In my SOAP webservice, we agreed that the body is signed. For that, I use Spring, configured like this:
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor" id="wsSecurityInterceptor">
<property name="validationActions" value="Timestamp Signature"/>
<property name="timestampStrict" value="true"/>
<property name="validationSignatureCrypto">
<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="configuration">
<props>
<prop key="org.apache.ws.security.crypto.merlin.keystore.type">JKS</prop>
<prop key="org.apache.ws.security.crypto.merlin.file">${ws.security.truststore.location}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.password">${ws.security.truststore.password}</prop>
</props>
</property>
</bean>
</property>
</bean>
But now, I'm asked to also check that the timestamp is correctly signed.
When I read Spring's documentation on the matter, I can see how to sign a timestamp, but nowhere is it mentioned how to validate a timestamp signature.
So anyone knows how I can do that?
If that's any indication, I use org.springframework.ws:spring-ws-core:2.1.2.RELEASE.
Related
I'm using Spring 3.1.0 to send email using the JavaMailSenderImpl class.
Here is my Spring config xml
<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<property name="host" value="your.mail.server"/>
<property name="port" value="25"/>
<property name="protocol" value="smtp"/>
<property name="username" value=""/>
<property name="password" value=""/>
<property name="defaultEncoding" value="UTF-8"/>
<property name="javaMailProperties">
<props>
<prop key="mail.smtp.auth">true</prop>
<prop key="mail.smtp.connectiontimeout">5000</prop>
<prop key="mail.smtp.sendpartial">true</prop>
<prop key="mail.smtp.userset">true</prop>
<prop key="mail.mime.charset">UTF-8</prop>
<prop key="mail.smtp.isSecure">false</prop>
<prop key="mail.smtp.requiresAuthentication">true</prop>
<prop key="mail.smtp.port">25</prop>
<prop key="mail.smtp.starttls.enable">false</prop>
<prop key="mail.debug">true</prop>
</props>
</property>
</bean>
To be honest I'm not sure where I got all this from, probably some sample code I got from a tutorial sometime.
I want to turn off SMTP authentication and I can see from the JavaMail docs that I need to set the mail.smtp.auth property to false. But in my config xml I also set a property called mail.smtp.requiresAuthentication that from the name seems equally relevant, but I can't find any reference to it in the JavaMail or Spring documentation. Google does however find lots of examples of it being used.
Is mail.smtp.requiresAuthentication actually needed and if so what does it do? Could it be a deprecated, or even bogus, property?
You really should understand the code before you do cut&paste...
There is no mail.smtp.requiresAuthentication property in JavaMail.
I don't know anything about how Spring uses JavaMail, but in JavaMail if you don't want to do authentication, don't call the connect method that provides a username and password, or pass the username and password as null with mail.smtp.auth set to false. If you call connect with username or password not null, it doesn't matter what mail.smtp.auth is set to.
I am using the class org.springframework.web.servlet.mvc.ServletWrappingController to wrap a servlet, that we need to process one http request in Spring MVC, but reference spring mvc version 3.2 guide says:
There are also several things no longer possible:
Select a controller first with a SimpleUrlHandlerMapping or BeanNameUrlHandlerMapping
So then this is not possible any longer, as the api says:
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="interceptors">
<list>
<ref bean="openSessionInViewInterceptor"/>
</list>
</property>
<property name="mappings">
<props>
<prop key="*.do">strutsWrappingController</prop>
</props>
</property>
</bean>
<bean id="strutsWrappingController" class="org.springframework.web.servlet.mvc.ServletWrappingController">
<property name="servletClass">
<value>org.apache.struts.action.ActionServlet</value>
</property>
<property name="servletName">
<value>action</value>
</property>
<property name="initParameters">
<props>
<prop key="config">/WEB-INF/struts-config.xml</prop>
</props>
</property>
</bean>
how can i map a url to a ServletWrappingController bean?
Thanks in advance.
Due to some GAE limitations, I cannot use the Spring session factory.
<bean id="mySessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="myDataSource" />
<property name="annotatedClasses">
<list>
<value>it.trew.prove.model.beans.Scadenza</value>
<value>it.trew.prove.model.beans.Fornitore</value>
<value>it.trew.prove.model.beans.Societa</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">create</prop>
<!-- <prop key="hibernate.hbm2ddl.import_files">/setup.sql</prop> -->
</props>
</property>
</bean>
See my other question if interested in it: Spring Autowiring stopped working on GAE
Now I want to create a session factory without org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean
How can I configure the pure session factory bean, using only hibernate stuff?
