I'm using jersey 2.4 grizzly2-http container in my application and was wondering is there a way to get the Remote Host address inside a Request Filter. I would like to reject all requests that are not coming from a list of allowed remote IPs.
Thanks
Josip
I would recommend using a servlet filter external to Jersey. This will be much more customizable. Tomcat has one natively, but you could always role your own. This way you can externalize this from your code and make changes in your web.xml without having to rebuild your app.
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
Here is a more generic one you could use with grizzly
java- using a filter to check remote address
Related
We can create restful API in spring boot jar file?
1)can we split multiple jar file in Apache server?
2) if we split multiple jar file how will identify which jar contain correct rest APIs
How spring boot jar file will work in server?
For Development Environment
You can configure ports via application.properties or via system properties.
Or with option to jvm --server.port=8081
So, there is no problem to run a few APIs on single machine with different ports.
You don't need Apache Server. Spring Boot has it's own embedded for you. So, you can easily use it.
Let's say you have two APIs.
localhost:8081 (Checkout Service)
localhost:8082 (Payment Service)
Hostname and port - it's your identification for each service.
When you trying to search something in Google.
You browser - it's a client.
And Google's servers - it's a server.
The same here. Checkout Service trying to delegate some job to Payment Service. So, Checkout Service - it's a client. And this client should know the address of Payment Service.
For Production Environment
You should think twice, how you will monitor performance, manage scalability and so on.
I need to do some processing on the endpoint classes before they can be deployed and then deploy them manually. However it seems simply having a class annotated with #ServerEndpoint in my war is enough to deploy the endpoint in Tomcat and when I try to manually deploy later obviously I can't because the URL has been deployed already. Is there any way to disable the autodiscovery of endpoints?
Looking at the source for the version I'm using - 8.0.28, there's no dedicated option. The code deploying the endpoints is in org.apache.tomcat.websocket.server.WsSci. The quickest 'shurest' hack is to put my endpoints into the javax.websocket package. I elected to use their ServerApplicationConfig hook instead which serves my purposes if with some minor issues.
Based on an answer from #andy-wilkinson to a past Spring Boot question, it appears that with the exception of a couple parameters (port for example), the management server leverages the same configuration as the regular servlet container.
I would like to configure the main Spring Boot server to use HTTPS (for the application/service it is serving) and to use just HTTP for the actuator endpoints. Has anyone done this? Is this even possible?
-Joshua
It's not possible at the moment. Please open an issue if it's an enhancement that you'd like to see.
I have a server running on tomcat exposing Spring services using HttpInvoker.
I have exposed the methods of 5 services using HTTPInvoker.
This works very well.
The spring configuration is described in a file named remoting-servlet.xml; and the remoting servlet (DispatcherServlet) is described in the web.xml.
I now have an additional need to expose one additional service using JAX-WS this time (I will have C# clients).
I will use Spring support to JAX-WS.
I have the option to use the default deployment, or to use JAX-WS RI's to deploy this additional service to the same server as the remoting servlet.
I would prefer this last solution, because I would have only one server providing the remote services (whether they are web services or httpinvokers).
My question is: is this possible?
I think that I can I put the 2 servlets on the same port. But my issue is that it seems to me that I will have to provide 2 different application contexts. One for the DispatcherServlet, and one for the WSSpringServlet.
Is that correct?
Is it possible to put the WSSpringServlet context definition to the same file as the one for the httpinvokers (remoting-servlet.xml)?
Many thanks
Gilles
How will you force http connection to use https when clients try to connect to the server using spring-ws? I have seen some examples that uses WebSecurityConfigurerAdapter, but what is the best way of doing it for annotation based (No XML configuration file exists) spring-ws?
That really depends on the container you're running Spring-WS in. For instance, in Tomcat, you have to put a security constraint in your web.xml.
Actually I ended up using Spring EndpointInterceptors to accomplish this. Here is one example I referred to:http://spring-webservice-2-step-by-step.blogspot.com/2011/12/spring-web-services-20-step-by-step.html