Swagger-php Annotations for Request Headers - swagger-php

I am creating a Restful api in php using Slim framework. To document the api's am using Swagger-php Annotations. How to annotate the Request Headers for a api ?

This must have changed, because this works for me now:
#SWG\Parameter(
type="string",
name="Authorization",
in="header",
required=true)
Just in case someone else stumbles along here looking for this.

check this issue
https://github.com/zircote/swagger-php/issues/182
try with:
#SWG\Parameter(paramType="header", ...)

Related

WebTestClient Authenticated Request

I'm trying to test my reactive(WebFlux) controller. Authenticated user makes request and I create some resource and current user is its owner(I need to know, who made this request, so simple #WithMockUser doesn't work). I use JWT authentication.
And I can't write proper test for that. In case of simple Spring MVC, there is
mockMvc.perform(...).with(user("username").roles("USER"))..
But I can't find anything similar for WebFlux. I tried to mutate webTestClient like this:
webTestClient.mutateWith(mockUser(...))
webTestClient.mutateWith(mockAuthentication(...))
Unfortunately, it doesn't work.
Any help is appreciated! Thanks in advance.

How to handle uploaded files in PrimeNG

Angular newbie here.
In my angular project I need to deliver a file upload feature.
I am using PrimeNg FileUpload since it looks easy to use. I am able to make it work by specifying the necessary attributes provided in the PrimeNG tutorial.
Problem is I am using Angular 2 along with Spring MVC and rest API.
Although I am able to upload files the function is purely on the client side. I am not able to pass the file objects to my spring controller and be able to manipulate it from there.
Could anyone please tell me how to pass the uploaded files from PrimeNg file upload to my spring controller? Thank you in advance :D :)
The client-side implementation of the file-upload is irrelevant, the server just sees a multipart/form-data request.
We're using this approach:
#RequestMapping(value = "/your/path",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE,
consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
#ResponseStatus(HttpStatus.CREATED)
public YourResponseRepresentation uploadContent(#RequestParam("file") MultipartFile file) {
// You can now access the file's input stream, file name, ...
}
See org.springframework.web.multipart.MultipartFile for details on what's available to use (part op Spring MVC). We're using the Apache Commons FileUpload implementation to do the heavy lifting of the multipart under the hood and offer you a simple stream to read from.
Just add the appropriate commons-fileupload version as dependency and you're ready to go...

Where is the refreshToken endpoint implementation?

I am using springboot-security-jwt because have good recomendation, and it is running... But when I was testing refreshToken, where the implementation? How to use it?
Perhaps it is so obvious for a "Senior Developer Spring", but it is not for me, I not see it there. Where the /auth/token endpoint implementation?
There are some examples or documentation about it and how to (parameters) call it?
... Where the springboot-security-jwt /token endpoint implementation? to check it (or a kind of "health endpoint test")...
The primary configuration in the project springboot-security-jwt is in the WebSecurityConfig.java: (see https://github.com/svlada/springboot-security-jwt/blob/master/src/main/java/com/svlada/security/config/WebSecurityConfig.java).
In this class you will see a bean created of type AjaxLoginProcessingFilter configured with to intercept requests matching "/api/auth/login". This will process the login and generate the JWT tokens.
You can then follow to the next bean configured - JwtTokenAuthenticationProcessingFilter to see what it is intercepting and authenticating using the JWTToken provided on the api requests
refreshToken is a standard spring controller - see RefreshTokenEndpoint class (https://github.com/svlada/springboot-security-jwt/blob/master/src/main/java/com/svlada/security/endpoint/RefreshTokenEndpoint.java)
The author also provides a detailed explanation in the Blog.md under the etc folder - check it out! there are lots of useful links to get up to speed on using JWTs

regarding CSRF Filter in Tomcat 7 url encoding

I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter.
This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or HttpServletResponse#encodeURL(String).
However, I see that in my application we are not using the above mentioned methods. We forward the response using mapping.findForward(target); without touching the request or response object. Can you please let me know how or where can I integrate encodeURL() or encodeRedirectURL() methods in my code?
Any help in this regard is appreciated.
Thanks,
You can Write a Servlet and map all urls (/*) to this servlet in your web.xml file. now you can use encodeUrl method through HttpServletResponse.

Cache-Control: private in Spring-MVC

WebContentInterceptor is nice, but I can't find how to make it add the "private" directive to the CacheControl HTTP header.
I either need to subclass it, or use response.setHeader in my controllers.
Is there any other convenient way to do this?
Preferably something annotation based :-)
Try https://github.com/foo4u/spring-mvc-cache-control. And it's annotation based :D.
It seems that Spring is taking into account adding this in a future version: https://jira.springsource.org/browse/SPR-7129.
Meantime, it seems that it's included in v4.2.

Resources