Why are you wanting to use hibernate with GAE? Are you using CloudSQL or the datastore? AppEngine isn't really meant for hibernate type stuff... you're much better off looking at using Objectify or Twig, or if you want an ORM solution, JDO.
I have a requirement to log business activities that can also map to the audit trail data generated. I use Hibernate envers as the audit trail mechanism.
The way I have implemented the activities log is
I have service classes that are proxied using concrete classes
(using CGLIB) and extend TransactionProxyFactoryBean . This is what
provides the transaction aspect.
My method either has the base object carrying the activity data as
a return type or argument of the service.
The assumption is that when I apply a pre-interceptor on the
TransactionProxyFactoryBean ; its AfterReturningAdvice method
should be called after the transaction is completed.
As per my understanding the pre and post interceptors for the TransactionProxyFactoryBean should behave as follows based on the assumptions that the interceptors are added on the stack.
The pre-interceptors before advice method run
Spring starts the transaction
The post-interceptors before advice method runs
The main service method runs
The post-interceptors after returning advice method runs
Spring commits the transaction
The pre-interceptors after returning advice method runs
However when I de-bugged the application I found that the pre-interceptor's after returning advice method runs before the transaction is commited.
Can anyone please guide me as to what am I doing wrong?
TransactionProxyFactoryBean configuration
<bean id="fqngTransactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
<bean id="fqngTxProxyTemplate" abstract="true" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager"><ref local="fqngTransactionManager"/></property>
<property name="transactionAttributes">
<props>
<prop key="save*">PROPAGATION_REQUIRED</prop>
<prop key="delete*">PROPAGATION_REQUIRED</prop>
<prop key="update*">PROPAGATION_REQUIRED</prop>
<prop key="process*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_REQUIRED,readOnly</prop>
</props>
</property>
</bean>
<bean id="activityLogInterceptor"
class="com.fuelquest.mothra.activitylogs.interceptors.ActivityLogInterceptor">
<property name="activityLogPostingService">
<ref bean="activityLogPostingService" />
</property>
<property name="methodList">
<list>
<value>save*</value>
<value>execute*</value>
<value>calculate*</value>
</list>
</property>
</bean>
Activity Interceptor Java file Definition
public class ActivityLogInterceptor implements AfterReturningAdvice {
private static final Logger logger = Logger
.getLogger(ActivityLogInterceptor.class);
private ActivityLogPostingService activityLogPostingService;
private List<String> methodList;
#SuppressWarnings("rawtypes")
#Override
public void afterReturning(Object returnValue, Method method,
Object[] methodParams, Object target) throws Throwable {
// If return type is ActivityLoggingBaseVO
if (isLoggedMethod(method.getName())) {
.......................
Service Configuration
<bean id="inventoryControlRuleService" parent="fqngTxProxyTemplate">
<property name="target">
<bean
class="com.fuelquest.mothra.inventorycontrol.service.impl.InventoryControlRuleServiceImpl">
<property name="assetService">
<ref bean="assetService" />
</property>
<property name="pointOfSaleService">
<ref bean="pointOfSaleService" />
</property>
<property name="inventoryService">
<ref bean="inventoryService" />
</property>
<property name="deliveryService">
<ref bean="deliveryService" />
</property>
<property name="languageCdDao">
<ref bean="languageCdDao" />
</property>
<property name="inventoryBizRulesDao">
<ref bean="inventoryBizRulesDao" />
</property>
<property name="bizRulesResultsDao">
<ref bean="bizRulesResultsDao" />
</property>
<property name="ruleEngineService">
<ref bean="ruleEngineService" />
</property>
<property name="icRuleCalculationDataDao">
<ref bean="icRuleCalculationDataDao" />
</property>
<property name="inventoryControlService">
<ref bean="inventoryControlService" />
</property>
<property name="fqngESBMessagePoster">
<ref bean="fqngESBMessagePoster" />
</property>
<property name="droolsRuleTemplateService">
<ref bean="droolsRuleTemplateService" />
</property>
<property name="uomsDao">
<ref bean="uomDao" />
</property>
</bean>
</property>
<property name="transactionAttributes">
<props>
<prop key="calculate*">PROPAGATION_REQUIRED,-Exception</prop>
<prop key="execute*">PROPAGATION_REQUIRED,-Exception</prop>
<prop key="update*">PROPAGATION_REQUIRED,-Exception</prop>
<prop key="f*">PROPAGATION_REQUIRED,readOnly</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
<property name="preInterceptors">
<list>
<ref bean="activityLogInterceptor"/>
</list>
</property>
</bean>
We use the Spring OpenSessionInViewFilter to share the same Hibernate session across the HTTP thread request that comes to the application/web server from GWT.
