I'm using Spring Boot + Spring DATA REST and Swagger (Springfox 2.7.0). Spring DATA REST follows HATEOAS principles, so id field should never be present in return resources.
In GET methods this works fine but in POST methods the form show an id parameter I don't understand where it comes from.
This is the screenshot of the Swagger ui. Like you see, the form contains an id parameter of type path that is not present in the model definition.
I'm sure it is not needed, in fact doing a request via Postman, it works without set id param.
Also in swagger everything works fine, filling id param with a random value.
Is it an incompatibility between Spring DATA REST and Swagger or I should set something more?
I followed instructions here:http://springfox.github.io/springfox/docs/current/#support-for-spring-data-rest
=================== UPDATE ==============================
This issue is resolved in SpringFox version > 2.7.0.
Here the link to the bug: https://github.com/springfox/springfox/issues/1839
Related
Is form attibute binding vulnerable to A8:2017-Insecure Deserialization
I was testing Spring boot form submission for my internal project when I came across -
OWASP TOP 10 A8:2017-Insecure Deserialization
As per my current project,
I am binding the form parameter and getting a SearchPOJO at my controller
using #RequestBody
I have the following doubts:-
Is it safe to pass the parameters as Spring may create the POJO, serialize it and then send it over to network, hence I am vulnerable to A8:2017-Insecure Deserialization?
Does Spring boot perform the same process in any different way?
If there is a vulnerability, then will sending form data using #RequestParam/#PathVariable shall solve the issue?
As of now we are using Thymleaf in Frontend We are also planing to
switch to React Frontend in the coming months.
OWASP TOP 10 A8.2017
I would be highly obliged if someone can clear my doubts.
When I run locally my Spring Boot application with added dependencies springdoc-openapi-ui, I expect to get generated swagger api form for rest methods at url
http://localhost:55555/swagger-ui/index.html, but instead I get response with empty array []. But if I open http://localhost:55555/v3/api-docs, it shows openapi specification for rest methods.
There is no warnings in application log. How can I troubleshoot this library?
P.S. Swagger api form was working shortly before this moment. When problem had been occured, I removed any related configuration properties and beans, but the problem remained
I have a jhipster based Spring project, which uses yarn/angular on the front end, and Spring on the back. I am with trying to figure out how to customize the swagger page. Currently it auto-populates new API's using swagger-ui, which is great, but I needed to add more custom info to those API's, hence my problem.
But I'm confused on what's running swagger. It looks like there's a node package called swagger-ui-dist and I also see a src/main/webapp folder with a swagger-ui folder, containing an index.html page.
I think what I pretty much want is to replace the current swagger-ui auto setup, with swagger that reads a file that I can create online using Swagger editor.
Apologies, for what I hope are simple questions. I'm brand new at swagger and npm/yarn.
Thanks
So after a bit more research, I found you could create your own OpenAPI doc, but an easier method in Spring is to annotate the endpoint methods with the #APIOperation annotation. There are other swagger specific annotations as well.
In the parameters, you can give value="", notes="" and a number of other customized values that will clarify what your API does in Swagger. Then swagger auto fills it in when bringing up your swagger page.
I hope that helps anyone with the same issue I had.
I'm currently using Springfox Swagger to document my spring boot application with a Java config.
When I add
#JsonNaming(PropertyNamingStrategy.SnakeCaseStrategy.class)
on my model class, and execute the application from swagger ui, its giving me null pointer exception.
But code runs if you try to run from postman or some java client.
I want all my model attributes in snake case. Looks like swagger is not able to serialize/deserialize the object. Please let me know if there is any workaround
Is there a way to generate spring rest crontroller for a business flow.
I want to generate CRUD services for given database object.For example, "employee_mst" , generate CRUD services code automatically.This is similar to what we used to have in hibernate or what we have in loopback.io for node. Appreciate any help around it.
I found a link that may answer your question: https://docs.spring.io/spring-data/rest/docs/current/reference/html/.
This text explains that Spring Data REST generates REST interfaces from Spring Data repositories.
I intend to try this but did not do so yet.
EDIT: I saw in my example application that Spring Data REST did what I expected. I could request all entities in my Spring Data repository using a HTTP request. The returned JSON contained also discovery information. You may prefer writing your own controller to have more control on what information is returned.