Spring Model or HttpServletRequest object is not overriding on controller - spring

I am working with a spring hibernate project. all pages are working fine but from the last day i am battling with a problem.
In one of page, when page first time load data from controller in model. all data is coming fine.
but after a post request to update some details from page in database and redirect to same GET request. Database is giving updated data which i updated before and printing it to java code. every thing is fine on server side.
But when Model coming on client side on jsp. Old data is coming.
Even i put details in model as well in http request.
Both object not overriding.
One more thing, on my local machine, this page is working fine, but on Live server i am getting this problem.
please help. i am facing this problem from last day.

I think the problem is that the page requested by GET becomes cached by the Browser or some Server.
You should add some informations about now to cache the http response to the response.
Spring helps you:
<mvc:interceptors>
<bean id="webContentInterceptor"
class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="0" />
<property name="useExpiresHeader" value="true" />
<property name="useCacheControlHeader" value="true" />
<property name="useCacheControlNoStore" value="true" />
<property name="alwaysUseFullPath" value="true" />
<property name="cacheMappings">
<props>
<!-- 2678400 seconds = 31 days -->
<prop key="/resources/images/favicon*.ico">2678400</prop>
<prop key="/resources/images/*.png">2678400</prop>
</props>
</property>
</bean>
</mvc:interceptors>
For example this configruation will instruct Spring to prevent caching for every response exept the favicon and png files.

Related

Empty SignatureValue and DigestValue in SOAP Request using Wss4jSecurityInterceptor

I am updating the client of an existing SOAP webservice since the service provider has made some changes to thier security headers in the request.
The requirement is to digitally sign the Timestamp which should be present in the request header and the body should not be digitally signed. I am using XML config to create my SOAP request header and digitally sign the Timestamp.
I am basically using org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor as an interceptor. The problem is that Timestamp gets created in the request header however the SignatureValue and DigestValue tags are empty
I have referred https://docs.spring.io/spring-ws/site/reference/html/security.html#security-wss4j-digital-signatures
Versions:
Spring-ws-core --> 2.0.0.RELEASE
spring-ws-security --> 2.0.0.RELEASE
<bean id="wsClientSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="securementActions" value="Timestamp Signature"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference" />
<property name="securementUsername" value="username" />
<property name="securementPassword" value="keystorepassword" />
<property name="securementSignatureCrypto" ref="clientCrypto"/>
<property name="securementSignatureUser" value="username" />
<property name="securementSignatureParts" value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
</bean>
<bean id="clientCrypto" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="keystorepassword" />
<property name="keyStoreLocation" value="file:${key.store.location}"/>
<property name="keyStoreType" value="jks" />
<property name="keyStoreProvider" value="IBMJCE" />
</bean>
Though the timestamp gets added to the wsse:Security element in the header, the DigestValue and SignatureValue elements belonging to the xmlns:ds="http://www.w3.org/2000/09/xmldsig#" namespace are always empty
This does not happen if I only sign the Body
I also tried using another Interceptor XwsSecurityInterceptor but that does not work without the Wss4jSecurityInterceptor and gives me the same result when used with Wss4jSecurityInterceptor
<bean id="xwsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
<property name="callbackHandlers">
<list>
<ref bean="keyStoreHandler"/>
</list>
</property>
</bean>
<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="keyStore" ref="keyStore"/>
<property name="privateKeyPassword" value="keystorepassword"/>
</bean>
<bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="file:${key.store.location}"/>
<property name="password" value="keystorepassword"/>
</bean>
After referring a number of IBM support posts, I have finally come to the solution and have received a QA signoff too on the implementation. I had to replace all my spring mvc config for creating SSL context with configurations on the WAS server itself.You can configure all this using either scripts or using the WAS console manually.
Steps:
Add an entry to ur applications web.xml.Please refer this post https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/twbs_jaxwsclientdd.html
The link below will give you a step by step guide as to how to configure the request payload to have a signed timestamp on WAS server.
http://pglezen.github.io/was-config/html/signts.html#sec.signts.keystores.consumer
It basically focusses on :
Policy Set Creation:This will Specify the element or elements to be signed or encrypted in this message part.In our case its the timestamp in the header
Client Policy Set Bindings. If you are the provider you have to refer the provider Policy set bindings section.This involves creation of truststore and keystore required to configure your SSL context. Also has configurations for any proxy settings that you might require.
Finally take a JNDI reference of the service whereever you need to call a particular operation in the service.Refer https://www.ibm.com/support/knowledgecenter/SSAW57_9.0.5/com.ibm.websphere.nd.multiplatform.doc/ae/twbs_jaxwsclientdd.html
Once this done, Simply navigate to Services--> Service Clients and you should have your service refs visible there. You should now attach the Policy set and the bindings created above to the Service client references created in WAS due to point 1 above.You might have to write a script to attach the polict set and binding since after deployment you dont want to do this step manually
Please note: this solution came into picture sicne the version of WAS 8.5.5.16,spring -3.0.5.RELEASE and spring-ws-2.0.0.RELEASE did not support signing of timestamp in the request payload of the SOAP service request. Hope this helps someone !!

