Http post forwarding on tomcat level to different domain - http-post

I have two set of server on different domains using tomcat .
Now I want to forward http post call from one server to another preserving the payload in http entity throughout.
Problem is I donot want to change code and want this to be done on tomcat level anymeans.
I currently is trying to use URLrewriteFilter but not getting through.
any suggestions ?


URLrewriteFilter may help. You can define a proxy type for element.
The request will be proxied to the full url specified. commons-http
and commons-codec must both be in the classpath to use this feature.
Sample:
<rule>
<name>A Rule</name>
<from>^/something$</from>
<to type="proxy">http://anotherserver.com/something</to>
</rule>

Related

Apply Caching Aspect to Camel Routes using InterceptFrom

I want to apply the caching aspect to Apache Camel Routes using InterceptFrom feature by intercepting
every incoming exchange in a route.
I am able to successfully load the RestDefinitions and RouteDefinitions currently from separate xml files.
In a similar way I want to load the Intercept definition from a seperate XML file.
I currently have tne following content in my xml(Intercept.xml) file which I use to load the InterceptFrom Definitions as below. I only log them as of now. i will be adding the logic to check for cache hit/miss eventually.
<interceptFrom>
<log message="Intercepted Route" />
</interceptFrom>
I am loading them using the below method,
List<InterceptFromDefinition> intDefns=getInterceptDefinitions("Intercept.xml");
I also set them to the routes.
routes.setInterceptFroms(intDefns);
I get the error as below,
2016-10-08 22:13:19.711 ERROR 6004 --- [ main] com.demo.composite.util.CamelUtil : Exception reading configuration files:javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"interceptFrom"). Expected elements are <{http://camel.apache.org/schema/spring}aggregate>,<{http://camel.apache.org/schema/spring}aop>,<{http://camel.apache.org/schema/spring}avro>,<{http://camel.apache.org/schema/spring}barcode>,<{http://camel.apache.org/schema/spring}base64>,<{http://camel.apache.org/schema/spring}batch-config>,<{http://camel.apache.org/schema/spring}bean>,<{http://camel.apache.org/schema/spring}beanio>,<{http://camel.apache.org/schema/spring}bindy>,<{http://camel.apache.org/schema/spring}boon>,<{http://camel.apache.org/schema/spring}castor>,<{http://camel.apache.org/schema/spring}choice>,<{http://camel.apache.org/schema/spring}circuitBreaker>,<{http://camel.apache.org/schema/spring}constant>,<{http://camel.apache.org/schema/spring}contextScan>,<{http://camel.apache.org/schema/spring}convertBodyTo>,<{http://camel.apache.org/schema/spring}crypto>,<{http://camel.apache.org/schema/spring}csv>,<{http://camel.apache.org/schema/spring}customDataFormat>,<{http://camel.apache.org/schema/spring}customLoadBalancer>,<{http://camel.apache.org/schema/spring}dataFormats>,<{http://camel.apache.org/schema/spring}delay>,<{http://camel.apache.org/schema/spring}delete>,<{http://camel.apache.org/schema/spring}description>,<{http://camel.apache.org/schema/spring}doCatch>,<{http://camel.apache.org/schema/spring}doFinally>,<{http://camel.apache.org/schema/spring}doTry>,<{http://camel.apache.org/schema/spring}dynamicRouter>,<{http://camel.apache.org/schema/spring}el>,<{http://camel.apache.org/schema/spring}enrich>,<{http://camel.apache.org/schema/spring}exchangeProperty>,<{http://camel.apache.org/schema/spring}expression>,<{http://camel.apache.org/schema/spring}expressionDefinition>,<{http://camel.apache.org/schema/spring}failover>,<{http://camel.apache.org/schema/spring}filter>,<{http://camel.apache.org/schema/spring}flatpack>,<{http://camel.apache.org/schema/spring}from>,<{http://camel.apache.org/schema/spring}get>,<{http://camel.apache.org/schema/spring}groovy>,<{http://camel.apache.org/schema/spring}gzip>,<{http://camel.apache.org/schema/spring}head>,<{http://camel.apache.org/schema/spring}header>,<{http://camel.apache.org/schema/spring}hessian>,<{http://camel.apache.org/schema/spring}hl7>,<{http://camel.apache.org/schema/spring}ical>,<{http://camel.apache.org/schema/spring}idempotentConsumer>,<{http://camel.apache.org/schema/spring}inOnly>,<{http://camel.apache.org/schema/spring}inOut>,<{http://camel.apache.org/schema/spring}intercept>,<{http://camel.apache.org/schema/spring}interceptFrom>,<{http://camel.apache.org/schema/spring}interceptSendToEndpoint>,<{http://camel.apache.org/schema/spring}jacksonxml>,<{http://camel.apache.org/schema/spring}javaScript>,<{http://camel.apache.org/schema/spring}jaxb>,<{http://camel.apache.org/schema/spring}jibx>,<{http://camel.apache.org/schema/spring}json>,<{http://camel.apache.org/schema/spring}jsonpath>,<{http://camel.apache.org/schema/spring}jxpath>,<{http://camel.apache.org/schema/spring}language>,<{http://camel.apache.org/schema/spring}loadBalance>,<{http://camel.apache.org/schema/spring}log>,<{http://camel.apache.org/schema/spring}loop>,<{http://camel.apache.org/schema/spring}lzf>,<{http://camel.apache.org/schema/spring}marshal>,<{http://camel.apache.org/schema/spring}method>,<{http://camel.apache.org/schema/spring}mime-multipart>,<{http://camel.apache.org/schema/spring}multicast>,<{http://camel.apache.org/schema/spring}mvel>,<{http://camel.apache.org/schema/spring}ognl>,<{http://camel.apache.org/schema/spring}onCompletion>,<{http://camel.apache.org/schema/spring}onException>,<{http://camel.apache.org/schema/spring}optimisticLockRetryPolicy>,<{http://camel.apache.org/schema/spring}options>,<{http://camel.apache.org/schema/spring}otherwise>,<{http://camel.apache.org/schema/spring}packageScan>,<{http://camel.apache.org/schema/spring}param>,<{http://camel.apache.org/schema/spring}patch>,<{http://camel.apache.org/schema/spring}pgp>,<{http://camel.apache.org/schema/spring}php>,<{http://camel.apache.org/schema/spring}pipeline>,<{http://camel.apache.org/schema/spring}policy>,<{http://camel.apache.org/schema/spring}pollEnrich>,<{http://camel.apache.org/schema/spring}post>,<{http://camel.apache.org/schema/spring}process>,<{http://camel.apache.org/schema/spring}properties>,<{http://camel.apache.org/schema/spring}property>,<{http://camel.apache.org/schema/spring}protobuf>,<{http://camel.apache.org/schema/spring}put>,<{http://camel.apache.org/schema/spring}python>,<{http://camel.apache.org/schema/spring}random>,<{http://camel.apache.org/schema/spring}recipientList>,<{http://camel.apache.org/schema/spring}redeliveryPolicy>,<{http://camel.apache.org/schema/spring}ref>,<{http://camel.apache.org/schema/spring}removeHeader>,<{http://camel.apache.org/schema/spring}removeHeaders>,<{http://camel.apache.org/schema/spring}removeProperties>,<{http://camel.apache.org/schema/spring}removeProperty>,<{http://camel.apache.org/schema/spring}resequence>,<{http://camel.apache.org/schema/spring}responseHeader>,<{http://camel.apache.org/schema/spring}responseMessage>,<{http://camel.apache.org/schema/spring}rest>,<{http://camel.apache.org/schema/spring}restBinding>,<{http://camel.apache.org/schema/spring}restConfiguration>,<{http://camel.apache.org/schema/spring}restContextRef>,<{http://camel.apache.org/schema/spring}restProperty>,<{http://camel.apache.org/schema/spring}rests>,<{http://camel.apache.org/schema/spring}rollback>,<{http://camel.apache.org/schema/spring}roundRobin>,<{http://camel.apache.org/schema/spring}route>,<{http://camel.apache.org/schema/spring}routeBuilder>,<{http://camel.apache.org/schema/spring}routeContextRef>,<{http://camel.apache.org/schema/spring}routes>,<{http://camel.apache.org/schema/spring}routingSlip>,<{http://camel.apache.org/schema/spring}rss>,<{http://camel.apache.org/schema/spring}ruby>,<{http://camel.apache.org/schema/spring}sample>,<{http://camel.apache.org/schema/spring}script>,<{http://camel.apache.org/schema/spring}secureXML>,<{http://camel.apache.org/schema/spring}serialization>,<{http://camel.apache.org/schema/spring}setBody>,<{http://camel.apache.org/schema/spring}setExchangePattern>,<{http://camel.apache.org/schema/spring}setFaultBody>,<{http://camel.apache.org/schema/spring}setHeader>,<{http://camel.apache.org/schema/spring}setOutHeader>,<{http://camel.apache.org/schema/spring}setProperty>,<{http://camel.apache.org/schema/spring}simple>,<{http://camel.apache.org/schema/spring}soapjaxb>,<{http://camel.apache.org/schema/spring}sort>,<{http://camel.apache.org/schema/spring}spel>,<{http://camel.apache.org/schema/spring}split>,<{http://camel.apache.org/schema/spring}sql>,<{http://camel.apache.org/schema/spring}sticky>,<{http://camel.apache.org/schema/spring}stop>,<{http://camel.apache.org/schema/spring}stream-config>,<{http://camel.apache.org/schema/spring}string>,<{http://camel.apache.org/schema/spring}syslog>,<{http://camel.apache.org/schema/spring}tarfile>,<{http://camel.apache.org/schema/spring}terser>,<{http://camel.apache.org/schema/spring}threadPoolProfile>,<{http://camel.apache.org/schema/spring}threads>,<{http://camel.apache.org/schema/spring}throttle>,<{http://camel.apache.org/schema/spring}throwException>,<{http://camel.apache.org/schema/spring}tidyMarkup>,<{http://camel.apache.org/schema/spring}to>,<{http://camel.apache.org/schema/spring}toD>,<{http://camel.apache.org/schema/spring}tokenize>,<{http://camel.apache.org/schema/spring}topic>,<{http://camel.apache.org/schema/spring}transacted>,<{http://camel.apache.org/schema/spring}transform>,<{http://camel.apache.org/schema/spring}univocity-csv>,<{http://camel.apache.org/schema/spring}univocity-fixed>,<{http://camel.apache.org/schema/spring}univocity-header>,<{http://camel.apache.org/schema/spring}univocity-tsv>,<{http://camel.apache.org/schema/spring}unmarshal>,<{http://camel.apache.org/schema/spring}validate>,<{http://camel.apache.org/schema/spring}verb>,<{http://camel.apache.org/schema/spring}vtdxml>,<{http://camel.apache.org/schema/spring}weighted>,<{http://camel.apache.org/schema/spring}when>,<{http://camel.apache.org/schema/spring}wireTap>,<{http://camel.apache.org/schema/spring}xmlBeans>,<{http://camel.apache.org/schema/spring}xmljson>,<{http://camel.apache.org/schema/spring}xmlrpc>,<{http://camel.apache.org/schema/spring}xpath>,<{http://camel.apache.org/schema/spring}xquery>,<{http://camel.apache.org/schema/spring}xstream>,<{http://camel.apache.org/schema/spring}xtokenize>,<{http://camel.apache.org/schema/spring}yaml>,<{http://camel.apache.org/schema/spring}zip>,<{http://camel.apache.org/schema/spring}zipFile>
