I need to know how I could disable ability to retrieve list of js/css files from browser when user tries to access resource folder instead of file itself (e.g. by typing http://domain/appname/resources/js) on webshere 8.5.
According IBM Knowledge Center documentation Web Container default value for directoryBrowsingEnabled is false which suggest that I do not necessary need define: <enable-directory-browsing value="false"/> on ibm-web-ext.xml in the first place.
On my case WebSphere generates ibm-web-ext.xml with content:
<?xml version="1.0" encoding="UTF-8"?>
<web-ext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://websphere.ibm.com/xml/ns/javaee"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-web-ext_1_0.xsd" version="1.0">
<jsp-attribute name="reloadEnabled" value="true"/>
<jsp-attribute name="reloadInterval" value="5"/>
</web-ext>
In case I modify and replace ibm-web-ext.xml with content:
<?xml version="1.0" encoding="UTF-8"?>
<web-ext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://websphere.ibm.com/xml/ns/javaee"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-web-ext_1_0.xsd" version="1.0">
<jsp-attribute name="reloadEnabled" value="true"/>
<jsp-attribute name="reloadInterval" value="5"/>
<enable-directory-browsing value="false"/>
</web-ext>
After application restart seems nothing changed.
Why CSS / JS resources files list accessible from browser even if directoryBrowsingEnabled flag is set to false? Seems like directoryBrowsingEnabled alone isn't enough. What do I missing?
If you want to disable static file browsing in the web application level, Set the "fileServingEnabled" property to FALSE as well in the ibm-web-ext.xml file.
fileServingEnabled="false"
If you want to disable it globally (All the applications in the application server), then Use the com.ibm.ws.webcontainer.disallowAllFileServing custom property
Short answer: directory browsing for WAS is already disabled by default.
Please note that 'directory browsing' mean to be FTP style directory browsing when user can navigate directories by clicking folders upwards / downwards.
My case browsers responds with 200 code by downloading folder as plain text file when user hits http://domain/appname/resources/js. So it's not previously mentioned 'FTP' style browsing case.
Along with other static resource configuration there was spring mvc resource tag.
<mvc:resources mapping="/**" location="/resources/" />
I do not think that tag alone was cause of this issue. However, by removing it resource directories URL no longer resulting in 200 status code.
By the way of removing
<mvc:resources mapping="/**" location="/resources/" />
The application also cannot retrieve some resources for displaying.
Related
Is there anyway to specific the default profile directly in the Spring XML
<beans profile="Development">
<!-- Load Development beans -->
</beans>
<beans profile="Production">
<!-- Load Production beans -->
</beans>
Note, I don't want to do this programmatically, as command-line property, environment variable or web.xml (its not a web app)
I want to do it directly in the xml something like:
<property name="spring.profiles.default" value="Production">
In spring 4.1.2.RELEASE, we have 2 active profiles in web.xml
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>Production,Customer1</param-value>
</context-param>
And we want to dynamically load some property files as below:
<util:properties id="accountPolicy"
location="classpath:/configs/${spring.profiles.active}/sample.properties" />
The ${spring.profiles.active} is not working, may be because there are two profiles, I tried some lookups like: ${spring.profiles.active[1]} but no luck !
Any comments
Updated:
It seems that ${spring.profiles.active} is an comma seperated list I try below:
<util:properties id="signConditions"
location="classpath:/configs/#{ {'${spring.profiles.active}'.split(',')}.get(1) }/sample.properties" />
But the error seems that there will be an XML parsser error:
org.springframework.expression.ParseException:
Expression 'classpath:/configs/#{ {'Production,Customer1'.split('' # 19: No ending suffix '}' for expression starting at character 19: #{ {'Production,Customer1'.split('
This did the job:
<util:properties id="signConditions"
location="classpath:/configs/#{environment.getActiveProfiles()[1]}/sample.properties" />
I believe the more proper way is to do something like:
<beans profile="Production">
<!-- some other stuff for Production profile -->
</beans>
<beans profile="Customer1">
<util:properties id="accountPolicy"
location="classpath:/configs/Customer1/sample.properties" />
<!-- some other stuff for Customer1 profile -->
</bean>
Profiles are supposed to be used as Profiles of configurations in app context, instead of like a property for replacement (as what you are doing)
Edit base on my comment:
What you are looking for is not a proper use case of Spring profile feature (at least not now). What you are trying to do is having property place holder work base on a system property. However, activation of profiles can be done through other way. Which means, you can turn on a profile without that spring.profiles.active system property. What you are doing is not reliable.
If it is fine for you to pass in system properties, why not do something like:
Have a profile called Customer, which denote for deployment to customers which will involve account policy (and other stuff)
Pass in a system property, for example, with key = 'customerCode' and value being an identifier for a customer.
By doing so, what you need to do is
<beans profile="Production">
<!-- some other stuff for Production profile -->
</beans>
<beans profile="Customer">
<util:properties id="accountPolicy"
location="classpath:/configs/${customerCode}/sample.properties" />
<!-- some other stuff for Customer1 profile -->
</bean>
and system properties you need for your application should looks like: -Dspring.profiles.active="Production,Customer" -DcustomerCode=Customer1
Then you have proper use of profiles, and no need to duplicate accountPolicy for each customer.
I have a very common use case -- connect to different databases when my program is in development mode, in test mode, or in deployment mode.
The way I am doing it now, is I configure a data source, and pass it ${...} properties via bean:property tag.
