I am learning Spring MVC (with Thymeleaf) while porting over a JBoss Seam website to Spring MVC.
I am trying to replace a HTTPServlet (doPost to /myservlet) with a Spring Controller with the following code:
#RequestMapping(value="/myservlet", method = RequestMethod.POST)
public String executeAction(HttpServletRequest request, HttpServletResponse response) throws IOException {
StringBuilder buffer = new StringBuilder();
BufferedReader reader = request.getReader();
String line;
while((line = reader.readLine()) != null) {
buffer.append(line);
}
String payload = buffer.toString();
System.out.println("payload: " + payload);
return "/index";
}
This method needs to read the XML Payload (String) sent via a HTTP Post to this endpoint.
When the external client (.NET - which will be used in the live environment) invokes this I get the following log messages:
[org.springframework.web.servlet.PageNotFound] (default task-3) Request method 'POST' not supported
[org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver] (default task-3) Handler execution resulted in exception: Request method 'POST' not supported
I have also tried this as a HTTPServlet but with the same problem. Can someone please advise as to what I am doing wrong?
The web.xml contents are:
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<error-page>
<error-code>404</error-code>
<location>/404.html</location>
</error-page>
<!-- Send unauthorised request to the 404 page -->
<error-page>
<error-code>403</error-code>
<location>/404.html</location>
</error-page>
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
</web-app>
The xml payload:
<Jobs>
<Job Action="Post">
<AdvertiserName>Advertiser1</AdvertiserName>
<AdvertiserType ValueID="15897">15897</AdvertiserType>
<SenderReference>01111111</SenderReference>
<DisplayReference>DISPLAYREF_635346301296069467_4445_Test89
</DisplayReference>
<Classification ValueID="6211">1002915</Classification>
<SubClassification></SubClassification>
<Position><![CDATA[CASE MANAGER]]></Position>
<Description><![CDATA[ The Case Manager role is the vital link between all parties within the mortgage application process. ...]]></Description>
<Country ValueID="246">United Kingdom</Country>
<Location ValueID="12096">Yorkshire</Location>
<Area ValueID="107646">Bradford</Area>
<PostalCode>BD1 1EE</PostalCode>
<ApplicationURL>http://removed.com/Application.aspx?uPjAaXJ9HmZ04+4i/bqmFAz
</ApplicationURL>
<Language ValueID="120036">2057</Language>
<ContactName>Joe Bloggs</ContactName>
<EmploymentType ValueID="2163">2163</EmploymentType>
<StartDate></StartDate>
<Duration></Duration>
<WorkHours ValueID="2190">2190</WorkHours>
<SalaryCurrency ValueID="1078">1007000</SalaryCurrency>
<SalaryMinimum>16200.00</SalaryMinimum>
<SalaryMaximum>16200.00</SalaryMaximum>
<SalaryPeriod ValueID="2178">1007600</SalaryPeriod>
<JobType>APPLICATION</JobType>
</Job>
</Jobs>
In case anyone else has this issue, the problem is related to the method signature and CSRF.
I got around this by following geoand's advice (thanks) by changing the method signature to add #RequestBody String payload
And by disabling CSRF for the specific URL (/myservlet) but leaving it enabled for the other URL's using the following in the spring security config:
<http auto-config="true" use-expressions="true" pattern="/myservlet" >
<csrf disabled="true"/>
</http>
<http auto-config="true" use-expressions="true" >
<access-denied-handler error-page="/403" />
<form-login login-page="/login.html" authentication-failure-url="/login-error.html" authentication-success-handler-ref="customAuthenticationSuccessHandler" />
<logout logout-success-url="/index" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/advertiser/**" access="hasRole('ROLE_ADVERTISER')" />
<csrf disabled="false"/>
</http>
Thank you all for your replies/comments.
Kaz
I removed crsf
.and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied");
I changed as
and().exceptionHandling().accessDeniedPage("/Access_Denied");//this Work
Related
I'm trying to stream videos from the server's file system. I'm using StreamingResponseBody from Spring to be returned as a response. So I have to process streaming asynchronously.
I did many research of how to configure my web.xml and Spring MVC and I followed this simple tutorial: http://shengwangi.blogspot.de/2015/09/asynchronous-spring-mvc-hello-world.html
but unfortunately without success!
I'm still getting exception telling me "Async support must be enabled on a servlet and for all filters involved in async request processing. This is done in Java code using the Servlet API or by adding "true" to servlet and filter declarations in web.xml" despite I think that I did everything right.
