Is there any configuration in Spring Boot to make multiple slashes in a url unreachable?
Or how to make controller methods handle only correct path values?
Example (such requests should not be handled):
/api/v1/hello//world
/api/v1/hello/../hello/world
Related
I have setup the property server.servlet.context-path=/xyz in the application.properties file so all my endpoint have a prefix of /xyz. Now, I want to create an endpoint that should not have /xyz as the prefix(as an exceptional scenario). How can I achieve that?
Technically it is not possible because spring boot has only one DispatcherServlet which is a front controller, if you want two different paths then you can use #RequestMapping annotation on two different controllers`
Still of you want two different context-paths then you should have two DispatcherServlet's
Existing #RequestMapping annotation can only delegate request path to different controllers & methods but not checking request domain itself.
Is it possible to set spring boot to handle request from "www.domainA.com" & "www.domainB.com" to respond differently by using the different controller?
Thanks.
Browsers send the Domain in the HTTP Header "Host".
#RequestMapping.headers can be used to match only requests for a specific domain.
I'm inserting a Spring Cloud Config server directly into my existing Spring Boot App, by adding the module dependency and #EnableConfigServer. Everything works as expected except I just realized that the config server URL mapping is hijacking some of my existing API endpoints due to they are sharing the same server.port
For example, I had an existing page at v1/docs/index.html, and this will be now mapped automatically to org.springframework.cloud.config.server.environment.EnvironmentController#labelled which has
#RequestMapping("/{name}/{profiles}/{label:.*}")
public Environment labelled(#PathVariable String name, #PathVariable String profiles,
Wondering is there anyway I can separate config server to a different port? Or add a special prefix to it to avoid URL mapping conflicts? Or given the current configurability it's just a bad idea to utilizing existing API servers as a config server?
Found the answer I need after reading the document more carefully:)
https://cloud.spring.io/spring-cloud-config/spring-cloud-config.html#_spring_cloud_config_server
To change the location of the server endpoints you can (optionally) set spring.cloud.config.server.prefix, e.g. "/config", to serve the resources under a prefix. The prefix should start but not end with a "/". It is applied to the #RequestMappings in the Config Server (i.e. underneath the Spring Boot prefixes server.servletPath and server.contextPath).
I'm investigating a Spring Boot project generated by JHipster and found out that its request mappings aren't done via web.xml nor via Spring's #RequestMapping but like so:
ServletRegistration.Dynamic someServlet =
servletContext.addServlet("someServlet", new SomeServlet());
someServlet.addMapping("/someUrl");
someServlet.setAsyncSupported(true);
My questions are:
Are there any reasonable advantages of dynamic registration instead of classic mapping?
Is it spring-boot's standard of registering mappings or it's just a will of jhipster's owner?
Is someServlet.setAsyncSupported(true) just another way of making response.setHeader("Access-Control-Allow-Origin", "*")?
Is there any reasonable advantages of dynamic registration instead of classic mapping?
Dynamic servlet registration Servlet 3+ way of registering servlets. In Servlets 3 you can avoid creating web.xml and configure application in pure Java. It gives you some advantages like compile time check if everything is fine there and what's more important since you do it in Java code, you can do some additional checks or conditions - for example register particular servlet only if environment property is set or class is available on the classpath.
It's not a replacement for #RequestMapping. In case of Spring Boot you will use it most probably when you want to register some 3rd party servlet - like Dropwizard Metrics servlet in case of JHipster.
Is it spring-boot's standard of registering mappings or it's just a will of jhipster's owner?
There are at least 2 ways of registering additional servlets in Spring Boot. See answers here: How can I register a secondary servlet with Spring Boot?.
Your own controllers you map as usual with #RequestMapping.
Is someServlet.setAsyncSupported(true) just another way of making response.setHeader("Access-Control-Allow-Origin", "*")?
Nope. For setting this header you use usually CORSFilter (read more: Enabling Cross Origin Requests for a RESTful Web Service). asyncSupported flag is used to make servlet able to process request asynchronously.
My Spring Dispatcher servlet url-pattern is /* (as spring MVC REST suggests)
Now all the request are resolved by this Servlet. even CSS/JS/Images also get resolved and handled by servlet..
So, Spring MVC tries to find controller.. :(
How to bypass this? Is there any standard way out of this problem??
& Don't want to change url-pattern to /rest/* (so, other static resources get accessed by /css/ or /js etc.)
You can map your controllers to a smaller set of URLS (i.e. /app/*), and then rewrite the URLs that your users actually see so that they don't even know about. Have a look at the mvc-basic webapp sample, particularly web.xml and urlrewrite.xml to see how this is done.
Map the Spring dispatcher to some subsection of the URL space, and use Tuckey to rewrite URLs the user deals with.
http://www.example.org/app/controller/action -> http://www.example.org/controller/action
Just a heads-up update on this: the default rewrite configuration as defined in the Spring sample did not work out of the box for me. The rewrite rules for stylesheets, scripts, etc. were still processed to the /app/* rule, and subsequently handled by the DispatchServlet, which is not desirable.
I had to add the last="true" attribute to the styles/scripts/images rules to indicate that other rules should not apply, and I had to use the FreeMarker Spring URL macro in any CSS/JS include paths.
Just in case someone encounters the same problem.