How can I get request url in spring expression language?
This is my piece of code from spring security configuration:
.antMatchers("/users/location/**").access("principal.locations.contains('locationIdFromUrl')")
My expression works but I don't know how get url variable after /location.
I need this variable to pass it into contains method.
The URL parameters cannot be accessed at Config Class, you can use filters to perform this task logically.
Pseudo code
.addFilterBefore(new DeviceResolverRequestFilter(), LocationAccessFilter.class)
Where LocationAccessFilter contains the logic of location access.
Ok, I solved my proble.
antMatchers("/users/location/{id}/**").access("principal.locations.contains(#id)")
Related
In my controller I have a ethod annotated by GetMapping and I want to validate the path variable. I tested the #max and #min. they were ok. but the thing is when I want to check when no path variable is not passed, I get 404 error code. meaning that i want to test the case like:
http://localhost:9090/api/mancala-game/last-state/
where there is nothing after the last /.
I want to get the exception in my ExceptionHandler class.
any ideas?
thank you
You should send path variable , in the url it self otherwise you will throw 404 error .
when your are not sending path variable it will be a different API:
in your case : http://localhost:9090/api/mancala-game/last-state/
and this url is not pointing to any handling method in your controller, So you will get 404 error.
I think http://localhost:9090/api/mancala-game/last-state/ and
http://localhost:9090/api/mancala-game/last-state/{key} is two api.
you can create /last-state and /last-state/{key}
What you want to do is add a wildcard ** at the end of the REST endpoint api/mancala-game/last-state/ at the place where you call the antMatchers() method for this REST endpoint. For example:
.authorizeRequests().antMatchers(HttpMethod.GET, "api/mancala-game/last-state/**").permitAll() //Other antMatchers after this..
I have seen this answer
but it does not help my case.
I have a class that implements an HttpServlet. Now I want to place a URL inside it so that it has the following pattern: resource/identifier/resource.
For example, I want to make this REST call: http://example.com/owners/1234/dogs
I tried to place a URL like this in the servlet: http://example.com/owners/*/dogs, but the call never reached the servlet and was not handled.
If I understood well you want your servlet to be mapped to something like /owners/*/dogs.
Well, unfortunately Servlets can only use wildcards at the beginning or end of the mapping. So you would have to map it to /owners/* and then using request.getPathInfo() parse the rest of the url to extract the path info.
Your best options are to use the standard JAXRS or Spring MVC, both of which support path variables.
I am learning JAVA and Spring Framework. I wanted to know that is it possible in java to create Dynamic URL in spring framework using values from url and fetching from database.
I am trying to make URL Shortner in Java and I will need to lookup for url's short code in my database and as we all know, url shortner will look like "url/ShorTCode" and my script will look for "ShorTCode" keyword in database and will redirect to associated weblink.
So I wanted to know that is it even possible in JAVA and Spring? And one more thing, if I make something like this "url/yt/VIdeoCode" or "url/fb/UserProfile"
So it will look at yt object which will redirect to youtube link only and fb object which will redirect to facebook user profile.
I want to clarify that I am still learning JAVA, JSP and Spring but I want to keep this thing in my mind while I am learning so I can focus on some particular things.
Thank you all fro helping me.
If you're asking how your controller could respond with a dynamic redirect, the answer is either:
(1) Have the controller return a "redirect:" result instead of view name. It must be followed with an absolute url, and behavior might depend on your spring version and configuration, but basically it looks like this:
#RequestMapping(...)
public String myMethod(){
String url=... // database lookup, e.g. "http://myUrl"
return "redirect:"+url;
}
(2) Less elegant but sometimes useful: get direct access to the response. If your controller method has a parameter of type HttpServletResponse spring will automatically inject it. So:
#RequestMapping(...)
public String myMethod(HttpServletResponse resp){
...
response.sendRedirect(...)
}
I'm trying to secure certain parts of a REST service using Spring Security 3.2 using JavaConfig and no XML. In particular I would like to limit access to an end point to be anonymous for a POST operation, and for all other operations to default to the rest of my configuration.
I've checked the Spring Security API docs and their reference documentation, however, I'm not seeing anything that does the equivalent of restricting an access check based on the HTTP method. For example, in XML you can do something like:
<intercept-url pattern="/users/**" method='POST' />
But I see nothing similar in the JavaConfig builders. Is it possible to do this without XML?
Thanks!
Edited 5/20/2014: Changing sample XML to only show the HTTP method.
You can do something like the following:
.antMatchers(HttpMethod.POST, "/users/**").access("hasRole('ROLE_ADMIN')")
You can use annotation #Secured. For detail , you can scan http://www.studytrails.com/frameworks/spring/spring-security-method-level.jsp
I've one spring controller which is setting some values to request and shows a jsp page. For the view part we use tiles. The result page has 3 parts, header , content and footer jsp's.
This header jsp use a java file and i want to access the attributes created by the first spring controller from this file. Is there any way to do that without using session?
When I tried request.getAttribute, it gives null. I think it's because it's not an immediate file after the request values setting.
As long as everything runs in the same request and the controller code is executed before the view part, setAttribute() should work. To debug issues like that, use a Filter which dumps the request URL and attributes to the console or the log.
If those calls are in different requests, you have two options: The session and a Spring bean (use a session bean or your own implementation). I prefer beans since they are type safe and they allow me to separate my code from the Servlet API which is complex to test.
You'll really need to put some code to get a code answer but unless you're using JSP scriptlets I'm guessing this is a Java bean that you're using in the header. This of course cannot access the request (hence the session) nor should it really. What you probably want to do is convert it to a tag library if you want it to have access to the request/session.