I have a pretty basic vaadin application running. The application is spring-boot backed and I defined some rest API.
I've added OpenAPI documentation using org.springdoc:springdoc-openapi-ui:1.4.4, which worked perfectly before adding vaadin.
After adding the vaadin dependencies as shown in the vaadin spring-boot tutorial, and creating a view (which works), the swagger UI is no longer reachable.
It seems to me that vaadin completely takes over all web requests. Digging deeper, I've found that vaadin registers a new servlet and catches all requests.
I don't find any docs on how to configure this -- I'd expect that one could configure vaadin such that it serves UI from a different path, say /ui or similar.
I've tried to set
vaadin:
url-mapping: "/ui/*"
in my application.yaml -- but this results in blank pages (no errors) for my vaadin views,
and the vaadin servlet does still take over /.
I use spring.boot 2.3.2.RELEASE, vaadin 14.3.1.
The value to override is (note the camelCase instead of the kebab-case):
vaadin:
urlMapping: /ui/*
Using the kebab-case did (does) not work. As expected, this is a bug. See https://github.com/vaadin/spring/issues/637
From the docs at the point of time:
You can set properties for Spring Boot in your application.properties file.
Example: Setting Spring URL mapping in application.properties.
vaadin.urlMapping=/my_mapping/*
By default, URL mapping is /*.
An additional servlet, such as /my_mapping/*, is required to handle the frontend resources for non-root servlets. The servlet can be defined in your application class. See this Application class for a example.
Source: https://vaadin.com/docs/v14/flow/spring/tutorial-spring-configuration.html#using-spring-boot-properties
Related
I have an application with Vaadin 8 and Spring Boot. Currently, I'm in progress of adding authentication to this app. So, I enabled Spring Security and started tinkering with it. Basically, I followed this tutorial: https://vaadin.com/tutorials/securing-your-app-with-spring-security/setting-up-spring-security
The approach, described there, works fine, however, I'm slightly disturbed by the fact that /VAADIN/** path needs to be publicly available (otherwise, Vaadin doesn't work). I mean, of course, I have protected particular pages by their paths (e.g. /admin) and unauthenticated users won't be able to open them, but isn't exposure of /VAADIN/** path dangerous? What if some hijacker tries to send some request to the Vaadin servlet outside of the UI (by simply curling it) with some specific headers/parameters? Is it possible that by formatting such request in some malicious way, the data will be actually returned to this hacker, bypassing Spring Security?
but isn't exposure of /VAADIN/** path dangerous
It is not dangerous per ce. The framework itself has just some generic parts there, like static resources for the client, like the widgetset and theme. Having said that, it is of course to be noted it application design. For example you should not put something that includes confidential info in your app as ThemeResource, but use ClassResource instead and things like that.
I am looking for any ideas or PoC on how to integrate (specifically configure) Spring MVC and Vaadin (Framework 8) in one web application; preferably as a context hierarchy.
The use case is the Vaadin application as the root context "/" and the Spring MVC application on some other context "/m" (which will be used for server mobile-friendly views).
I have not been able to find any examples, partial or fully, that shows how this is achieved in the configuration (Spring Boot) and I'm constantly running into various problems with invalid context loading, unmapped MVC view references etc. depending on the examples I'm running.
I've looked into this from the perspective of this line in the Vaadin documentation, but have simply not found anything on these topics I can combine to make a solution.
It is possible to map both DispatcherServlet and SpringVaadinServlet to different context paths to use both simultaneously to e.g. support Spring MVC and Vaadin in the same application. If doing so, remember to also map the path “/VAADIN/*” to the Vaadin servlet for serving static resources.
I'm investigating a Spring Boot project generated by JHipster and found out that its request mappings aren't done via web.xml nor via Spring's #RequestMapping but like so:
ServletRegistration.Dynamic someServlet =
servletContext.addServlet("someServlet", new SomeServlet());
someServlet.addMapping("/someUrl");
someServlet.setAsyncSupported(true);
My questions are:
Are there any reasonable advantages of dynamic registration instead of classic mapping?