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"interceptFrom"). Expected elements are <{http://camel.apache.org/schema/spring}aggregate>,<{http://camel.apache.org/schema/spring}aop>,<{http://camel.apache.org/schema/spring}avro>,<{http://camel.apache.org/schema/spring}barcode>,<{http://camel.apache.org/schema/spring}base64>,<{http://camel.apache.org/schema/spring}batch-config>,<{http://camel.apache.org/schema/spring}bean>,<{http://camel.apache.org/schema/spring}beanio>,<{http://camel.apache.org/schema/spring}bindy>,<{http://camel.apache.org/schema/spring}boon>,<{http://camel.apache.org/schema/spring}castor>,<{http://camel.apache.org/schema/spring}choice>,<{http://camel.apache.org/schema/spring}circuitBreaker>,<{http://camel.apache.org/schema/spring}constant>,<{http://camel.apache.org/schema/spring}contextScan>,<{http://camel.apache.org/schema/spring}convertBodyTo>,<{http://camel.apache.org/schema/spring}crypto>,<{http://camel.apache.org/schema/spring}csv>,<{http://camel.apache.org/schema/spring}customDataFormat>,<{http://camel.apache.org/schema/spring}customLoadBalancer>,<{http://camel.apache.org/schema/spring}dataFormats>,<{http://camel.apache.org/schema/spring}delay>,<{http://camel.apache.org/schema/spring}delete>,<{http://camel.apache.org/schema/spring}description>,<{http://camel.apache.org/schema/spring}doCatch>,<{http://camel.apache.org/schema/spring}doFinally>,<{http://camel.apache.org/schema/spring}doTry>,<{http://camel.apache.org/schema/spring}dynamicRouter>,<{http://camel.apache.org/schema/spring}el>,<{http://camel.apache.org/schema/spring}enrich>,<{http://camel.apache.org/schema/spring}exchangeProperty>,<{http://camel.apache.org/schema/spring}expression>,<{http://camel.apache.org/schema/spring}expressionDefinition>,<{http://camel.apache.org/schema/spring}failover>,<{http://camel.apache.org/schema/spring}filter>,<{http://camel.apache.org/schema/spring}flatpack>,<{http://camel.apache.org/schema/spring}from>,<{http://camel.apache.org/schema/spring}get>,<{http://camel.apache.org/schema/spring}groovy>,<{http://camel.apache.org/schema/spring}gzip>,<{http://camel.apache.org/schema/spring}head>,<{http://camel.apache.org/schema/spring}header>,<{http://camel.apache.org/schema/spring}hessian>,<{http://camel.apache.org/schema/spring}hl7>,<{http://camel.apache.org/schema/spring}ical>,<{http://camel.apache.org/schema/spring}idempotentConsumer>,<{http://camel.apache.org/schema/spring}inOnly>,<{http://camel.apache.org/schema/spring}inOut>,<{http://camel.apache.org/schema/spring}intercept>,<{http://camel.apache.org/schema/spring}interceptFrom>,<{http://camel.apache.org/schema/spring}interceptSendToEndpoint>,<{http://camel.apache.org/schema/spring}jacksonxml>,<{http://camel.apache.org/schema/spring}javaScript>,<{http://camel.apache.org/schema/spring}jaxb>,<{http://camel.apache.org/schema/spring}jibx>,<{http://camel.apache.org/schema/spring}json>,<{http://camel.apache.org/schema/spring}jsonpath>,<{http://camel.apache.org/schema/spring}jxpath>,<{http://camel.apache.org/schema/spring}language>,<{http://camel.apache.org/schema/spring}loadBalance>,<{http://camel.apache.org/schema/spring}log>,<{http://camel.apache.org/schema/spring}loop>,<{http://camel.apache.org/schema/spring}lzf>,<{http://camel.apache.org