I was trying to implement Cross-domain requesting using AJAX CORS.
I enabled my server side by using CORS Filter of tomcat.
But for IE8,9, tomcat always returns 403.
Are there any ideas about this question?
First of all, you should specify what request method you are using and add source code examples.
I can only guess, but if you are using POST method and default apache CorsFilter, the issue is in the following:
for CORS requests IE8 and IE9 use XDomainRequest object, which doesn't appear to send any Content-Type header at all and in turn, CorsFilter considers this request as INVALID (see checkRequestType method).
Possible solution is to add your own CorsFilter based on apache version that handles empty Content-Type.
Cors Filter here (http://software.dzhuvinov.com/cors-filter.html) is a good alternative that has no such problem.
<dependency>
<groupId>com.thetransactioncompany</groupId>
<artifactId>cors-filter</artifactId>
<version>2.1.2</version>
</dependency>
Related
I have added swagger-ui on a spring boot 2.3.1 app, it works fine locally.
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.3.9</version>
</dependency>
This application is deployed in a kubernetes cluster but it's not accessible (no ingress)
Instead we deployed another spring boot app that is accessible and can call this service.
API calls get redirected fine but swagger-ui does not work.
Basically, my proxy app is accessible like this :
https://app-dev.domain.io/proxy-service/v2/my-service/**
=> https://app-dev.domain.io/proxy-service/v2/my-service/swagger-ui.html
In my proxy service, I set the X-Forwarded headers like this :
X-Forwarded-Host = Host header (app-dev.domain.io)
X-Forwarded-Proto = https
X-Forwarded-Prefix = /proxy-service/v2/my-service/
I also set the header Accept-Encoding=identity
The proxy service then calls http://my-service inside the cluster
In MyService configuration I set :
server.forward-headers-strategy=framework
It seems to find static files, but i get javascript errors and a blank page :
Uncaught SyntaxError: Unexpected end of input
swagger-ui-standalone-preset.js:21 Uncaught SyntaxError: Invalid or unexpected token
index.html?configUrl=/proxy-service/v2/my-service/v3/api-docs/swagger-config:41 Uncaught ReferenceError: SwaggerUIBundle is not defined
at window.onload
From what I have searched, I did what was needed (headers-strategy in called service and X-Forwarded in proxy)
Any help would be awesome, as I would like for the services to be easily testable without maintaining a postman collection manually or something similar. ( always forgotten at some point )
Thanks
I have found out that the javascript files are getting truncated.
So the javascript errors make sense.
I'll try again after fixing this
Edit :
It is now working with the complete javascript files.
I used HttpURLConnection instead of RestTemplate which tuncates the files for no reason
I am using RestTemplate with custom HttpClient. My request is getting redirected to S3 but somehow it is carrying Authorization header along with it after redirection.
Httpclient is configured to use LaxRedirectStrategy, cookies are ignored.
Is there a way how to fix this issue or any insight?
I want to send https consumer request using camel-jetty component and that address returns some response in JSON format, below I mention my DSL code.
from("jetty:https://someSiteAddress.com/api/control/authorizeUser?username=__&password=__").to("stream:out");
I am getting this warning:
[WARNING]
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0 (Native Method)
at sun.nio.ch.Net.bind (Net.java:433)
at sun.nio.ch.Net.bind (Net.java:425)
at sun.nio.ch.ServerSocketChannelImpl.bind
But whenever I hit this HTTP URL in browser it will execute perfectly with authentication.
If anyone knows what to do to perform this action in apache camel please help me it will be very cheerful for me and others.
And how could I know which method camel using for sending a request like POST or GET.
Thank You
Could you try this instead? I'll comment each line to help understand your problem.
// endpoint to start your route. could be a http endpoint you expose via jetty, jms, vm, seda or any other option. Here I'm using the simplest one.
from("direct:start")
// logs on
.to("log:DEBUG?showBody=true&showHeaders=true")
// consume the endpoint
.to("https://someSiteAddress.com/api/control/authorizeUser?username=__&password=__"")
// log the body to the console so you could process the response later knowing what to do (the token you are mentioning should be in here.
.to("log:DEBUG?showBody=true&showHeaders=true")
.to("stream:out") //or whatever you want to
Don't forget the camel-http dependency for this example to work:
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-http</artifactId>
</dependency>
Cheers!
This is also working fine.
from("direct:in")
.to("https://www.someAddress.com/api/control /authorizeUser?username=__ &password=__")
.to("stream:out");
Thanks #RicardoZanini
I'm setting the security system on my project (Grails - Angularjs) with Spring Security Rest Plugin v1.5.4 (using spring security core 2.0.0) for Grails 2.4.4. Doc about this plugin can be found here.
I'm testing the login and logout with postman chrome rest client and I'm able to do a login OK, but I'm getting a 404 when I do logout.
In the documentation clearly says:
The logout filter exposes an endpoint for deleting tokens. It will
read the token from an HTTP header. If found, will delete it from the
storage, sending a 200 response. Otherwise, it will send a 404
response
You can configure it in Config.groovy using this properties:
Config key...................................................................................Default
value
grails.plugin.springsecurity.rest.logout.endpointUrl....................../api/logout
grails.plugin.springsecurity.rest.token.validation.headerName....X-Auth-Token
So, after doing a login successfully, I tried to do a logout to that url (my_host_url/api/logout) with a GET method and sending a header X-Auth-Token with the token I got previously from login.
But I keep getting a 404. See image below
Edit: I'm setting the chain map like this (in order to get a stateless behavior):
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
So. What am I doing wrong here, or what am I missing?
Thanks in advance!
You missed another excerpt from the docs. It's a warning message literally before the chunk you quoted, and says:
Logout is not possible when using JWT tokens (the default strategy), as no state is kept in the server.
If you still want to have logout, you can provide your own implementation by creating a subclass of JwtTokenStorageService and overriding the methods storeToken and removeToken. Then, register your implementation in resources.groovy as tokenStorageService.
I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter.
This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or HttpServletResponse#encodeURL(String).
However, I see that in my application we are not using the above mentioned methods. We forward the response using mapping.findForward(target); without touching the request or response object. Can you please let me know how or where can I integrate encodeURL() or encodeRedirectURL() methods in my code?
Any help in this regard is appreciated.
Thanks,
You can Write a Servlet and map all urls (/*) to this servlet in your web.xml file. now you can use encodeUrl method through HttpServletResponse.