Here's what I'm trying to do:
Set up a Tomcat 7 server programmatically - that works with a simple servlet. I'm defining Tomcat's endpoints from within the code only, there are no settings nor routers on the file system (this is a constraint).
Have the said Tomcat server include a websocket server endpoint using Javax Websockets API (1.1) - that doesn't work.
My app/server entry point:
package com.myapp;
import java.io.File;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.deploy.FilterDef;
import org.apache.catalina.deploy.FilterMap;
import org.apache.catalina.startup.Tomcat;
public class App
{
public static void main(String[] args) throws LifecycleException
{
int port = 8080;
Tomcat webServer = new Tomcat();
webServer.setPort(port);
webServer.setHostname("localhost");
String appBase = ".";
webServer.getHost().setAppBase(appBase);
File docBase = new File(System.getProperty("java.io.tmpdir"));
Context context = webServer.addContext("", docBase.getAbsolutePath());
// both MyServlet and MyFilter exist and work.
Class servletClass = MyServlet.class;
Tomcat.addServlet(context, servletClass.getSimpleName(), servletClass.getName());
context.addServletMapping("/my-servlet/*", servletClass.getSimpleName());
Class filterClass = MyFilter.class;
FilterDef myFilterDef = new FilterDef();
myFilterDef.setFilterClass(filterClass.getName());
myFilterDef.setFilterName(filterClass.getSimpleName());
context.addFilterDef(myFilterDef);
FilterMap myFilterMap = new FilterMap();
myFilterMap.setFilterName(filterClass.getSimpleName());
myFilterMap.addURLPattern("/my-servlet/*");
context.addFilterMap(myFilterMap);
webServer.start();
webServer.getServer().await();
}
}
My websocket server endpoint class:
package com.myapp;
import java.nio.ByteBuffer;
import javax.websocket.OnClose;
import javax.websocket.OnError;
import javax.websocket.OnMessage;
import javax.websocket.OnOpen;
import javax.websocket.PongMessage;
import javax.websocket.Session;
import javax.websocket.server.ServerEndpoint;
#ServerEndpoint("/web-socket/")
public class WebSocket
{
#OnOpen
public void onOpen()
{
System.out.println("Open Connection ...");
}
#OnMessage
public static void onTextMessage(Session session, String msg) {
System.out.println("On Message for Web Socket");
}
#OnMessage
public void onBinaryMessage(Session session, ByteBuffer msg){
System.out.println("On Message for Web Socket");
}
#OnMessage
public void onPongMessage(Session session, PongMessage pMsg) {
System.out.println("On Message for Web Socket");
}
#OnClose
public void onClose(Session session) {
System.out.println("Connection Close for Web Socket");
}
#OnError
public void onError(Throwable e)
{
e.printStackTrace();
}
}
I'm using Maven, and I'm including the WebSocket API with <scope>provided</scope>, as I've seen in other questions that this was the root of other problems.
When I run the server, I can hit the my-servlet endpoint successfully (as a web page, of course), but when I try to create a WS object, simply within the browser's dev console using var webSocket = new WebSocket("ws://localhost:8080/web-socket"), it says that it can't hit the endpoint:
WebSocket connection to 'ws://localhost:8080/web-socket' failed: Error during WebSocket handshake: Unexpected response code: 404
My question: What am I missing? The error message (from Chrome) suggests that the endpoint isn't registered (hence the 404). How do I register the websocket ServerEndpoint? Thanks!
EDIT:
Here's my implementation of MyServlet class:
package com.myapp;
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class MyServlet extends HttpServlet
{
#Override
protected void doGet(
HttpServletRequest req,
HttpServletResponse resp) throws IOException
{
resp.setStatus(HttpServletResponse.SC_OK);
resp.getWriter().write("Works...");
resp.getWriter().flush();
resp.getWriter().close();
}
}
And here's my implementation of MyFilter:
package com.myapp;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class MyFilter implements Filter
{
#Override
public void init(FilterConfig filterConfig)
{
// ...
}
#Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.addHeader("myHeader", "myHeaderValue");
chain.doFilter(request, httpResponse);
}
#Override
public void destroy()
{
// ...
}
}
Try this to manually add web socket endpoint:
String serverContainerClass = ServerContainer.class.getName();
//should be "javax.websocket.server.ServerContainer", if not, some external package could have hogged the implementation
final ServerContainer serverContainer = (ServerContainer) context.getServletContext().getAttribute(serverContainerClass);
try
{
serverContainer.addEndpoint(WebSocket.class);
}
catch (DeploymentException e)
{
TraceWriter.Error(this, "Failed to initialize websocket", e);
}
You should put this code after you add servlet to context
Related
I am using core java for my rest service. Based on my requirement I cannot use spring boot for rest endpoint.