Here's my servlet configuration in web.xml
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/application-context.xml</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>production</param-value>
</context-param>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ASYNC</dispatcher>
</filter-mapping>
<filter>
<display-name>springSecurityFilterChain</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ASYNC</dispatcher>
</filter-mapping>
The code snipt of the Spring MVC configuration:
<mvc:annotation-driven>
<mvc:async-support default-timeout="30000" task-executor="taskExecutor">
</mvc:async-support>
</mvc:annotation-driven>
<bean id="taskExecutor"
class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
<property name="corePoolSize" value="5" />
<property name="maxPoolSize" value="50" />
<property name="queueCapacity" value="10" />
<property name="keepAliveSeconds" value="120" />
</bean>
Here's the request handler:
#GetMapping("/videos/play")
public StreamingResponseBody stream(#RequestParam("code") String code, #RequestParam("locale") String locale) throws FileNotFoundException{
File video = videoService.getVideo(code, locale);
final InputStream videoInputStream = new FileInputStream(video);
return (outputStream) -> {
copyToStream(videoInputStream, outputStream);
};
}
private void copyToStream(final InputStream is, OutputStream os)
throws IOException {
byte[] data = new byte[2048];
int read = 0;
while ((read = is.read(data)) > 0) {
os.write(data, 0, read);
}
os.flush();
}
I appreciate any help, since I'm struggling 3 days ago!
I'm using Tomcat8.0 and Spring 4.3.6
I read many threads which suggest that it is a bug in Tomcat 7 or 8, but it doesn't.The exception makes it clear that async-support must be enabled in ALL filters. Since I tried to do that, but the problem was how I added async support to the filters in web.xml file.
What I did is the following
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ASYNC</dispatcher>
</filter-mapping>
This actually tells that the mapping accept ASYNC requests (I guess), but it doesn't enable the async support in the filter itself.
So in each filter definition we should enable async support, so the springSecurityFilterChain definition becomes:
<filter>
<display-name>springSecurityFilterChain</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
</filter>
I have a very basic setup which I am trying to get working.
web.xml
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/site/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</context-param>
mvc-dispatcher-servlet.xml
<context:component-scan base-package="com.blabla.controller" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/pages/" p:suffix=".jsp"
p:viewClass="org.springframework.web.servlet.view.JstlView" />
In the controller
#Controller
#RequestMapping(value = "/site")
public class SearchController {
#RequestMapping(value = "welcome", method = RequestMethod.GET)
public String test() {
return "test";
}
This is the problem that I have:
I would like to write /site/* as url-pattern in my web.xml, but when I do that I get
WARNING: No mapping found for HTTP request with URI [/site/welcome] in DispatcherServlet with name 'mvc-dispatcher'
When I write /site/welcome in full, everything works, but I dont want this because I dont want to add every page manually to the web.xml
And when I write "/*" as url-pattern i get the error message:
WARNING: No mapping found for HTTP request with URI [/WEB-INF/pages/test.jsp] in DispatcherServlet with name 'mvc-dispatcher'
which I guess makes sense because the the location of the jsp is included in the pattern.
So how do you do it: how can you be sufficiently vague in your url pattern without the problems I just had?
We have Spring MVC application. We are trying to integrate the Spring security in it.
We have written our custom authentication provider which will do the work of authentication.
Below is the code for my custom authentication provider.
public class CustomAuthenticationProvider extends DaoAuthenticationProvider {
#Autowired
private AuthenticationService authenticationService;
#Override
public Authentication authenticate(Authentication authentication) {
CustomAuthenticationToken auth = (CustomAuthenticationToken) authentication;
String username = String.valueOf(auth.getPrincipal());
String password = String.valueOf(auth.getCredentials());
try {
Users user = new User();
user.setUsername(username);
user.setPassword(PasswordUtil.encrypt(password));
user = authenticationService.validateLogin(user);
return auth;
} catch (Exception e) {
throw new BadCredentialsException("Username/Password does not match for " + username);
}
}
#Override
public boolean supports(Class<? extends Object> authentication) {
return (CustomAuthenticationToken.class.isAssignableFrom(authentication));
}
}
Here i am getting NullpointerException on the following line
user = authenticationService.validateLogin(user);
The authenticationService is not getting autowired in the custom authentication provider. While the same service authenticationService is autowired in the same way in my MVC controller.
Is this because authentication provider is a Spring security component?
Below is a my web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/myApp-security.xml
</param-value>
</context-param>
<servlet>
<servlet-name>myApp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/myApp-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myApp</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Edit 1 :-
I have added the following lines in my spring security configuration file.
<beans:bean id="customAuthenticationProvider" class="com.myApp.security.provider.CustomAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
Please help how to autowire my service classes in the Spring security components?
Are you using the <debug/> element? If so, try removing to see if it fixes your problem as SEC-1885 prevents #Autowired from working when using <debug/>.
Perhaps autowiring postprocessor is not enabled in the root application context (but enabled in the DispatcherServlet's context as a side effect of <mvc:annotation-driven> or <context:component-scan>).
You can enable it by adding <context:annotation-config> to myApp-security.xml.
I experienced this issue and came to the conclusion that while autowiring was taking place, the spring security was operating with a completely different instance of the classes. To solve this I imported the security configuration into the spring mvc configuration as below.