Is it spring-boot's standard of registering mappings or it's just a will of jhipster's owner?
Is someServlet.setAsyncSupported(true) just another way of making response.setHeader("Access-Control-Allow-Origin", "*")?
Is there any reasonable advantages of dynamic registration instead of classic mapping?
Dynamic servlet registration Servlet 3+ way of registering servlets. In Servlets 3 you can avoid creating web.xml and configure application in pure Java. It gives you some advantages like compile time check if everything is fine there and what's more important since you do it in Java code, you can do some additional checks or conditions - for example register particular servlet only if environment property is set or class is available on the classpath.
It's not a replacement for #RequestMapping. In case of Spring Boot you will use it most probably when you want to register some 3rd party servlet - like Dropwizard Metrics servlet in case of JHipster.
Is it spring-boot's standard of registering mappings or it's just a will of jhipster's owner?
There are at least 2 ways of registering additional servlets in Spring Boot. See answers here: How can I register a secondary servlet with Spring Boot?.
Your own controllers you map as usual with #RequestMapping.
Is someServlet.setAsyncSupported(true) just another way of making response.setHeader("Access-Control-Allow-Origin", "*")?
Nope. For setting this header you use usually CORSFilter (read more: Enabling Cross Origin Requests for a RESTful Web Service). asyncSupported flag is used to make servlet able to process request asynchronously.
I am trying exception handling in spring portlet based UI application,
I have used spring globalexception handling using #ControllerAdvice.
It works fine in servlet based application but its not working in portlet application.I have noticed that spring container has not processed #ControllerAdvice in portlet. I tried searching in internet on the same issue but no luck.
Is there any other way to handle exceptions in portlet applications?
Thanks in advance.
The Portlet support in Spring is rapidly declining, with very little code or documentation of such. You'll notice that the DispatcherPortlet auto-registers an instance of AnnotationMethodHandlerExceptionResolver, not the newer ExceptionHandlerExceptionResolver.
Even if you manually define an instance of the latter in your portlet.xml file, it won't get picked up by the DispatcherPortlet because it specifically looks for implementers of the org.springframework.web.portlet.HandlerExceptionResolver, which is a different hierarchy than the org.springframework.web.servlet.HandlerExceptionResolver (of which ExceptionHandlerExceptionResolver is a descendent).
We are starting a new project using Spring MVC, and we would like to move away from annotation-driven request/url mapping. We wish to implement the following use case:
Use Case A
User enters a URL.
The request mapping handler retrieves a list of mappings (e.g. from the DB), and based on this dynamic list of mappings, it calls the relevant controller.
This is because we want to be able to do the following as well:
Use Case B
We want to load a new Controller (perhaps a new reports module) into the web app without having to redeploy or do a server restart.
We will map this new Controller to a URL and persist it somewhere (most likely the DB).
We would like the Controller to be registered in the Spring app context (managed by Spring).
We would then like to use this new Controller in the request mapping.
We've taken an initial look at the different ways we can implement this, but we are unsure of the best architecture/method to go about this route. A couple of questions:
For Use Case A, how do we implement this within the Spring MVC framework (or if it's possible)?
For Use Case B, is there a good framework or way to be able to do dynamically loading and registering of this for web applications? We've taken a cursory look at OSGI but it seems to be advisable for use in non-web applications.
For Use case A :
Instead of DB you can keep the url mappings in a property file and then use property place holder to initialize beans using xml configuration on context up. This way remaining inside the spring framework, you can avoid annotations.
For Use Case B :
Tomcat supports dynamic reloading of classes but that to of only non structural changes in class file. But this has memory leaks as well as it doesnt cleans up old instance of class loader rather it creates a new instance.
Its quite achievable using spring-mvc-router API.
Please check below link
url-action mapping & routing in Spring MVC 3.0
Here the URL can be configured to controller.method using .conf file, but this can be achievable using java configuration, and i haven't tried so far.
Also if xml configuration chosen, then check out the property 'autoReloadEnabled', but its not adviceable for production use.
Hope this helps!!!