What is the purpose of having
security.basic.path=/any-secured-path/**
this setting in application.properties?
It seems that Basic Auth is not kicking in automatically accessing this url (or suburls).
The security.basic.path starts after context path. So no matter what the context path is, just set the protected path after that. For example, the full url is /mycontextpath/pathA/pathB, if you want to have /pathB to be protected, just set security.basic.path=/pathA/pathB. If context path is / only, you should still set security.basic.path=/pathA/pathB.
Related
I have am application that has a context-root set (property: quarkus.http.root-path).
Using quarkus-resteasy-reactive-jackson, a resource was created with a #Path annotation.
Now I want to generate OpenAPI documentation for my resource.
As I want to deploy this into a API gateway, I require a server property with a context root in the swagger.
I added a server entry using the mp.openapi.servers property.
The problem now appears that when there is a root-path property, the generated swagger resource path includes this root path, e.g.
quarkus.http.root-path=/sample
mp.openapi.servers=http://localhost:8080/sample
Resource annotated with #Path("resource")
It seems that the resource path includes the root-path.
So importing this swagger into the API gateway (or just clicking on the Try button), results in a url of http://localhost:8080/sample/sample/resource being attempted which ofc does not exist.
Is there a way to not to add the root-path to the resource endpoint in swagger? (I tried using mp.openapi.extensions.application-path.disable=true, but this had no effect)
I managed to get past this by doing the following:
dont set quarkus.http.root-path
quarkus.rest.path=/sample
quarkus.http.non-application-root-path=/sample/q
mp.openapi.servers=https://localhost:8080/sample
So just want to know if anyone know of a better way of doing this?
I have an spring boot application and want to deploy it to wildfly12. What I'm trying to achieve is that to set a custom path for JSESSIONID cookie. But after all, my efforts haven't had any results.
I have tried to use this property in my application.properties file:
server.servlet.session.cookie.path=/
When I run the application with the embedded tomcat, everything works fine; But when I deploy my app to wildfly, regardless of the value of that property, it always sets the cookie path to the "context-path" of the application.
I have also tried to use this property also:
server.servlet.context-path=/
but no success so far!
There is also this tag inside the standalone.xml file:
<session-cookie http-only="true" secure="true"/>
but it seems that it has nothing to do with the cookie path, as it doesn't have any property regarding that.
The configuration you are doing is for the embedded server of spring boot application.
Embedded server settings present in application properties (can be check here the section # EMBEDDED SERVER CONFIGURATION and the namespace server.servlet.session.cookie.*).
To modify cookie related configuration on external servers, you have to create CookieSerializer bean which can be used to customize cookie configuration. e.g.
#Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("JSESSIONID");
serializer.setCookiePath("/");
serializer.setDomainNamePattern("^.+?\\.(\\w+\\.[a-z]+)$");
return serializer;
}
You can refer spring guide for more information.
I configured a service with oauth2Login.
User is redirected to Authorization Endpoint - /oauth2/authorization/{registrationId} when he/she is not authorized.
I would like to customize redirection in a way that it takes into account path prefix, since application is accessible trough prefix /api/myapp/.
From the source code I can see that there is OAuth2AuthorizationRequestRedirectWebFilter during Spring Security setup and this filter is using DefaultServerRedirectStrategy which decides if location is relative or not. Moreover it uses a contextPath which is hard to set when using Spring Boot.
Unfortunately I don't know how to override default behavior to make redirect relative.
I don't need to modify contextPath. Instead I've registered ForwardedHeaderTransformer as a bean.
This transformer is able to retrieve headers set by proxy (X-Forwarded-Prefix) and sets context path for request correctly.
In Spring Boot, to access a resource, say myresource.json, I can use both classpath: or a relative path, like ./myresource.json
What is the difference? Which one should I use?
When you call getResource() on a specific application context, and the location path specified doesn't have a specific prefix like ./myresource.json, you will get back a Resource type that is appropriate to that particular application context.
If getResource() was executed against a ClassPathXmlApplicationContext instance it will return a ClassPathResource.If the same method was executed against a FileSystemXmlApplicationContext instance, you'd get back a FileSystemResource. For a WebApplicationContext, you'd get back a ServletContextResource, and so on.
As such, you can load resources in a fashion appropriate to the particular application context.
On the other hand, you may also force ClassPathResource to be used, regardless of the application context type, by specifying the special classpath: prefix.
See this doc
I have an issue integrating swagger-ui (swagger2) into my spring-boot application. It seems as though the default location for swagger-ui being on the root is conflicting with an endpoint.
For example, my base path is foobar (full url: locahost:8080/foobar/). One of my endpoints has a path variable that can be any number (making the endpoint url: localhost:8080/foobar/{number} or localhost:8080/foobar/123 as an example). This seems to conflict with swagger-ui.html, as when I then try to hit locahost:8080/foobar/swagger-ui.html, spring complains, thinking 'swagger-ui.html' is the path variable for that endpoint.
I was curious if there was a way to define an explicit mapping for swagger-ui, so that spring won't think that I'm just inputting a path variable to the other endpoint? I ideally don't want to modify the foobar/{number} path at all, and would like to either make an explicit mapping for swagger-ui, or change the path for swagger-ui itself. Any help is appreciated. Thanks!