception(s) can't be handled in the controller directly?

Resources