I achieved implementing http endpoint from core java.
But I cannot enable HTTPS via core java application.
I have .p12 file with me. Is there any way to enable HTTPS for Core java application ?
Below is my code
import java.net.InetSocketAddress;
import com.sun.net.httpserver.HttpServer;
public class Sample {
public static void main(String[] args) {
try {
HttpServer server = HttpServer.create(new InetSocketAddress(8080), 0);
server.createContext("/endpoint", new CustomHttpHandler());
server.setExecutor(null);
server.start();
} catch (Exception e) {
e.printStackTrace();
}
}
}
CustomHttpHandler
import java.io.IOException;
import java.io.OutputStream;
import com.sun.net.httpserver.*;
public class CustomHttpHandler implements HttpHandler {
#Override
public void handle(HttpExchange res) throws IOException {
String response = "Response from server";
res.sendResponseHeaders(200, response.length());
OutputStream outputStream = res.getResponseBody();
outputStream.write(response.getBytes());
outputStream.close();
}
}
I have a server on port = 8078 and spring boot actuator on port = 8081.I want to disable TRACE Http method on both. I already create customizer bean(see below). But with this bean I disallowed only Trace on 8078. It's looks like actuator doesn't see this bean. How to disable TRACE http method on management server?
#ManagementContextConfiguration
public class CustomUndertowCustomizer {
#Bean
public WebServerFactoryCustomizer<UndertowServletWebServerFactory> undertowCustomizer() {
return (factory) ->
factory.addDeploymentInfoCustomizers(deploymentInfo ->
deploymentInfo.addInitialHandlerChainWrapper(handler -> {
HttpString[] disallowedHttpMethods = {HttpString.tryFromString("TRACE"),
HttpString.tryFromString("TRACK")};
return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
}));
}
}
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
#Component
public class Filter extends OncePerRequestFilter {
#Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain)
{
try {
if (req.getMethod().equals("TRACE")) {
res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else {
filterChain.doFilter(req, res);
}
} catch(Exception e){}
}
}
A question for spring-boot gurus!
Use Case:
I want my application to behave differently depending on following routes:
/ no authentication, no authorization
/render authorization via a json web token (jwt) sent as an URL parameter (I know, it's weird)
any other routes: authorization via a json web token (jwt) sent as an URL parameter (I know, it's weird)
The secret for the jwt is stored as an element of the application configuration (application.yaml) (I'm aware that this is not best practice, it's a demo app so I don't care)
I'm using SpringBoot 2.0.5 and io.jsonwebtoken as the jwt library.
I've implemented it using a Servlet Filter, and it is working, but it feels really ugly. I couldn't find a way to say 'Apply this Servlet Filter to all endpoints except this list'. I've resorted to including the logic within the doFilter method, but this seems really ugly.
Is there a 'best practise' for this?
My current code is as follows:
SecurityConfiguration
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
#Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/render").permitAll()
.anyRequest().authenticated();
httpSecurity.headers().frameOptions().disable();
}
}
WebConfigurer
import org.springframework.boot.web.servlet.ServletContextInitializer;
import org.springframework.context.annotation.Configuration;
import javax.servlet.DispatcherType;
import javax.servlet.FilterRegistration;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import java.util.EnumSet;
#Configuration
public class WebConfigurer implements ServletContextInitializer {
#Override
public void onStartup(ServletContext servletContext) throws ServletException {
EnumSet<DispatcherType> disps = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.ASYNC);
initFilter(servletContext, disps);
}
private void initFilter(ServletContext servletContext,
EnumSet<DispatcherType> disps) {
FilterRegistration.Dynamic myFilter =
servletContext.addFilter("myFilter",
new JWTAuthenticationFilter());
myFilter.addMappingForUrlPatterns(disps, true, "/app/*");
myFilter.setAsyncSupported(true);
}
}
JWTAuthenticationFilter
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.TextCodec;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
#Component
public class JWTAuthenticationFilter extends GenericFilterBean {
#Value("${security.jwt.token.secret-key}")
private String secret;
#Override
public void doFilter(ServletRequest req,
ServletResponse res,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
try {
String path = request.getRequestURI();
if (!path.equals("/")) {
String jwsString = request.getParameter("jwt");
Jws<Claims> jws;
String base64_encoded_secret = TextCodec.BASE64.encode(secret);
jws = Jwts.parser()
.setSigningKey(base64_encoded_secret)
.parseClaimsJws(jwsString);
}
} catch (Exception e) {
System.out.println(e);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication failed");
SecurityContextHolder.clearContext();
}
filterChain.doFilter(request, response);
}
}
Found the solution! I used a FilterRegistrationBean. There is no way to exclude URLs. My solution is to put all the app under the app/ directory, so I didn't need to put a filter on the root /.
