We are using wurfl-device-resolver to handle mobile devices that access our application and everything is working as a charm. However Internet Explorer is being detected as a mobile device. We already added the official web browser xml patch that is supposed to solve this but with no results. This is how the device resolver configuration looks like:
<mvc:interceptors>
<bean id="deviceResolver" class="org.springframework.mobile.device.mvc.DeviceResolverHandlerInterceptor">
<constructor-arg>
<device:wurfl-device-resolver root-location="/WEB-INF/wurfl/wurfl.zip" patch-locations="/WEB-INF/wurfl/web_browsers_patch.xml"/>
</constructor-arg>
</bean>
</mvc:interceptors>
Any ideas?
Related
I support a website that uses Spring Security (5.3.3.RELEASE). The site can't be displayed in iframe in other sites because of the following configuration
<security:headers>
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
Now I am asked to allow a few pages to be displayed in iframe in ANY other sites (not a specific list of sites). I looked at the Spring documentation, and it appears that I can add a bean in the following way:
<security:headers>
<security:frame-options policy="SAMEORIGIN" ref="bean_id"/>
</security:headers>
I am not able to find info about what interface or methods the bean (bean_id) must implement or whether it can be used to decide what pages are frameable. Any help or example is really appreciated.
The interface is of type AllowFromStrategy. But that interface is deprecated since the ALLOW-FROM is an obsolete directive that no longer works in modern browsers, see here. The alternative is to use CSP: frame-ancestors.
Spring Security has support for the Content-Security-Policy header. You can rely on the DelegatingRequestMatcherHeaderWriter implementation to add the headers only to specific pages, like so:
<http>
<!-- ... -->
<headers>
<header ref="headerWriter"/>
</headers>
</http>
<beans:bean id="headerWriter"
class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<beans:constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher"
c:pattern="/page-with-csp"/>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter"/>
</beans:constructor-arg>
</beans:bean>
I am using Spring MVC for a website with two languages: English and Chinese.
I have the following in the Spring context
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="lang" />
</bean>
I am able to see the language of the website changes if I select another language through a dropdown in the HTML interface.
Suppose I am viewing the website when its language is Chinese. I close the browser. Then I open the browser again and I enter the url of the website without the lang parameter in the URL.
Here is the issue: Chrome is able to remember what the language was when the browser was closed and use that language when the new browser window is opened. This is the behavior I want to have. However, Firefox does not. When I open it and enter the site url, it always shows the site in the site's default language (English in this case).
How can I make the Firefox (or other browsers) open the site with the language used when it was closed?
Thanks!
You also need to add a SessionLocaleResolver.
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="en" />
</bean>
If you do not add this then I'm pretty sure the default behavior is that the AcceptHeaderLocaleResolver will be used, which resolves the locale by checking the accept-language header in the HTTP request. This means your browser will make the determination, use your language preferences and send the language choice in the accept header.
If your application is stateless then you may need to use the CookieLocaleResolver instead.
After research, I found out the solution. I need to set locale resolver this way:
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="defaultLocale" value="en" />
<property name="cookieName" value="clientLang" />
<property name="cookieMaxAge" value="31556926" />
</bean>
Put it another, I need to give it life to persistent for some time by setting a value to cookieMaxAge. I tested it out in Firefox and Safari, it worked well. This thread has the credit:
When I used CookieLocaleResolver, I can set invalid cookie to crash spring web application
Cheers!
I m developing a spring web application .
I have put all my resources folder in webcontent folder and configured it in my dispatcher.xml
<mvc:resources location="/asset/" mapping="/asset/**" />
I have configured my startup page as following
<mvc:view-controller path="/" view-name="Framework/start"/>
My application is running fine and all the resources are also loading but not on the first run. Means when I deploy my application on tomcat7 and hit the url for the first time the css are not loaded also my href which is mapped to a controller is also not working but once I am logged in and logout everything works fine.
After lots of effort i concluded that the problem was not with the resource path but the problem was due to the interceptor . The authentication interceptor that i have added was called multiple times due to the request to the resources and as there was no session created till that time it was returning false.
Hence i exclude any calls to resources folder from the interceptor in the following way-
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/asset/**"/>
<bean class="com.model.AuthenticationInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
Also one imp thing mvc:exclude-mapping is added from spring 3.2 onwards so one need add the schema "http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"
I was advised that the proper way to load multiple share customisations was to create a custom bootstrap for it like so:
<!-- Provide extensions config -->
<bean id="MyCustomClientConfig" class="org.springframework.extensions.config.ConfigBootstrap" init-method="register">
<property name="configService" ref="web.config" />
<property name="configs">
<list>
<value>classpath:alfresco/web-extension/mycustom-config.xml</value>
</list>
</property>
</bean>
However the customisations in my custom share config, specifically making an aspect visible, does not seem to be working.
I'd like to find a log4j debugging key that I can enable or 'turn up' to get more debugging info out, ideally to see if this bootstrap, which is in a *-context.xml file is being loaded.
I'm deploying this code as an AMP if that's relevant, and I've placed the context file in config/alfresco/web-extension
I'm implementing a cache busting system for a Spring MVC application.
For this system to work, I have to strip the "cache busting code" from a given url. Let's say my generated cache busting code is "123" and I have a .css url that is: /public-123/css/style.css. In this example, I want /public/css/style.css to be succesfully called (-123 must be stripped).
This works in my "mvc-config.xml" context file:
<mvc:resources mapping="/public-123/**" location="/public/" />
But I would also like any cache busting code to work, even if it's not the current one. For example, I would also like /public-456/css/style.css to reach the style.css file.
If I try to add another wildcard to the mapping:
<mvc:resources mapping="/public-*/**" location="/public/" />
It doesn't work! I receive a 404....
How could I specify the "mapping" attribute so any code after the "public-" part is well managed?
One way to handle this is to use Spring EL, as shown in the Spring docs:
<mvc:resources mapping="/resources-#{applicationProps['application.version']}/**" location="/public-resources/"/>
You could probably store the "123" part in a properties file so it only gets set once. E.g. via property-placeholder:
<context:property-placeholder location="classpath:myApp.properties"/>
<mvc:resources mapping="/resources-${cache.code}/**" location="/public-resources/"/>
This has the advantage of being able to read this code in your JSP pages (to generate links) via the same properties value.
I managed to get this working by manually defining the ResourceHttpRequestHandler to handle assets that are located on the filesystem alongside the <mvc:resources /> tag:
<bean id="assetsResourceHandler" class="org.springframework.web.servlet.resource.ResourceHttpRequestHandler">
<property name="locations">
<list>
<bean class="org.springframework.core.io.UrlResource">
<constructor-arg value="file:#{applicationProps['assets.basedir']}"></constructor-arg>
</bean>
</list>
</property>
</bean>
I guess you're doing this to achieve cache busting for your static resources.
In the meantime, Spring 4.1 has dedicated features for this, so you can remove a lot of that custom configuration.
Something like this:
<mvc:resources mapping="/public/**" location="/public/"/>
<mvc:resource-chain resource-cache="true">
<mvc:resolvers>
<mvc:version-resolver>
<mvc:content-version-strategy patterns="/**"/>
</mvc:version-resolver>
</mvc:resolvers>
</mvc:resource-chain>
</mvc:resources>