However to get the ${...}, i am doing
<context:property-placeholder properties-ref="myProperties" />
and in the bottom of the xml config, I have
<beans profile=test>
<util:properties id=myProperties>
</util>
</beans>
<beans profile=dev,default>
<util:properties id=myProperties>
</beans>
<beans profile=prod>
<util:properties id="myProperties>
</beans>
This seems inefficient, overly verbose, and prone to error. All spring properties tutorials tell me that context:property-placeholder is Environment aware, and Environment is responsible for profiles so how do I simplify this? It is intuitive to me that there is a simpler way, I just can't figure it out.
Really, what I am looking for is to specify profile on context:properties-placeholder, or something like that.
I solved that problem once (a long time before Spring supports profiles): spring property substitution for test and production
nowadays a would still use property files but, but I would select them by profiles. There are a lot of ways to do this:
The simplest one is:
<context:property-placeholder
location="classpath*:META-INF/spring/config-${spring.profiles.active}.properties" />
an other is:
<beans profile="normal">
<context:property-placeholder
location="classpath*:META-INF/spring/config-normal.properties"/>
</beans>
<beans profile="test">
<context:property-placeholder
location="classpath*:META-INF/spring/config-test.properties"/>
</beans>
The first approach has the drawback, that when more than one profile is activated then only the properties for the first profile gets loaded. I am not sure what will happen with the second approach when having more than one profiles.
For the first approach I found this solution, but I have not tested it:
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath*:META-INF/spring/*_${spring.profiles.active}.properties</value>
</list>
</property>
</bean>
While profiles are certainly a solution to that problem I think that this approach opens another big door to issues that you discover only on the target platform.
In my projects I have always externalized the properties and turned as many properties as possible into runtime parameters.
Just imagine having to bundle Jenkins/Sonar/etc again as your platform will not be part of a profile with properties residing in the classpath. I don't think that then these would be successful projects ;)
As for spring you can use the 'file://' protocol in a propertyconfigurer allowing to superseed a "dedault" property coming from the classpath. So you have two configurer tags with an order parameter and other properties. Here's an example:
<jee:jndi-lookup id="configDirectory" jndi-name="configDirectory"
resource-ref="true" default-value="." />
<jee:jndi-lookup id="datasource" jndi-name="jdbc/datasource"
expected-type="javax.sql.DataSource" default-ref="localDatasource" />
<!-- Allows fetching properties from multiple locations: -->
<!-- external definition -> file://${configDirectory}/root-context.properties
-> declared in context.xml -->
<!-- standard web application bundle -> /WEB-INF/spring/root-context.properties -->
<!-- testing -> classpath:root-context.properties -->
<context:property-placeholder location="${configDirectory:.}/context.properties"
order="9" ignore-resource-not-found="true" ignore-unresolvable="true" />
<context:property-placeholder
location="/WEB-INF/spring/context.properties,
classpath:context.properties"
order="10" ignore-resource-not-found="true" ignore-unresolvable="true" />
<context:property-placeholder location="classpath:spring/default.properties"
order="100" />
Like this we are able to build it locally, run our unit and integration tests during maven build, run the build on UAT and if all that is ok copy the build from UAT to PROD without having to modify the war file.
In the properties we define all the parametersthat cannot be changed at runtime, which is essentially the Hibernate parameters plus some others.
All the rest is stored in the database as simple system parameters (key-value pairs). There are a lot of properties that do not need to be fixed. This includes: LDAP, MailSender, folder definitons like tempdir and others.
As the datasource is one of the very first beans to be initiated this works pretty nice in the projects I am running currently, and we are still discovering more properties to be pushed into the database.
Please read:
https://examples.javacodegeeks.com/enterprise-java/spring/load-environment-configurations-and-properties-with-spring-example/
<context:property-placeholder location="
classpath:application.properties,
classpath:application${spring.profiles.active}.properties"
ignore-unresolvable="true"/>
mvn clean install -Dspring.profiles.active="profile_name".
I know i can disable for the server or application in the xsp.properties via:
xsp.client.validation=false
And at the control level via:
disableClientSideValidation="true"
Short of setting disableClientSideValidation for each control, is there any way to disable at the XPage level?
Please try the following:
<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core">
<xp:this.properties>
<xp:parameter name="xsp.client.validation" value="false" />
</xp:this.properties>
</xp:view>
I've configured an ActiveMQ 5.8.0 embedded broker using Spring 3.2.5
This is my jmsconfiguration.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:amq="http://activemq.apache.org/schema/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<amq:broker brokerName="localhost" dataDirectory="./data" useJmx="true" persistent="true">
<amq:persistenceAdapter>
<amq:kahaDB directory="./kahadb" checksumJournalFiles="true" checkForCorruptJournalFiles="true" />
</amq:persistenceAdapter>
<amq:transportConnectors>
<amq:transportConnector name="websocket" uri="ws://0.0.0.0:61614"/>
<amq:transportConnector name="stomp" uri="stomp://0.0.0.0:61613"/>
<amq:transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
</amq:transportConnectors>
</amq:broker>
<amq:connectionFactory id="jmsFactory" brokerURL="vm://localhost" />
</beans>
It would be very nice and useful to be able to access web console ... however i've been trying to enable it without success.
Does anyone knows how to configure it?
You can try hawtio instead - http://hawt.io/
It allows to be installed independent of where the broker resides, and can look inside the JVM to find the broker, and still be used as web console to manage the broker.
hawtio is included out of the box in ActiveMQ 5.9 onwards, and is to replace the old console (the old console is deprecated but still included, but will be removed in a future release).
hawtio can also manage other stuff in the JVM such as Camel, and show JMX, and whatnot.
If you want to include the old web console in your current spring application, then that can be tough as you would need to include all its html/jps content and whatnot. Its not an easy task to do. And then setup your web.xml to include what the old console needs, and so forth.