/schema/spring}marshal>,<{http://camel.apache.org/schema/spring}method>,<{http://camel.apache.org/schema/spring}mime-multipart>,<{http://camel.apache.org/schema/spring}multicast>,<{http://camel.apache.org/schema/spring}mvel>,<{http://camel.apache.org/schema/spring}ognl>,<{http://camel.apache.org/schema/spring}onCompletion>,<{http://camel.apache.org/schema/spring}onException>,<{http://camel.apache.org/schema/spring}optimisticLockRetryPolicy>,<{http://camel.apache.org/schema/spring}options>,<{http://camel.apache.org/schema/spring}otherwise>,<{http://camel.apache.org/schema/spring}packageScan>,<{http://camel.apache.org/schema/spring}param>,<{http://camel.apache.org/schema/spring}patch>,<{http://camel.apache.org/schema/spring}pgp>,<{http://camel.apache.org/schema/spring}php>,<{http://camel.apache.org/schema/spring}pipeline>,<{http://camel.apache.org/schema/spring}policy>,<{http://camel.apache.org/schema/spring}pollEnrich>,<{http://camel.apache.org/schema/spring}post>,<{http://camel.apache.org/schema/spring}process>,<{http://camel.apache.org/schema/spring}properties>,<{http://camel.apache.org/schema/spring}property>,<{http://camel.apache.org/schema/spring}protobuf>,<{http://camel.apache.org/schema/spring}put>,<{http://camel.apache.org/schema/spring}python>,<{http://camel.apache.org/schema/spring}random>,<{http://camel.apache.org/schema/spring}recipientList>,<{http://camel.apache.org/schema/spring}redeliveryPolicy>,<{http://camel.apache.org/schema/spring}ref>,<{http://camel.apache.org/schema/spring}removeHeader>,<{http://camel.apache.org/schema/spring}removeHeaders>,<{http://camel.apache.org/schema/spring}removeProperties>,<{http://camel.apache.org/schema/spring}removeProperty>,<{http://camel.apache.org/schema/spring}resequence>,<{http://camel.apache.org/schema/spring}responseHeader>,<{http://camel.apache.org/schema/spring}responseMessage>,<{http://camel.apache.org/schema/spring}rest>,<{http://camel.apache.org/schema/spring}restBinding>,<{http://camel.apache.org/schema/spring}restConfiguration>,<{http://camel.apache.org/schema/spring}restContextRef>,<{http://camel.apache.org/schema/spring}restProperty>,<{http://camel.apache.org/schema/spring}rests>,<{http://camel.apache.org/schema/spring}rollback>,<{http://camel.apache.org/schema/spring}roundRobin>,<{http://camel.apache.org/schema/spring}route>,<{http://camel.apache.org/schema/spring}routeBuilder>,<{http://camel.apache.org/schema/spring}routeContextRef>,<{http://camel.apache.org/schema/spring}routes>,<{http://camel.apache.org/schema/spring}routingSlip>,<{http://camel.apache.org/schema/spring}rss>,<{http://camel.apache.org/schema/spring}ruby>,<{http://camel.apache.org/schema/spring}sample>,<{http://camel.apache.org/schema/spring}script>,<{http://camel.apache.org/schema/spring}secureXML>,<{http://camel.apache.org/schema/spring}serialization>,<{http://camel.apache.org/schema/spring}setBody>,<{http://camel.apache.org/schema/spring}setExchangePattern>,<{http://camel.apache.org/schema/spring}setFaultBody>,<{http://camel.apache.org/schema/spring}setHeader>,<{http://camel.apache.org/schema/spring}setOutHeader>,<{http://camel.apache.org/schema/spring}setProperty>,<{http://camel.apache.org/schema/spring}simple>,<{http://camel.apache.org/schema/spring}soapjaxb>,<{http://camel.apache.org/schema/spring}sort>,<{http://camel.apache.org/schema/spring}spel>,<{http://camel.apache.org/schema/spring}split>,<{http://camel.apache.org/