This allowed Spring security to share the context with my spring mvc.
<import resource="myapp-security.xml" />
I faced the same issue and fixed it.
The solution is even if u have #Autowired annotation set for Service class.
#Autowired
private AuthenticationService authenticationService;
Removed the bean definition in your dispatcher-servlet.xml and it will work.
<!--
<beans:bean id="customAuthenticationProvider" class="com.myApp.security.provider.CustomAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
-->
and add it in security context file
if you are using Spring MVC then you have to add both spring-security.xml and dispatcher-servlet.xml in contextConfigLocation.
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/dispatcher-servlet.xml
</param-value>
</context-param>
you need to define your CustomAuthenticationProvider as a spring bean (in applicationContext.xml generally or applicationContext-security.xml if you have one)
You should use
You cannot use because your myApp-security.xml is creating another ApplicationContext which doesnt see all the autowiring from your context created by myApp-servlet.xml
I'm a newbie in spring MVC framework. I'm trying to write a simple controller (extends from AbstractController) and want to return a simple view (home.jsp) but seems that the controller's handleRequestInternal() is never called. I'm giving my code below. Any help would be highly appreciated.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="hiperlink is trimmed "
xmlns:xsi="hiperlink is trimmed "
xsi:schemaLocation="hiperlink is trimmed " >
<servlet>
<servlet-name>students</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>students</servlet-name>
<url-pattern>/students/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/WEB-INF/spring-form.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>hiperlink is trimmed java.sun.com/jsp/jstl/core</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>hiperlink is trimmed java.sun.com/jsp/jstl/fmt</taglib-uri>
<taglib-location>/WEB-INF/fmt.tld</taglib-location>
</taglib>
</jsp-config>
</web-app>
students-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="hiperlink is trimmed "
xmlns:xsi="hiperlink is trimmed " xmlns:context="hiperlink is trimmed" xmlns:jaxws="hiperlink is trimmed "
xsi:schemaLocation="hiperlink is trimmed ">
<bean id="handlerMapping"
class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping"/>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean id="myService" class="net.ochinto.student.service.MiscellaneousService"/>
<bean name="/home.htm" class="net.ochinto.student.web.HomePageController">
<property name="myService" ref="myService"/>
</bean>
</beans>
HomePageController.java
public class HomePageController extends AbstractController {
private static final Logger log = LoggerFactory.getLogger(HomePageController.class);
public HomePageController() {
log.debug("HomePageController constructor()");
}
protected ModelAndView handleRequestInternal(
HttpServletRequest request, HttpServletResponse response)
throws Exception {
log.debug("HomePageController handleRequestInternal()");
List<Student> students = myService.getStudentList();
return new ModelAndView("home", "students", students);
}
private MiscellaneousService myService;
public void setMyService(MiscellaneousService myService) {
log.debug("HomePageController setMyService() - start");
this.myService = myService;
log.debug("HomePageController setMyService() - end");
}
}
welcome page is ok but when I write /students/home.htm 404 is returned! Please help.
You say:
welcome page is ok but when I write /students/home.htm 404 is returned! Please help.
Your configuration only has one URL mapping, the one for /home.htm. You need to add additional mappings if you want /students/home.htm to point some where.
Check out the Handler Mapping section of the Spring docs for more info.
I'd like to have some init params in my web.xml and retrieve them later in the application, I know I can do this when I have a normal servlet. However with resteasy I configure HttpServletDispatcher to be my default servlet so I'm not quite sure how I can access this from my rest resource. This might be completely simple or I might need to use a different approach, either way it would be good to know what you guys think. Following is my web.xml,
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>RestEasy sample Web Application</display-name>
<!-- <context-param>
<param-name>resteasy.scan</param-name>
<param-value>true</param-value>
</context-param> -->
<listener>
<listener-class>
org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
</listener-class>
</listener>
<servlet>
<servlet-name>Resteasy</servlet-name>
<servlet-class>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.pravin.sample.YoWorldApplication</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
My question is how do I set something in the init-param and then retrieve it later in a restful resource. Any hints would be appreciated. Thanks guys!
Use the #Context annotation to inject whatever you want into your method:
#GET
public Response getWhatever(#Context ServletContext servletContext) {
String myParm = servletContext.getInitParameter("parmName");
}
With #Context you can inject HttpHeaders, UriInfo, Request, HttpServletRequest, HttpServletResponse, ServletConvig, ServletContext, SecurityContext.
Or anything else if you use this code:
public class MyApplication extends Application {
public MyApplication(#Context Dispatcher dispatcher) {
MyClass myInstance = new MyClass();
dispatcher.getDefautlContextObjects().
put(MyClass.class, myInstance);
}
}
#GET
public Response getWhatever(#Context MyClass myInstance) {
myInstance.doWhatever();
}