We Keep Coding

Swagger custom documentation

Is there a way to generate a README.md file from swagger? I would like to put similar details that would be found in swagger web page plus some custom comments.
Also, is there a way to make a aggregator swagger web page? I want to have the all swagger web pages from all micro services also in a single place. This could enable me to take higher picture notion of my system and maybe do some queries like "how
many ways certain entity can get this another entity?".

Regarding README.md file - not sure what information you want to include in it, but you can write your own method which will do it using Swagger Parser in order to get required information from Swagger specification.
Regarding aggregated swagger - you can use Swagger-aggregate for this purpose.

Auto-generating frontend and backend validation for Angular/Java

I hope my question is not too broad.
Our application has an Angular frontend and a Java backend and
we need both frontend and backened validation. At the moment, we manually code
validators in Typescript and Java that basically do the same thing.
Since that is not only tedious but also error-prone, we would like to define once (maybe in a JSON file)
which input fields have which constraints and ideally use a piece of software that auto-generates
Java and Typescript code based on that definition.
My question is: are there any open-source/commercial software solutions that take care of this?
It seems like a common enough problem, but I haven't come across
a proper solution yet. JSON schema seemed promising and since we're using swagger
anyway, I'd hoped that swagger-codegen would automatically take the supported JSON-schema keywords as constraints into account,
but I haven't figured out how it works. When I generate Angular code, constraints such as 'minimum' and 'maximum' are completely ignored,
and when I generate Java SpringBoot code, they only show up as annotations.

This is exactly what JSON Schema is designed for. Open API (swagger) modifies JSON Schema for it's own purposes, which doesn't include validation.
JSON Schema has validator implementations in most major languages allowing you to use the same schema to do the same validation on the front end and the back end. http://json-schema.org/implementations.html
Unfortunately, you likely won't be able to use the same schemas you use for your Open API service definition. I'm not aware of any validator implementations that support Open API's flavor of JSON Schema. I understand that Open API is trying to close the gap between their definition and JSON Schema, but a gap still exists.

Extract JSON-LD from HTML using Apache Any23

My aim is to extract structured data from webpages. I'm using the code mentioned in this SO question. I'm using Apache Any23 CLI library dependency in my Spring project.
By using this, I'm able to extract the HTML5 Microdata (Schema.org) from webpages. But, I can't extract the JSON-LD format present in the webpages. When I checked Apache Any23's documentation, JSON-LD format is supported in it. Didn't find any further documentations on it.

Usually, if you create a new Any23 extractor with new Any23() it should work out of the box. If you use another constructor like Any23(String... extractorNames) you have to make make sure that the correct one is added for embedded JSON LD, which is "html-embedded-jsonld".
Now if there are any errors in the extraction process, Any23 drops them silently. (It's great, I know!)
I found it is possible to set a breakpoint in the org.apache.any23.extractorExtractionResultImpl method notifyIssue. With this you may be able to find a more detailed reason for your problems.

swagger codegen keyword additions

I have to maintain a project that uses Swagger to codegen the api interface. Looking at the model.mustache, I see this:
{{#models}}
{{#model}}{{#description}}
/**
* {{description}}
**/{{/description}}
and a bunch of other keywords like enum, defaultValue, vars, package, etc. Where do these come from? I've been scouring the internet trying to find swagger documentation on this but I cannot find anything. Lots of the links that refer to swagger info on github return 404 pages. In the end, what I want to be able to do is to have a property exist in my actual .json file that swagger is using to generate the interfaces and models to conditionally generate code. I saw that there is the
{{#property}}{{/property}}
{{^property}}{{/property}}
notation for if/else statements, but it doesn’t work on any property of my own .json. For example, in my json I have an id field. So if I wanted to do a contrived example
{{#id}}System.out.println(“test test”);{{/id}}
won’t work because swagger does not recognize the id tag. So my question is, can I add these tags?

there are lots of tools to help out. If you see broken links, please submit issues to the swagger-codegen project.
As of 2.1.x-M1, swagger-codegen has a very helpful "debug" mode which lets you list all the possible values for your environment. You can invoke it as follows:
java -DdebugModels -jar {path-to}/swagger-codegen-cli.jar generate {opts}
The supported debug flags are:
-DdebugModels: outputs the variables for each model discovered by codegen
-DdebugOperations: outputs the variables for each operation
-DdebugSupportingFiles: shows supporting file data (anything but models or operations)
-DdebugSwagger: shows the parsed swagger representation
I do see that these are missing from the README. Will make sure they get added.

Validating input text in web forms with esapi

how could I use ESAPI to check for unsafe input texts in web forms ? My application is built using struts 1.X, so I assume the validations should be added to Actions classes. Any samples / tutorials you recommend ? Thanks.

For something as specific as that there is not usually going to be great tutorials out.
Hopefully I am wrong about this, but I would have to suggest their wiki due to lack of good resources.
I was looking to find input validation for you... seems they don't even have that up themselves. I coudn't find any information on it either. The videos below might have it or I would email them if it provides no real good answer. They should be able to put you in the right direction... and if you do that do us all a favor and demand they update their wiki!
Email: jeff.williams%owasp.org#gtempaccount.com (Leader, owner)
Since that email doesn't look right though I would also check this one.
Email: kevin.w.wall#gmail.com (Owner, coder of crypto libs)
Their are these youtube video's that might help. They even mention that their are not a lot of good resources to teach you how to use ESAPI, but said they hope to fix that in these four videos.
http://www.youtube.com/watch?v=suphwAsb-To
http://www.youtube.com/watch?v=13O9RyjuB3o
http://www.youtube.com/watch?v=_B2kv2mSJhE
http://www.youtube.com/watch?v=mMW4fiUI5kQ
Hope it helped!

Validation of form fields normally is done in the ActionForm class. There are all input values available and all validations can be done there. A tutorial (one of many available) cna be found here Struts form validation and error handling. More can be found using google (struts validation).

I have been working with the ESAPI library for a few months now. The library cannot do too much to validate your input, since it cannot know what the input could be or should be. That is especially true when you factor in all the international characters that could be in legitimate user input.
We use the ESAPI library mostly for encoding server output. The purpose is to send user (or possible attacker) input back to the browser in such a way that it cannot be executed. Instead HTML or JavaScript interprets it as text only.
That is why both my validation and ESAPI's encoding of user input are important for security.