Spring MVC refresh database beans in application context

I am developping a Spring MVC web application that use the dbcp database connection pool.
<bean id="datasourceAR_XXX" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" scope="singleton">
<property name="driverClassName"><value>oracle.jdbc.driver.OracleDriver</value></property>
<property name="url"><value>jdbc:oracle:thin:#XXX.XXX.com:1500:SERVICE</value></property>
<property name="maxActive"><value>100</value></property>
<property name="maxIdle"><value>10</value></property>
<property name="username"><value>XXX</value></property>
<property name="password"><value>XXX</value></property>
</bean>
I recently moved the scope of those beans to singleton because the amount of connection per session started to be a bit too much.
The problem is :
Our database is shutting down every sunday and the spring application seems to act strangely by keeping the socket open and does not refresh the connection as I thought it would do.
Is there a way to refresh the beans scoped as singleton in a way that will refresh the connection everyday and not be obliged to relaunch the application every monday?
What you want to do is to configure validation for your connections. When a connection is borrowed from the pool you want to make sure that that connection is valid. For this you can specify the validationQuery property on your datasource.
<bean id="datasourceAR_XXX" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" scope="singleton">
<property name="driverClassName"><value>oracle.jdbc.driver.OracleDriver</value></property>
<property name="url"><value>jdbc:oracle:thin:#XXX.XXX.com:1500:SERVICE</value></property>
<property name="maxActive"><value>100</value></property>
<property name="maxIdle"><value>10</value></property>
<property name="username"><value>XXX</value></property>
<property name="password"><value>XXX</value></property>
<property name="validationQuery" value="select 1 from dual" />
</bean>
See DBCP - validationQuery for different Databases for a list of possible validation queries for different databases.
There are some issues with Commons DBCP and it is pretty old (although there is a DBCP 2.x now). I would suggest moving to a different datasource like HikariCP this datasource is also a JDBC 4.x based datasource which allows for easier connection validation (it is part of the JDBC 4 spec).
<bean id="datasourceAR_XXX" class="com.zaxxer.hikari.HikariDataSource">
<property name="datasourceClassName" value="oracle.jdbc.pool.OracleDataSource"/>
<property name="maximumPoolSize" value="20" />
<property name="username" value="XXX" />
<property name="password" value="XXX" />
<property name="datasourceProperties">
<props>
<prop key="serverName">XXX.XXX.com</prop>
<prop key="port">1500</prop>
<prop key="databaseName">SERVICE</prop>
</props>
</property>
</bean>
If your oracle driver is new enough you don't need a validation query anymore as validation is provided by the driver instead of needing to be done with a query. Next to that you probably have better results with this pool.
Also you might have a bit of a large pool size, nice article/presentation about pool sizing can be found here.

Intermittent authentication error while sending mails using Spring using smtp.gmail.com

I am trying to send emails through a Spring app using smtp.gmail.com (port 587). The problem is I am intermittently facing the following error.
org.springframework.mail.MailAuthenticationException: Authentication failed; nested exception is javax.mail.AuthenticationFailedException
The error does not appear all the times and mails are sent properly. But sometimes the error appears and mails are not sent. I have set the following to true https://www.google.com/settings/security/lesssecureapps
Following is the configuration
<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<property name="host" value="${mail.host}" />
<property name="port" value="${mail.port}" />
<property name="username" value="${mail.username}" />
<property name="password" value="${mail.password}" />
<property name="javaMailProperties">
<props>
<!-- Use SMTP-AUTH to authenticate to SMTP server -->
<prop key="mail.smtp.auth">true</prop>
<!-- Use TLS to encrypt communication with SMTP server -->
<prop key="mail.smtp.starttls.enable">true</prop>
</props>
</property>
</bean>
<bean id="mailService" class="com.server.service.impl.MailServiceImpl">
<property name="mailSender" ref="mailSender" />
<property name="customMailMessage" ref="customMailMessage" />
</bean>
the properties are given below
mail.transport.protocol=smtp
mail.host=smtp.gmail.com
mail.port=587
mail.username=******
mail.password=******
I believe it's either an unreliability in Gmail, or it's purposely failing to reduce the rate at which you're sending messages. You might try turning on JavaMail Session debugging to see if it provides additional information about the failure. The AuthenticationFailedException usually contains additional information about the failure, but Spring may be hiding that.

setting no cache for different parts of spring mvc 3 using WebContentInterceptor?

