I've asked the same question at Vaadin's forum, but noone responds there, so maybe someone here can help.
I've developed a Vaadin Spring Boot app that works perfectly when I run it as is, but when I tried to run it behind Apache Proxy (so that requests to http://website/vaadin-app/ are forwarded to http://website:8080), I've got a problem: UI is rendered successfully, but the data can't be fetched from the server. The error is: The requested URL /vaadinServlet/UIDL/ was not found on this server.
It looks like Vaadin doesn't make relative requests, but rather absolute ones, so it tries to load http://website/vaadinServlet/UIDL/ instead of http://website/vaadin-app/vaadinServlet/UIDL/
What kind of configuration should I add to address this issue?
Related
I am building a small spring boot/ angular app that will be diplayed inside an iframe of another app. Basically a small tool for adding / editing contracts. I have not implemented spring security, because the whole authentication thing is done by the parent app. There is only 1 way to reach my app, through that another app. The parent app will send me the login and thats all.
The problem is, I cannot open my app inside the another, because of the x-frame-options: deny header. Is there a way to change this header without implementing the whole spring security thing. Or maybe implementing only the HttpSecurity part with disabling x-frame-options. Implementing the whole spring security would be an overkill for that small app, so I really hope there is some another option in spring boot, or maybe server side (WildFly 20).
I am using spring boot 2.7.0.
Thanks in advance.
If you implement Content-Security-Policy frame-ancestors directive it will override X-Frame-Options (Except for IE, which no longer should be a problem). You need to find a way to set the header in the same response as X-Frame-Options, this could likely be in code, webserver, proxy, or a load balancer. In the frame-ancestors directive, list the host names of all allowed hosts.
I am a little out of my league on this one as I am still getting familiar with everything Springboot. Onto my problem...
I am unable to access actuator for an application that is running in a fat jar file on an application server. All works great when I run the application locally through Eclipse as I am perfectly able to access a couple of the endpoints (health, logfile) via a browser and Postman.
However, when I attempt to access those same endpoints (via curl, a browser or Postman) using the application server's url, I get a 404. I am able to access other custom written apis within the application with no issue, just not actuator apis.
I know I am missing something very obvious, but cannot figure out what that is.
Good - http://localhost:9091/actuator/health --> from a browser or Postman
Not good - http://my-app-testserver-01:9090/actuator/health or curl localhost:9090/actuator/healthand both yield the below error. NOTE that the curl is performed on the application server.
"timestamp":"2022-06-30T20:57:12.191+00:00","status":404,"error":"Not Found","path":"/actuator/health"
What else? Oh yeah, below is a snippet from my yml file pertaining to actuator and I believe that is ok.
Any insight on this is greatly appreciated. Thank you.
management:
server:
port: 9090
endpoints:
web:
exposure:
include: "health,info,logfile" ```
This is all set now. I was setting up the application on a new server and had to have the ports opened up for me. Once that was done I was able to access the Actuator apis with no issues.
I'm having this problem with a new Spring Boot service, written in Kotlin, where I start to get 404 for any REST requests after some random time (When I deploy the service, instead, everything works fine, with the same REST APIs).
In addition, I've also other services, written in Java, that are running without any problem.
Just to specify:
all the components are well defined in the application;
I've moved logging filters and some authorization logic in libraries also used in the java services (services that are running perfectly);
I am not able to reproduce locally, it happens after some time only in staging and prod envs.
Then I've noticed a really strange thing:
when running a public request (so that I skip all the auth logic checks) the logger prints the response status as 200 -> but then the final answer that the client gets is 404.
Do you have any idea or tip?
Thanks
Problem fixed! It was a mistake in the middleware, there were two service without the correct routing setup -> traefik was not able to redirect the traffic in the right way
So, the answer is probably super easy, but I just can't seem to figure it out.
I have set up a REST webservice, according to this tutorial: https://spring.io/guides/gs/rest-service/ and have set up the Requestmapping and everything using postman, and that end is working like I intended to.
I am setting up my site locally, but when I try to send a get request with jquery, I am receiving the following error: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
So I have understood that the problem is that I am trying to run my html from file:// and that the solution is to run it from localhost on the tomcat server and found this answer in another topic: Deploying just HTML, CSS webpage to Tomcat
However, I cannot find such a webapps folder, and I am assuming it is because my tomcat server is deployed using maven and springboot. So how do I deploy my html/js on the tomcat server when it is deployed this way?
I am working on a mac and with IntelliJ.
In your spring boot application you can put your index.html file in src/main/resources/static directory and it will be served by the application.
Also you may try to configure CORS in spring boot, see this answer for links.
If you are deploying normal web applications like jee apps you do it by placing your war file in webapps folder. The web apps folder is inside your tomcat
But for for intellij-idea go through this, it should work:
Where is my app placed when deploying to Tomcat?
I have been Googling a lot lately, but I find myself coming up short on answers.
I have a complete Spring MVC application secured by Spring Security and with services exposing logic to controllers (controllers -> service -> repository -> POJO's).
Currently all my controllers, except the login controller, serve nothing but JSON/XML and I want it to stay this way. I do not want to render different views on each controller.
However, what I want to be able to, is to separate the web application from the backend because in time I want to be able to integration with my service using more platforms than just a web browser.
Currently I have the regular Spring MVC application:
Configuration
Domain(POJO's)
Repository
Service
Controller
Login is done using a Thymeleaf rendered view and Spring Security which does nothing more than filtering all urls under the application root. After this, it is just a bunch of static files being served as resources:
Spring Controllers send a "{ontrollerName}/layout" to serve the AngularJS HTML partial used for all data under that given Spring Controller.
What I want, is a way to separate everything in the /webapp directory from the rest of my project. I have looked into a few different solutions here such as using Apache Proxy where my Apache Http server hosts the client code which communicate with the backend using Ajax to rest controllers, and Tomcat hosting the backend. However, I hear that proxying like this is not safe. I could however be dead wrong here.
So, the questions I hope to receive answers to are:
1. Is it fine to just write a client that uses Apache http server's Proxy to provide access to Ajax on the server?
If not; How should I proceed? Is it any point in trying to extract the client side from the /webapp directory or is this just some stupid idea I created because it seemed cool to be able to deploy them without having to relay on each others?
Is there any best practices in regards to how I structure a project with separate modules? Think Gradle build scripts for multi modules.
Should I think in different terms and use an approach not based on Spring MVC at all? If so, please advice me.
I hope this was clear enough to make sense for you guys.
The solution was to use the simpler approach of a restful API that did authentication over OAuth 2.
Basically the two best alternatives are a hybrid solution (part restful API and part server side rendering of pages) or a full blown restful API where you implement all functionality in a static web client. This way there is no need for multi-module projects and packing things together in one package.