We also require to have Hibernate sessions available for the cron jobs that are launched using Quartz scheduler. These threads can't use the Hibernate session made available through the OpenSessionInViewFilter and the TransactionProxyFactoryBean proxy that we use to proxy the transactions fails. Hence we needed to use an additional org.springframework.aop.framework.autoproxy.BeanNa meAutoProxyCreator to proxy the polling and SV rule service so that they can be called from the Quartz scheduler.
Because we now had 2 transactional proxies for the same bean; Spring functionality like having pre-interceptor etc was not working as expected because the interceptor was applied on the proxy created with BeanNameAutoProxyCreator and NOT TransactionProxyFactoryBean.
The solution was to move to Spring 2.x transactions using AOP and TX namespace that resulted in creating a single proxy that was utilized by both the OpenSessionInViewFilter and the Quartz scheduler.
Your understanding matches mine.
Would switching to an Around advice (MethodInterceptor) for ActivityLogInterceptor help? If that resolves the issue you may have a bug to report.
greetings all
i am using velocity templates when sending emails
and i want to read texts dynamically from property files depending on user locale
the xml config:
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basenames">
<list>
<value>classpath:messages</value>
<value>classpath:messages_ar</value>
</list>
</property>
<property name="defaultEncoding" value="UTF-8"/>
</bean>
<bean id="velocityEngine"
class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
<property name="velocityProperties">
<props>
<prop key="resource.loader">class</prop>
<prop key="class.resource.loader.class">org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader</prop>
<prop key="velocimacro.library">org/springframework/web/servlet/view/velocity/spring.vm</prop>
</props>
</property>
</bean>
<bean id="velocityConfig" class="org.springframework.web.servlet.view.velocity.VelocityConfigurer">
<property name="resourceLoaderPath" value="/WEB-INF/classes/com/spacerdv/mailTemplates"/>
</bean>
<!--
View resolvers can also be configured with ResourceBundles or XML files. If you need
different view resolving based on Locale, you have to use the resource bundle resolver.
-->
<bean id="viewResolver" class="org.springframework.web.servlet.view.velocity.VelocityViewResolver">
<property name="cache" value="true"/>
<property name="prefix" value=""/>
<property name="suffix" value=".vm"/>
<!-- if you want to use the Spring Velocity macros, set this property to true -->
<property name="exposeSpringMacroHelpers" value="true"/>
</bean>
and when trying to read the text from property file like :
<span>#springMessage("hi.message")</span>
it doesn't read any thing, or prints the default value, just prints:
$springMacroRequestContext.getMessage($code)
i don't know why? , am i missing something ?, any help ?
When using the velocity engine for sending emails, you may have to configure your engine tu use the velocimacro librabry shipped within spring.
<bean id="velocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
<property name="velocityProperties">
<props>
<prop key="resource.loader">class</prop>
<prop key="class.resource.loader.class">org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader</prop>
<prop key="velocimacro.library">org/springframework/web/servlet/view/velocity/spring.vm</prop>
</props>
</property>
</bean>
You can check the example in spring documentation.
If Spring doesn't inject automatically the $springMacroRequestContext variable into your model, you should put it yourself:
model.put("springMacroRequestContext", new RequestContext(request, response, getServletContext(), model));
That's basically what they do in the AbstractTemplateView class. I guess you won't be able to do it, since you're handling emails here, and not web requests. But that's definitely a hint on what you can do to get it working.
macros can't be used outside web app like in email templates, so a solution would be to pass messageSource to the vm file and read from the property file by it like the answer in here:
Is it possible to read static text dynamically from property files in velocity template?