We are developing a RESTFUL services in spring framework and the log framework we are using is apache CXF.
We get the request in the form of JSON from the consumers of our services and we need to mask some of the contents of JSON before printing in the log files.
We are trying to have a custom interceptor to intercept the logger messages but the request never reaches the custom interceptor class. Can you please provide your thoughts to resolve the issue.
Below are the additional details :
public class CustomLogInterceptor extends LoggingInInterceptor {
public String transform(String originalLogString) {
// Custom logic will be here to mask the originalLogString
}
}
spring context XML changes:
The CustomLogInterceptor class is included in the spring context XML file.
Any help is greatly appreciated!
Related
We use Spring Kafka together with Spring Boot (all latest versions). We switched handling of Kafka messages into #KafkaHandler annotated methods and expected that #Valid/#Validated together with #Payload will ensure payload validation, but that did not happen. This feature is working for #KafkaListener, should it be also working for #KafkaHandler?
#KafkaListener(...)
#Component
public class NotificationListener {
#KafkaHandler
public void handleV1(#Payload #Valid NotificationV1 notification) {
Thank you.
The Validator is not applied in this case because we just don't reach the PayloadMethodArgumentResolver for that purpose.
The target payload for the multi-method #KafkaListener is resolved before we call the method because we definitely need to know which method to call. Such a logic is done in the InvocableHandlerMethod.getMethodArgumentValues():
args[i] = findProvidedArgument(parameter, providedArgs);
if (args[i] != null) {
continue;
}
...
try {
args[i] = this.resolvers.resolveArgument(parameter, message);
}
The Validator functionality is done in those resolvers. The findProvidedArgument() gives us the payload converted before for execution and here we just don't check any annotations on parameters.
We probably need to poll validation logic into the DelegatingInvocableHandler when we have selected a handler and before its invocation...
Feel free to raise a GitHub issue so we don't forget that this is needed to be addressed somehow.
The reason that why #KafkaListener works with #Valid annotation is that it just like a restful controller endpoint, which is the entrance of the service. The team works to add support for validation working on these situations, and it can be found that this validation mechanism is added in 2018.
As for #KafkaHandler, I'm not that familiar with spring-kafka, but if the validation just not work, it just means that the team doesn't add support for this situation. I recommend you to use the Spring Boot Method Validation Feature, which works fine for all spring managed beans and all the standard validation annotations such as #Size. One last thing, be careful about the exception thrown while validation fails.
I d like to make a REST call once on application startup to retrieve some configuration parameters.
For example, we need to retrieve an entity called FleetConfiguration from another server. I d like to do a GET once and save the keep the data in memory for the rest of the runtime.
What s the best way of doing this in Spring? using Bean, Config annotations ..?
I found this for example : https://stackoverflow.com/a/44923402/494659
I might as well use POJOs handle the lifecycle of it myself but I am sure there s a way to do it in Spring without re-inventing the wheel.
Thanks in advance.
The following method will run once the application starts, call the remote server and return a FleetConfiguration object which will be available throughout your app. The FleetConfiguration object will be a singleton and won't change.
#Bean
#EventListener(ApplicationReadyEvent.class)
public FleetConfiguration getFleetConfiguration(){
RestTemplate rest = new RestTemplate();
String url = "http://remoteserver/fleetConfiguration";
return rest.getForObject(url, FleetConfiguration.class);
}
The method should be declared in a #Configuration class or #Service class.
Ideally the call should test for the response code from the remote server and act accordingly.
Better approach is to use Spring Cloud Config to externalize every application's configuration here and it can be updated at runtime for any config change so no downtime either around same.
Spring Boot here. I just read this excellent Baeldung article on Spring Security and implementing basic auth with it. I'm interested in implementing it for a simple REST service (so no UI/webapp) that I need to build.
I'm particularly interested in the BasicAuthenticationEntryPoint impl. In this impl's commence override, the author:
Adds a WWW-Authenticate header to the response; and
Sets the HTTP status code on the response; and
Writes the actual response entity directly to the response; and
Sets the name of the realm
I want to follow this author's example to implement basic auth for my app, but I already have a perfectly functioning ResponseEntityExceptionHandler working for my app:
#ControllerAdvice
public class MyAppExceptionMapper extends ResponseEntityExceptionHandler {
#ExceptionHandler(IllegalArgumentException.class)
#ResponseBody
public ResponseEntity<ErrorResponse> handleIllegalArgumentExeption(IllegalArgumentException iaEx) {
return new ResponseEntity<ErrorResponse>(buildErrorResponse(iaEx,
iaEx.message,
"Please check your request and make sure it contains a valid entity/body."),
HttpStatus.BAD_REQUEST);
}
// other exceptions handled down here, etc.
// TODO: Handle Spring Security-related auth exceptions as well!
}
Is there any way to tie Spring Security and Basic Auth fails into my existing/working ResponseEntityExceptionHandler?
Ideally there's a way to tie my WebSecurityConfigurerAdapter impl into the exception handler such that failed authentication or authorization attempts throw exceptions that are then caught by my exception handler.
My motivation for doing this would be so that my exception handler is the central location for managing and configuring the HTTP response when any exception occurs, whether its auth-related or not.
Is this possible to do, if so, how? And if it is possible, would I need to still add that WWW-Authenticate to the response in my exception handler (why/why not)? Thanks in advance!
I don't think that this is possible. Spring security is applied as a ServletFilter, way before the request ever reaches any #Controller annotated class - thus exceptions thrown by Spring Security cannot be caught by an exception handler (annotated with #ControllerAdvice).
Having had a similar problem, I ended up using a custom org.springframework.security.web.AuthenticationEntryPoint which sends an error, which in turn is forwarded to a custom org.springframework.boot.autoconfigure.web.ErrorController
I am developing a Spring Boot REST API. It uses #ControllerAdvice and #ExceptionHandler in a class that extends ResponseEntityExceptionHandler to catch exceptions. To get this to work, we added these two fields to the config:
spring.mvc.throw-exception-if-no-handler-found: true
spring.resources.add-mapping: false
The problem is I am also trying to host static documents that I would like spring to map. I added this to my config:
spring.resources.static-locations: classpath:/static/html5/,classpath:/public/html5/
It seems I cant set mapping to false and map static resources. If I dont set add-mapping to false, I can't catch 404s.
Is there a spring way to solve this? If not, I am going to try to define an endpoint for each static resource and find the files in the jar, which seems like a hack.
Thanks in advance for any suggestions!
I am trying to integrate shibboleth sp with Spring-boot. The reason for not using spring saml plugin is because I have two application one is written in spring and another one is angular application which invoke spring services. I need to protect both so I kept shibboleth along apache 2.4 Red Hat. The apache will do a mod proxy to both application. The SAML is working fine and it is redirecting to my application. But I am not able to receive the attributes from Shibboleth in my application. I am able to see the attributes in shibboleth session summary page. I enabled log and I could see the attributes are getting mapped.
In my spring boot application I have written a
public class AuthInterceptor extends HandlerInterceptorAdapter
{
#Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//I am inspecting all attributes in request.getAttributes(), I could not find any attribute set my shibboleth.
}
}
My understanding is shibboleth attribute setting is enabled by default and header value is turned off by default. Could you let me know how to pass the attributes mapped in shibboleth to application?
You will probably want to look at https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall. It describes how to configure Apache and Tomcat/Jetty to transfer SAML attributes from Apache/SP to your app.