I am using Spring MVC for a website with two languages: English and Chinese.
I have the following in the Spring context
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="lang" />
</bean>
I am able to see the language of the website changes if I select another language through a dropdown in the HTML interface.
Suppose I am viewing the website when its language is Chinese. I close the browser. Then I open the browser again and I enter the url of the website without the lang parameter in the URL.
Here is the issue: Chrome is able to remember what the language was when the browser was closed and use that language when the new browser window is opened. This is the behavior I want to have. However, Firefox does not. When I open it and enter the site url, it always shows the site in the site's default language (English in this case).
How can I make the Firefox (or other browsers) open the site with the language used when it was closed?
Thanks!
You also need to add a SessionLocaleResolver.
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="en" />
</bean>
If you do not add this then I'm pretty sure the default behavior is that the AcceptHeaderLocaleResolver will be used, which resolves the locale by checking the accept-language header in the HTTP request. This means your browser will make the determination, use your language preferences and send the language choice in the accept header.
If your application is stateless then you may need to use the CookieLocaleResolver instead.
After research, I found out the solution. I need to set locale resolver this way:
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="defaultLocale" value="en" />
<property name="cookieName" value="clientLang" />
<property name="cookieMaxAge" value="31556926" />
</bean>
Put it another, I need to give it life to persistent for some time by setting a value to cookieMaxAge. I tested it out in Firefox and Safari, it worked well. This thread has the credit:
When I used CookieLocaleResolver, I can set invalid cookie to crash spring web application
Cheers!
Related
I support a website that uses Spring Security (5.3.3.RELEASE). The site can't be displayed in iframe in other sites because of the following configuration
<security:headers>
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
Now I am asked to allow a few pages to be displayed in iframe in ANY other sites (not a specific list of sites). I looked at the Spring documentation, and it appears that I can add a bean in the following way:
<security:headers>
<security:frame-options policy="SAMEORIGIN" ref="bean_id"/>
</security:headers>
I am not able to find info about what interface or methods the bean (bean_id) must implement or whether it can be used to decide what pages are frameable. Any help or example is really appreciated.
The interface is of type AllowFromStrategy. But that interface is deprecated since the ALLOW-FROM is an obsolete directive that no longer works in modern browsers, see here. The alternative is to use CSP: frame-ancestors.
Spring Security has support for the Content-Security-Policy header. You can rely on the DelegatingRequestMatcherHeaderWriter implementation to add the headers only to specific pages, like so:
<http>
<!-- ... -->
<headers>
<header ref="headerWriter"/>
</headers>
</http>
<beans:bean id="headerWriter"
class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<beans:constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher"
c:pattern="/page-with-csp"/>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter"/>
</beans:constructor-arg>
</beans:bean>
I was advised that the proper way to load multiple share customisations was to create a custom bootstrap for it like so:
<!-- Provide extensions config -->
<bean id="MyCustomClientConfig" class="org.springframework.extensions.config.ConfigBootstrap" init-method="register">
<property name="configService" ref="web.config" />
<property name="configs">
<list>
<value>classpath:alfresco/web-extension/mycustom-config.xml</value>
</list>
</property>
</bean>
However the customisations in my custom share config, specifically making an aspect visible, does not seem to be working.
I'd like to find a log4j debugging key that I can enable or 'turn up' to get more debugging info out, ideally to see if this bootstrap, which is in a *-context.xml file is being loaded.
I'm deploying this code as an AMP if that's relevant, and I've placed the context file in config/alfresco/web-extension
I'm implementing a cache busting system for a Spring MVC application.
For this system to work, I have to strip the "cache busting code" from a given url. Let's say my generated cache busting code is "123" and I have a .css url that is: /public-123/css/style.css. In this example, I want /public/css/style.css to be succesfully called (-123 must be stripped).
This works in my "mvc-config.xml" context file:
<mvc:resources mapping="/public-123/**" location="/public/" />
But I would also like any cache busting code to work, even if it's not the current one. For example, I would also like /public-456/css/style.css to reach the style.css file.
If I try to add another wildcard to the mapping:
<mvc:resources mapping="/public-*/**" location="/public/" />
It doesn't work! I receive a 404....
How could I specify the "mapping" attribute so any code after the "public-" part is well managed?
One way to handle this is to use Spring EL, as shown in the Spring docs:
<mvc:resources mapping="/resources-#{applicationProps['application.version']}/**" location="/public-resources/"/>
You could probably store the "123" part in a properties file so it only gets set once. E.g. via property-placeholder:
<context:property-placeholder location="classpath:myApp.properties"/>
<mvc:resources mapping="/resources-${cache.code}/**" location="/public-resources/"/>
This has the advantage of being able to read this code in your JSP pages (to generate links) via the same properties value.
I managed to get this working by manually defining the ResourceHttpRequestHandler to handle assets that are located on the filesystem alongside the <mvc:resources /> tag:
<bean id="assetsResourceHandler" class="org.springframework.web.servlet.resource.ResourceHttpRequestHandler">
<property name="locations">
<list>
<bean class="org.springframework.core.io.UrlResource">
<constructor-arg value="file:#{applicationProps['assets.basedir']}"></constructor-arg>
</bean>
</list>
</property>
</bean>
I guess you're doing this to achieve cache busting for your static resources.
In the meantime, Spring 4.1 has dedicated features for this, so you can remove a lot of that custom configuration.
