Spring MVC GET Request Logging - spring

I have a Spring Boot/Spring MVC REST app that has a GET mapping endpoint for ex.
#GetMapping(value = "/person")
public ResponseEntity<Person> getPerson(#RequestParam final String personID)
{
//service call for a person
return new ResponseEntity.ok(personObj);
}
I am using PostMan to hit the endpoint and I have the spring boot jar running and something I noticed was that every PUT and POST method is logged but when it came to GET requests, they were not logged. The only time I got a GET in the running spring boot server logs was if I hit the wrong endpoint path for i.e localhost:8080/personn (misspelling) the log would show the URL with the requestparam value appended to the URL like "GET /personn?personID=123 HTTP/1.1" 404 - "-" "PostmanRuntime
It seems like successful GET calls are not logged but unsuccessful GET calls are logged. Is this normal behavior?
If personID was sensitive data then I should probably use POST?

You can set the logging level of the Spring web package to DEBUG in the application.properties, something like:
logging.level.org.springframework.web=debug
or in recent version of Spring Boot:
logging.level.web=debug

Related

OAuth/authorization end point is not returning with expected http 302 status, also session id and token information is missing in the response

I am upgrading my jhipster application to the latest jhipster version which is 7.6.0.
Jhipster 7.6.0 introduces latest version of spring boot (2.6.3) and spring framework (5.3.15)
For security configuration class, I am still using the annotations from spring web mvc and I am not using spring web reactive. At this point, I dont want to switch to web reactive.
#EnableWebSecurity
#EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
#Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { }
After compiling, building and starting my application, If I hit the login url, then I get below error on the screen
Login with OAuth 2.0
[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 403 Forbidden: [no body]
Browser's DevTools console shows that OAuth/authorization end point is returning with 200 http status with no values for session id and token, whereas ideally the end point should return with http status 302 along with session id and token.
I suspect, its related to the changes introduced by the version upgrade, because If I switch back to the older branch of the source code (having older version of jhipster like 6.4.1 and spring) , then the login works just fine.
Can anyone suggest what could be the possible reason behind this issue?
I believe that the 'authorize' end point returning 200 response with missing session id and token is surely one of the reasons.
Please guide me on this.
Thanks.
Thanks for the details. I have found the root cause. For the latest version of spring security, oidc: scope needs to be mentioned explicitly. something like this - scope: openid,profile,email. Adding this scope in application yml fixed the issue. –

How to log 415 errors in Spring

My service is currently experiencing 415 errors, but I'm not getting any logs to find out what errors they are.
Will I be able to add logging in some kind of filter so that I can know what's going on?
#RequiresHttps
#RequestMapping(value = "/test", method = RequestMethod.POST)
public ResponseEntity<String> doAction(#NonNull #RequestBody CustomRequest[] requests) {
It looks like the 415 is happening inside spring mvc engine and it doesn't event reach your controller so that you can't really place the logs in our code (in doAction method for example).
Try to enable tomcat embedded access logs and you'll see the file with all the requests and return status. These are disabled by default so you should add the following into application.properties or yaml:
server.tomcat.accesslog.enabled=true
There are some configurations / customizations you can do with that, you can read about them in this tutorial for example

Handle Unsupported Media Types in Spring

I'm currently building a simple REST service using Spring framework. But when testing using Postman, I have encountered the following issue:
Click to view image
I wonder how to make Spring recognize the received Content-Type header actually match the application/x-www-form-urlencoded, which is supported.
UPDATED:
I'm current run my app at localhost with embedded Tomcat server.
My endpoint briefly includes:
POST: /api/users - for creating new user
GET: /api/users - for listing users
GET: /api/users/{id} - for retrieving user by his id
The request body for POST endpoint:
"email":"<your-email>",
"password:"<your-password>"
UPDATED 2:
My Endpoint image
Try this:
#PostMapping(path = "/api/users",consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE})
public ResponseEntity<String> createUser(#RequestBody User user)

How to send POST requests to a Spring Boot REST API using Postman form-data?

I'm trying a very simple Spring Boot + MySql app using STS: https://github.com/acenelio/person01
Posting a new Person using raw body works fine. However, when trying to post using form-data, I get either a 400 HttpMessageNotReadableException or 415 HttpMediaTypeNotSupportedException error, depending on which Content-type I set on Headers.
I provided some Postman printscreens here: https://sites.google.com/site/stackoverflownelioalves/arqs
What am I missing? I'm kinda new on Postman and Spring Boot. Thanks.
You can use the #RequestBody annotation:
#RequestMapping("/addInvestorProfile")
public #ResponseBody Boolean addInvestorProfile(#RequestBody() InvestorProfile profile
, #RequestParam(value = "sessionId") String sessionId)
{
.... your content
return true;
}
I am not sure which version of your spring boot. First of all, almost all spring mvc or spring boot controller method will accept all request content-type when you are not add consumer param to #RequestMapping annotation. So, maybe there is some wrong usage of postman.And I am work with spring boot & postman well.
try to compare postman behavior by copy request to curl
Usually post a request use curl looks like:
curl -XPOST UrlOfYourSpringBootEndPoint -d'body of your post'
more detail of curl here.

How to send the send status code as response for 404 instead of 404.jsp as a html reponse in spring?

I created web application in spring and handled exception mappings for 404 and 500.If system doesn't find any resources for requested URL it redirects into custom 404.jsp instead of regular 404 page.Everything works fine till have decided to add a webservice in my app.I have included one more controller as a webservice there is no view for this controller and this needs to be invoke through curl command.
User may get into change the curl script.If they changed the URL it should show 404 status code.But it returns the custom 404.jsp as a html response instead of status code.Because dispatcher servlet will takes all urls with /*.
How I can solve this issue?
Please share your suggestions.
Spring 3.2 introduced the #ControllerAdvice, and as mentioned in the documentation:
It is typically used to define #ExceptionHandler
That means you can use the #ControllerAdvice to assist your #Controller like the following:
#ControllerAdvice
class GlobalControllerExceptionHandler {
#ResponseStatus(HttpStatus.NOT_FOUND) // 404
#ExceptionHandler(Exception.class)
public void handleNoTFound() {
// Nothing to do
}
}
For further details please refer to this tutorial and this answer.

Resources