#Bean
public FilterRegistrationBean FilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(1);
registration.addUrlPatterns("/app/*");
return registration;
}
I'm having trouble connecting to a websocket in Java. My code worked previously when I ran a server endpoint on localhost port 8080, but when I'm trying to connect to a websocket I found online, i'm getting
javax.websocket.DeploymentException: The HTTP response from the server [HTTP/1.1 200 OK] did not permit the HTTP upgrade to WebSocket
I tested the ws endpoint by using Simple Websocket client chrome extension and I'm getting a response. So the server is definitely working properly.
My client code:
package clientendpoints;
import javax.websocket.ClientEndpoint;
import javax.websocket.CloseReason;
import javax.websocket.DeploymentException;
import javax.websocket.OnClose;
import javax.websocket.OnMessage;
import javax.websocket.OnOpen;
import javax.websocket.Session;
//import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URI;
import java.util.logging.Logger;
#ClientEndpoint
public class MyClientEndpoint {
private Logger logger = Logger.getLogger(this.getClass().getName());
Session session = null;
public MyClientEndpoint(String endpointURI) {
//start connection
javax.websocket.WebSocketContainer container = javax.websocket.ContainerProvider.getWebSocketContainer();
try {
container.connectToServer(this, new URI(endpointURI));
} catch (Exception e) {
e.printStackTrace();
}
}
#OnOpen
public void onOpen(Session session) {
logger.info("Client onOpen..." + session.getId());
this.session = session;
}
#OnMessage
public void onMessage(String message, Session session) {
logger.info("MyClientEndpoint log: " + message);
}
#OnClose
public void onClose(Session session, CloseReason closeReason) {
logger.info(String.format("Session %s close because of %s", session.getId(), closeReason));
}
And I call it with
MyClientEndpoint client = new MyClientEndpoint(MY_SECRET_ENDPOINT);
i want to create an embedded jetty server (not maven, gradle etc.) to test a spring rest service.
Therefor i created an EmbeddedServer class. But unfortunately invocation of the rest service leads always to an http 404 error. What doing wrong?
The rest service works fine with tomcat (not embedded).
Im using the following dependencies:
"org.eclipse.jetty:jetty-server:8.1.17.v20150415"
"org.eclipse.jetty:jetty-webapp:8.1.17.v20150415"
Here is the EmbededServer class:
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.webapp.WebAppContext;
public class EmbeddedServer {
private Server server;
public void start() throws Exception {
this.server = createServer();
this.server.start();
}
public void stop() throws Exception {
this.server.stop();
this.server.join();
this.server.destroy();
}
private Server createServer() {
final Server server = new Server(8080);
final WebAppContext context = new WebAppContext();
context.setContextPath("/");
context.setResourceBase("src/main/webapp");
context.setDescriptor("src/main/webapp/WEB-INF/web.xml");
context.setParentLoaderPriority(true);
context.setServer(server);
server.setHandler(context);
return server;
}
}
And the test class:
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.net.URI;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
public class SimpleTest {
private HttpClient client;
private EmbeddedServer server;
#Before
public void before() throws Exception {
this.client = new DefaultHttpClient();
this.server = new EmbeddedServer();
this.server.start();
}
#After
public void after() throws Exception {
this.server.stop();
}
#Test
public void invokeHello() throws Exception {
final HttpResponse response = invokeGetRequest("http://localhost:8080/hello");
verifyResponse(response, 200, "hello");
}
private HttpResponse invokeGetRequest(final String path) throws Exception {
final URI wsAddress = new URI(path);
final HttpGet method = new HttpGet(wsAddress);
return this.client.execute(method);
}
private void verifyResponse(final HttpResponse actualHttpResponse, final int expectedHttpCode, final String expectedResponse) throws IOException {
assertThat(actualHttpResponse.getStatusLine().getStatusCode(), equalTo(expectedHttpCode));
final String actualResponse = EntityUtils.toString(actualHttpResponse.getEntity(), "UTF-8");
assertThat(actualResponse, equalTo(expectedResponse));
}
}
This test fails with:
java.lang.AssertionError:
Expected: <200>
but: was <404>
Path of ResourceBase and Descriptor must be absolute.
context.setResourceBase("c:/myapp/src/main/webapp");
context.setDescriptor("c:/myapp/src/main/webapp/WEB-INF/web.xml");