Something like this:
<mvc:resources mapping="/public/**" location="/public/"/>
<mvc:resource-chain resource-cache="true">
<mvc:resolvers>
<mvc:version-resolver>
<mvc:content-version-strategy patterns="/**"/>
</mvc:version-resolver>
</mvc:resolvers>
</mvc:resource-chain>
</mvc:resources>
We are using wurfl-device-resolver to handle mobile devices that access our application and everything is working as a charm. However Internet Explorer is being detected as a mobile device. We already added the official web browser xml patch that is supposed to solve this but with no results. This is how the device resolver configuration looks like:
<mvc:interceptors>
<bean id="deviceResolver" class="org.springframework.mobile.device.mvc.DeviceResolverHandlerInterceptor">
<constructor-arg>
<device:wurfl-device-resolver root-location="/WEB-INF/wurfl/wurfl.zip" patch-locations="/WEB-INF/wurfl/web_browsers_patch.xml"/>
</constructor-arg>
</bean>
</mvc:interceptors>
Any ideas?
What is a simple way to resolve the path to a JSP file that is not located in the root JSP directory of a web application using SpringMVCs viewResolvers? For example, suppose we have the following web application structure:
web-app
|-WEB-INF
|-jsp
|-secure
|-admin.jsp
|-admin2.jsp
index.jsp
login.jsp
I would like to use some out-of-the-box components to resolve the JSP files within the jsp root folder and the secure subdirectory. I have a *-servlet.xml file that defines:
an out-of-the-box, InternalResourceViewResolver:
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property>
<property name="prefix" value="/WEB-INF/jsp/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
a handler mapping:
<bean id="handlerMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/index.htm">urlFilenameViewController</prop>
<prop key="/login.htm">urlFilenameViewController</prop>
<prop key="/secure/**">urlFilenameViewController</prop>
</props>
</property>
</bean>
an out-of-the-box UrlFilenameViewController controller:
<bean id="urlFilenameViewController" class="org.springframework.web.servlet.mvc.UrlFilenameViewController">
</bean>
The problem I have is that requests to the JSPs in the secure directory cannot be resolved, as the jspViewResolver only has a prefix defined as /jsp/ and not /jsp/secure/.
Is there a way to handle subdirectories like this? I would prefer to keep this structure because I'm also trying to make use of Spring Security and having all secure pages in a subdirectory is a nice way to do this.
There's probably a simple way to acheive this but I'm new to Spring and the Spring MVC framework so any pointers would be appreciated.
I haven't been able to discover the exact solution to the question I asked but I do have a workaround that suits my particular requirements. The problem seems to lie in the hander mapping. If specified as in the example in the post, any requests to pages in the secure folder result in a failed attempt to locate the actual JSP file in the /WEB-INF/JSP/ folder when of course the actual file is located in /WEB-INF/jsp/secure/.
However, if specified like so:
<bean id="handlerMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/login.htm">loginFormController</prop>
<prop key="**/*.htm">urlFilenameViewController</prop>
</props>
</property>
</bean>
Then all the pages are resolved correctly. A request to /login.html will go to a specific form controller but requests to all other pages, no matter whether they are in the root JSP directory or a sub directory will be found. For me this is fine because what I was really looking for was a way to avoid specifiying a controller for every page in the application (hmmm... perhaps I should have made that clear in the first post - and perhaps there are better ways to do this anyway(?)) . The **/*.htm acts as a catch-all case and any pages that I want handled by a different controller can be specified explicitly above this property, as demonstrated by /login.htm.
Try with UrlFilenameViewController or return new ModelAndView("secure/login");
You can try giving names of the views in the Controller like
<property name="formView" value="secure/admin"/>
<property name="successView" value="secure/admin2"/>
having prefix and suffix mapped as below
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
This will eventually map to /WEB-INF/jsp/secure/admin.jsp and /WEB-INF/jsp/secure/admin2.jsp
You need to set the alwaysUseFullPath property in in the Handler to true:
<bean id="handlerMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
...
<property name="alwaysUseFullPath" value="true" />
</bean>
This will force the handler to use the '/secure/' part of the URI and then the resolver will include it when looking for a JSP in WEB-INF/jsp.
It seems like this ought to work, according to the docs:
http://static.springsource.org/spring/docs/3.0.x/api/org/springframework/web/servlet/mvc/UrlFilenameViewController.html
The configs you have shown seem to match up with the examples in the doc. If your Spring MVC dispatcher servlet is mapped to "/" then requests to "{context}/secure/whatever.jsp" should get translated to view name "secure/whatever". Maybe it has something to do with the "**" wildcard? Or maybe some of your other configs are not right? Can you include the portion of your web.xml where you set up your Spring dispatcher servlet and also include the full paths you're requesting in your browser?
Another way to find the problem would be to to download the Spring MVC source code and include it in your app, then use a debugger to see exactly what is going on in both the SimpleUrlHandlerMapping and UrlFilenameViewController beans to try to pinpoint the error. You should be able to pretty quickly determine where things are going wrong that way.
You need to set the property as follows:
<property name="prefix" value="/WEB-INF/jsp/"/>
and then you can access the URI secure/admin1.jsp
All sub folders can be accessed by using wild card in prefix
From controller you can simply return jsp name as string and the jsp will be displayed even if it is under sub folders of /WEB-INF/jsp/ like /WEB-INF/jsp/abc