schema/spring}sql>,<{http://camel.apache.org/schema/spring}sticky>,<{http://camel.apache.org/schema/spring}stop>,<{http://camel.apache.org/schema/spring}stream-config>,<{http://camel.apache.org/schema/spring}string>,<{http://camel.apache.org/schema/spring}syslog>,<{http://camel.apache.org/schema/spring}tarfile>,<{http://camel.apache.org/schema/spring}terser>,<{http://camel.apache.org/schema/spring}threadPoolProfile>,<{http://camel.apache.org/schema/spring}threads>,<{http://camel.apache.org/schema/spring}throttle>,<{http://camel.apache.org/schema/spring}throwException>,<{http://camel.apache.org/schema/spring}tidyMarkup>,<{http://camel.apache.org/schema/spring}to>,<{http://camel.apache.org/schema/spring}toD>,<{http://camel.apache.org/schema/spring}tokenize>,<{http://camel.apache.org/schema/spring}topic>,<{http://camel.apache.org/schema/spring}transacted>,<{http://camel.apache.org/schema/spring}transform>,<{http://camel.apache.org/schema/spring}univocity-csv>,<{http://camel.apache.org/schema/spring}univocity-fixed>,<{http://camel.apache.org/schema/spring}univocity-header>,<{http://camel.apache.org/schema/spring}univocity-tsv>,<{http://camel.apache.org/schema/spring}unmarshal>,<{http://camel.apache.org/schema/spring}validate>,<{http://camel.apache.org/schema/spring}verb>,<{http://camel.apache.org/schema/spring}vtdxml>,<{http://camel.apache.org/schema/spring}weighted>,<{http://camel.apache.org/schema/spring}when>,<{http://camel.apache.org/schema/spring}wireTap>,<{http://camel.apache.org/schema/spring}xmlBeans>,<{http://camel.apache.org/schema/spring}xmljson>,<{http://camel.apache.org/schema/spring}xmlrpc>,<{http://camel.apache.org/schema/spring}xpath>,<{http://camel.apache.org/schema/spring}xquery>,<{http://camel.apache.org/schema/spring}xstream>,<{http://camel.apache.org/schema/spring}xtokenize>,<{http://camel.apache.org/schema/spring}yaml>,<{http://camel.apache.org/schema/spring}zip>,<{http://camel.apache.org/schema/spring}zipFile>
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleEvent(UnmarshallingContext.java:740)
at com.sun.xml.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:262)
Probably I need to wrap the interceptFrom using a element similar to the way I wrapped the Rest and RouteDefinitions. But, not sure how.
I am not sure if I am doing it the correct way.
Can somehow help me on this.
Also, I see there is a InterceptStrategy which can be set to the camelcontext.
Is there a way I can use that to do AOP like processsing for my routes by applying the caching concern instead of InterceptFrom.
Also, my Camel Application is based on Spring Boot, so is there any feature in Spring Boot which I can use to intercept the route calls.
I have added the sample project which I had created to load my routes and apiroutes in this repo using XML files. Similarly, I would want to apply the cross cutting concern of caching using interceptors so that they do not mix with route logic. I am looking for a way to use the interceptFrom camel feature so that I can intercept every message to a route and handle them accordingly. I am not sure how to load the interceptors or how to have them linked with the routes.
https://github.com/sri420/compositerepo/tree/master/CompositeApplication
I have currently removed the code which I had added to load the interceptors because of namespace error. Once, I get the correct approach of the solution I will add the same accordingly.

