I use spring boot 2, thymeleaf and spring security.
In spring boot, the locale seem to be took from the browser language. Surely sent via Accept-Language
Is it possible to override that? Maybe is not neccessary...
What i try to do is to take lang value from user (CustomUserDetail) and use this value to use this value to display correct value from my thymeleaf page.
I created a class who implements AuthenticationSuccessHandler, it take lang value from user .
I do
LocaleContextHolder.setLocale(StringUtils.parseLocaleString(user.getLang()));
My browser local is in english, my user lang is french.
After user connect successfuly, web page continue to be displayed in english.
In my application.properties, I have
spring.messages.fallback-to-system-locale=false
Related
I configured my web application as indicated in https://www.baeldung.com/spring-boot-internationalization#localeresolver
with setting Locale.ITALIAN as default locale for LocaleResolver bean.
I have two message files:
message.properties with italian messages
message_en.properties with messages in english
However, labels defined in messages_en.properties, when exists. For example with setting locale via lang=es request parameter, messages in english are shown.
The expected behaviour, if I understand, should be that if lang=en, message_en.properties should be used, where as for all other languages messages in message.properties should be used.
Suggestions?
If you use the latest version of Spring Boot (2.5.3 at the moment), the tutorial isn't as up-to-date. For example, with the latest Spring you must do additional, but simple config to override LocaleResolver bean.
Depending of your implementation, you may need to add in the application.properties file the line spring.messages.fallback-to-system-locale=false or if you overridden the "messageSource" bean, you must set messageSource.setFallbackToSystemLocale(false); in your own bean.
This way the app should work as expected, with all languages except EN using message.properties.
I'm migrating a Play! 1.2 web application and moving to Spring Boot + Spring MVC. Some views contain URLs to other endpoints. For example, I display the book title on the page and next to it I want to add the URL to go the book's details page (e.g. localhost/books/{id}).
In Play! 1.2 the controllers are static, and there is also a Router which can create the full URL for a method belonging to another controller (Router.getFullUrl("BookController.bookDetails", args)), but how do I achieve this with Spring MVC?
Best regards,
Cristian.
If you are trying to get the app/deployed name automatically in .jsp files to make the urls, then please make use of context path. An example below :
<c:set var="context" value="${pageContext.request.contextPath}" />
<script src="${context}/themes/js/jquery.js"></script>
From your requirement "admin.myapp.com","admin-test.myapp.com" are server names right? Something like http://admin.myapp.com/book/{bookId},http://admin-test.myapp.com/book/{bookId}. In Spring app, relative path in jsp can be accessed using pageContext.request.contextPath
I also found the UriComponentsBuilder and ServletUriComponentsBuilder. They are similar to the Play! Framework router and provide methods for building URI's, handling parameters and the query etc. We chose to annotate the controllers' methods using constants and then use the same constants with the UriComponentsBuilder to build back the path and create the request query for GET requests.
I'm migrating a JSF application from Spring Security 3.2 to 4.0.1. This version changes many default urls, for example the default login url to /login.
The application has its own login page (using JSF AJAX) and it is still displayed when calling /login, but all POST-Requests to this URL (and so all AJAX-Requests from the Login-Page) are captured by the UsernamePasswordAuthenticationFilter and that is trying to process the authentication, causing the request to get redirected to the loginform again.
After looking at the code this url seems to be hard-coded:
public UsernamePasswordAuthenticationFilter() {
super(new AntPathRequestMatcher("/login", "POST"));
}
So I have to disable this filter completely, or better, avoid it's creation. Can anybody point me how I can do it.
Changing my login page to another url is working, but is not the nice solution.
EDIT: I have created a Bugticket in Spring Security for this: https://jira.spring.io/browse/SEC-2992
EDIT 2: I've found another workaround: If I set the login-processing-url for the form-login to something unused it is working, but seems to be very hacky. There should be a way to disable it completely. Also it should be stated in the migration guide, I lost hours until I found this.
I am going to assume that you are trying to upgrade to Spring Security 4.0.0 (the latest available version is 4.0.1).
Spring Security 3.x used spring_security_login as the default login URL (source: official documentation). This could be set to a custom value as <security:form-login login-page="/login"> and mapped to a controller to render a custom page.
Spring Security 4.x has abandoned spring_security_login and switched to login as the default login URL (source: official Spring Security 4.x migration guide). Therefore, the URL login now goes to the default Spring Security infrastructure, that displays the default, auto-generated login page.
There was a bug in 4.0.0 due to which the default infrastructure was still getting used in cases where the URL /login was manually mapped to a custom controller method. This bug has been fixed in 4.0.1. Do try upgrading to Spring Security 4.0.1 to see if you can use /login as the login URL.
It looks like you could call setFilterProcessesUrl(String) (or, equivalently, setRequiresAuthenticationRequestMatcher(RequestMatcher)) to override the default of /login.
In my web application I am using Spring login form (with Spring-security). By default the login form has the fields j_username and j_password. I need to add one more element(checkbox for Terms&Conditions). The current code doesn't have LoginForm as well as LoginController since Spring is internally handling it.
Can anyone please tell how to handle/override this?
I have seen this link Spring security custom login page
But I need to add the new element in LoginForm (which is not existing currently) - where I need to add this new element(in Form - .java file)
Also should I write a new controller (LoginController) or can I use any existing filter as given here? http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#filter-stack
Does the user just have to check the box in order to procede, or does it bind to a backing model object.
If it's the former, I'd just handle it through javascript. If the latter, the easiest way would probably be implementing an Authentication Filter, this area of the documentation might help:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-web-filters.html#form-login-filter
I'm trying to show a login box in my page only if the user is not authenticated yet.
I'm using Spring Security 3.0.
Do I have to check inside the view (JSP page) through some value I set on the model while processing the request in the Controller or is there another way to achieve this?
Checking inside the JSP seems the most straightforward here. The Spring Security taglib lets you do just that.
See http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html