Hi there I have developed a dynamic web application that uses Ajax to fetch data from databases and keep the GUI up to date but while testing it with IE8 I am experiencing caching issues.
I used the following code in my webmvc-config.xml file to stop the browser from caching:
<mvc:annotation-driven />
<mvc:interceptors>
<bean id="webContentInterceptor"
class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="0"/>
<property name="useExpiresHeader" value="true"/>
<property name="useCacheControlHeader" value="true"/>
<property name="useCacheControlNoStore" value="true"/>
</bean>
</mvc:interceptors>
and it works exactly as it should, but the problem is that now the browser obviously doesn't cache anything. what I want to know is how to modify that xml code so that it applies to the Ajax parts of the web app (which are controlled using 5 Controller files); so that the icons..etc are still cached? The path to these controller files would be something like "/admin/**"
I know that the Spring WebContentInterceptor has properties such as "setCacheMappings" and "setPathMatcher" but there is nowhere online that I can find examples of these being using in the xml config file.
ANY help would be much appreciated, it's really doing my head in.. Thanks. Jake
In your <mvc:interceptors> you can restrict the URL path each interceptor should apply to, as follows:
<mvc:interceptors>
<mvc:interceptor>
<mapping path="/admin/*"/>
<bean id="webContentInterceptor" ..... />
</mvc:interceptor>
<mvc:interceptors>
It's all explained here.

Spring SimpleUrlHandlerMapping not allowing routing for any html page

I'm trying to implement a file upload in my Spring application based on the Spring documentation. However, when I add the SimpleUrlHandlerMapping reference, I can't even route to my login page.
In my web.xml, I have all .htm files mapped to my servlet:
<servlet-mapping>
<servlet-name>myapp</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
then, in myapp-servlet.xml, I have this:
<bean name="/login.htm" class="com.example.web.LoginFormController">
<property name="sessionForm" value="true" />
<property name="commandName" value="loginCommand" />
<property name="commandClass" value="com.example.command.LoginCommand" />
<property name="authenticationService" ref="authenticationService" />
<property name="loginDataAccess" ref="loginDAO" />
<property name="validator" ref="loginValidator" />
<property name="formView" value="login" />
<property name="successView" value="hello.htm" />
</bean>
This allows me to go to the login page and login. However, when I add the following based on the documentation, I get this error: No mapping found for HTTP request with URI [/myapp/login.htm] in DispatcherServlet with name 'myapp'
These are the lines I added to the myapp-servlet.xml file:
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>/upload.form=fileUploadController</value>
</property>
</bean>
<bean id="fileUploadController" class="com.example.web.FileUploadController">
<property name="commandClass" value="com.example.domain.FileUploadBean" />
<property name="formView" value="fileuploadform" />
<property name="successView" value="hello.htm" />
</bean>
If I take out the urlMapping section, I can navigate to the upload page, but then I get an IllegalStateException. How do I have Spring route the htm files normally and allow me to upload a file? Shouldn't the urlMapping only matter when the upload.form is called?
Update
Per SKaffman's answer, I updated the myapp-servlet.xml to look like this:
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>
/upload.form=fileUploadController
/upload.htm=fileUploadController
/login.htm=loginController
</value>
</property>
</bean>
This allows me to navigate to the upload page, but when I click on the submit button, I get a 404 for upload.form saying "(/myapp/upload.form) is not available." If I take the upload.htm out of the mapping, I can't navigate to that page. I don't know what mapping to use for both the page and the upload. The upload page has this action defined:
<form method="post" action="upload.form" enctype="multipart/form-data">
By default, Spring registers multiple HandlerMapping beans automatically, including a BeanNameUrlHandlerMapping. This handler allows you to use things like <bean name="/login.htm"> without any additional configuration.
However, as soon as you add an explicit handler mapping bean, like your SimpleUrlHandlerMapping, then the default ones are no longer registered, and your login controller will not longer be mapped.
The simplest solution for you is probably to add your login controller to the SimpleUrlMappingHandler:
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>/login.htm=loginController</value>
<value>/upload.form=fileUploadController</value>
</property>
</bean>
<bean id=loginController" class="com.example.web.LoginFormController">
...
</bean>

Resources