Can you give the full Intercept.xml? Seems your Intercept.xml xml file have the wrong namespace, just like
<camelContext xmlns="http://camel.apache.org/schema/spring">
<!-- intercept incoming messages and route them to the mock:middle1 endpoint
before we proceed and continue routing from the point of interceptions, that
is mock:end will be the next target -->
<interceptFrom>
<to uri="mock:middle1"/>
</interceptFrom>
<!-- here we have a very simple route -->
<route>
<from uri="direct:start"/>
<to uri="mock:end"/>
</route>
</camelContext>

Spring security oauth2 wrongly using internal URL as current URI for redirection

In the Spring definition of a remote resource that is protected via OAuth2 to which the client application wants access, I set use-current-uri to true, in other words, the current URI should be used as a redirect (if available). It looks like:
<oauth:resource id="myResourceId" type="authorization_code"
client-id="${clientId}" client-secret="${clientSecret}"
access-token-uri="${accessTokenUri}"
user-authorization-uri="${userAuthorizationUri}"
use-current-uri="true"
scope="myScope"
pre-established-redirect-uri="${preEstablishedRedirectUri}"/>
Now the problem is, the Spring Security OAuth2 client will pick up the current internal Tomcat URL instead of the public web application's URL. The scenario is Tomcat server sitting behind Apache server, which results in two sets of URLs:
The public web application's URL is http://example.com/users/login
The internal Tomcat URL is http://localhost:8080/myapplication/users/login
Because the redirection URL is for the authorization server (e.g., Twitter, ORCID) to use to send back the authorization code, the public web application's URL should be used, not the internal one.
By the way, I'm using the following version of spring-security-oauth2:
spring-security-oauth2-1.0.5.RELEASE
spring-core-3.1.2.RELEASE
spring-security-core-3.1.3.RELEASE
Wonder if there is a way to tell Spring to use the public URL. Thanks.

Inside your tomcat conf/server.xml's connector element , try setting your public URLs that front tomcat like this:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyName="example.com"
proxyPort="443" (or whatever port you are using, same goes for scheme )
scheme="https" />
This way tomcat's internal getServerName and getServerPort methods will start giving the correct values which hopefully should create the correct URL.
You might also want to configure your webserver to route requests falling at
http://example.com/users/login to http://localhost:8080/myapplication/users/login if not already done.

regarding CSRF Filter in Tomcat 7 url encoding

I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter.
This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or HttpServletResponse#encodeURL(String).
However, I see that in my application we are not using the above mentioned methods. We forward the response using mapping.findForward(target); without touching the request or response object. Can you please let me know how or where can I integrate encodeURL() or encodeRedirectURL() methods in my code?
Any help in this regard is appreciated.
Thanks,

You can Write a Servlet and map all urls (/*) to this servlet in your web.xml file. now you can use encodeUrl method through HttpServletResponse.

Spring image files access cause 404 not found

When I put below url which exists on Server, I get the 404 error
localhost/PDFDemo/resources/jquery/css/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code `403 (Forbidden)` can be used instead. The `410 (Gone)` status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
I had same problem for javascript files and resolved the issue by putting below in web.xml
<mime-mapping>
<extension>js</extension>
<mime-type>text/javascript</mime-type>
</mime-mapping>
Are there equivalent codes for jsp and images which I can put in contextConfigLocation(eg : servlet.xml).

The problem is that you are mapping the Spring Dispatcher Servlet to the root context, so Spring wants to handle every request (which isn't in itself a problem if you have it configured correctly). Adding something like this:
<mvc:resources mapping="/resources/**" location="/public-resources/" cache-period="31556926"/>
Modified for your environment should work. See the documentation for allowing static resources to bypass Spring and go to the default servlet here.
You should also add this to your config so that Spring knows to use the Default Servlet.
<mvc:default-servlet-handler/>
Also, answers to this question may help you.

How to configure port in soap:address in wsdl from the Spring?

The thing is that Apache CXF takes the location attribute from WSDL file and replaces it with the server's URL, including the port. Is there any way to set the port manually to a specific value? If it was possible, I would like to do this from Spring...
The relevant part from WSDL:
...
<port binding="ns:binding" name="someUrl">
<soap:address location="http://localhost/url"/>
</port>
...

I took the basic endpoint configuration from Apache CXF website and added the publishedEndpointUrl="http://newurl:port/..." attribute to jaxws:endpoint element.

Resources