I'm currently using DataFetcher for GraphQL-Java in Springboot based on the tutorial here. This works well, but I'm looking for another way to get the endpoints without implementing DataFetchers, as it seems like extra work where I have to (1) implement the resolver method, then (2) create a separate method for the corresponding DataFetcher. Is there another way to consolidate this to expose my GraphQL API a la some form of Rest controller? I have looked around quite a bit but haven't found any workable solution. Preferably (not sure if it's related) there would be a better way of annotating the endpoint as well (currently provided in the linked example with RuntimeWiring, which I'm hoping to remove as well).
In short, I would like, in Springboot, to not need for RuntimeWiring and DataFetcher (primarily this so as to remove double code for the same method and improve maintainability), and instead have another way to configure the global REST controller for my GraphQL-Java code, while also having another way to annotate the endpoint (maybe some annotator on top of the implemented methods).
Thanks!
Managed to fix it by using graphql.kick.start.tools' SchemaParser and GraphQLResolver as follows:
return SchemaParser.newParser()
.files(schemaFiles)
.scalars(scalars)
.resolvers(resolvers)
.dictionary(typeDictionary)
.build()
.makeExecutableSchema();
where the resolvers were implemented using this amazing plugin as codegen.
Related
how can I organize the swagger annotations, for example I have an endpoint that catches all the users, so the swagger statements were huge. Is there any way I can organize this in another file to be more organized?
One of strategies often used is creating an interface (e.g. PersonApi in your case) and moving all swagger annotations there. The actual controller should implement this interface.
In regard to the error responses: you may consider adding them programatically to all operations/endpoints using OpenApiCustomiser.
Hi we are implementing ABAC over SpringSecurity (looks same as Axiomatics solution). So we would like to define custome expression and customize underlaying mechanisms. e.g. #PreAuthorize("myexpression").
At this point I'm trying understand how can I get information about the target method (the JoinPoint): name, class, parameters. I didn't find how to do it for SpringSecurity customization.
As I Inderstand, other solution may be implemention based direct on AOP e.g. #Around, however I would like to try first to find out if the Spring Security can provide me a way to get somehow JoinPoint it self, isn't it implemented over AOP ?
If anyone have an example, thanks.
I would recommend checking out the new support for #PreAuthorize in Spring Security 5.6 with #EnableMethodSecurity. See the reference docs for information on how to customize the interceptors. There are numerous places you can hook into this support based on your requirements using delegation or fully replacing components with your own implementation.
In your case, it seems the most likely place to start would be creating an #Bean to replace the AuthorizationManagerBeforeMethodInterceptor:
#Bean
#Role(BeanDefinition.ROLE_INFRASTRUCTURE)
Advisor preAuthorizeAuthorizationMethodInterceptor() {
PreAuthorizeAuthorizationManager authorizationManager = new PreAuthorizeAuthorizationManager();
authorizationManager.setExpressionHandler(...);
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(authorizationManager);
}
You will have to implement the MethodSecurityExpressionHandler, but you can use delegation to re-use the DefaultMethodSecurityExpressionHandler for anything you don't want to implement yourself.
I am trying to change the displayed method order in swagger-ui page using java.
I need to show first welcome later hello controller method.
Below is my code.
In the #ApiOperation annotation you have an attribute position that you can set to change the order. Note that the attribute is deprecated but still works.
As you can read here the core developer of spring-fox states the problem very clear:
Just to be clear, we have an internal model that totally works as
expected and functional. The api descriptions and api operations will
be sorted as expected from springfox's standpoint. We're only using
the swagger models as DTOs to handle the serialization of our internal
service models. Once the DTO's are fixed to preserve the ordering this
problem will go away.
We can certainly add a note to describe the problem and the cause to
the Readme. Other than waiting for swagger core to fix this, there is
nothing to do here other than that I'm afraid.
So unless the Open API will fix/ enhance their models it will not work for spring-fox.
Default -
{controller-name}-controller
For Custom Name Add -
#Tag(name="1. YOUR CUSTOM NAME HERE")
on the Controller Class. Remember, we have used 1 in the name so that it can be on the top.
Example -
#RestController
#Tag(name="1. Project Resource")
public class ProjectResource {...}
Add the following to the application.yml file
springdoc:
swagger-ui:
tagsSorter: alpha
Result -
Hello first things first: Im using play framework 2.2.3 for java.
Basic tutorial about authentication in play shows how to use Annotation Security.Authenticated. The problem is that whole my application (besides login and registry forms) needs to be secured.
Now I thought of overloading GlobalSettings onRequest method and include my authentication inside, so every single call of an action would perform authentication check.
But I was told its not elegant way and was told to create another annotation similar to Security.Authenticated, but working on a whole class instead of method, and put it into my custom abstract controller class, so all my controllers that extends it will inherit this annotation.
Now I'm wondering how to make this annotation. Any tips ? Where should I start ? I know basics, how to code annotation itself, but i dont know where is right place to get annotations of controllers class to check if it contains my custom annotation, and perform authentication if so.
If you're looking for an authorization + authentication plugin for Play that can secure the whole class, and hence all the action methods within it, try SecureSocial. It has its own set of annotations, and securing every action method in a class is as easy as doing:
#SecureSocial.SecuredAction
public class MyController extends Controller {
Yes it's a little bit more work than intercepting the request and doing your check there, but its a more flexible method in case you'd like to "unsecure" some of the actions later on.
I am trying to learn REST web services. But it seems to use annotations every where. Is there any implementation of Rest framework without using annotations.I have no idea about annotations.
Thanks
REST does not use annotations. REST is just a spec of good wishes. It does not dictate anything. You are right: the most of existing implementations user annotations. And IMHO it is good.
But if you do not want to use them implement REST yourself. It is easy. For POST create servlet that impelments doPost(). Extract data from URL. Call underlying layer with these parameters. For GET method implement doGet() that does pretty the same.
This is the idea of REST. Nothing more. What frameworks do is just the parsing of the arguments and marshalling/unmarshalling of data. But if you data is marshalled as XML or JSON (or any other format) you can implement all this yourself very quickly.
Happy RESTing!