Is there a way to enforce usage of HTTPS protocol, i.e. disable usage of plain HTTP protocol within the RestTemplate client in Spring?
I have this client as an abstract class and there are numerous implementations using it. So filtering input parameters for URI protocol http is not such a good idea.
Is there a way to achieve this using ClientHttpRequestFactory or similar?
Thank you,
Josef
It's not about Spring. You just should configure your container or server(Tomcat, JBoss, i.e.)
Related
In my application server Wildfly I have a war which contains code of a RESTful Web Service done with Apache CXF and Spring Framework, this war call an external ws.
With Postman I call API inside my war with success :-) , I ask what technology is better to develope my new client web application to emulate Postman.
Thanks in advance
I always use the Apache HTTP client to call external web services, regardless if it is SOAP or REST using JSON or XML or whatever other data format.
The reason is: In real live, more than 50% of all web services do not follow the standards. Working around the standards is often hard work when you use frameworks. But with the Apache HTTP client it is easy to implement workarounds for whatever might happen, for example:
Fix wrong XML Namespaces or content by search/replace before parsing it.
Process HTTP result codes in non-standard way
Send and receive custom HTTP headers
Use requests that combine GET (Url-) parameters with POST body
non-standard encryption
non-standard authentication (not everything that they call OAuth2 is really OAuth2)
Work with certificates - even self-made certifictes that do not match any root certificate
All that might sound ridiculous to you but it happens very very often in the projects where I was involved in. The Apache HTTP client gives you full access to the HTTP protocol and is easy to understand.
You can still marshal and unmarshal the objects to XML/JSON using your framework. But it is better to keep control over the many small details of the HTTP communication.
I prefer Spring RestTemplate. You can inject the RestTemplate in your beans and send GET and POST easily:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.client.RestTemplate;
import org.springframework.http.ResponseEntity;
public class Test {
#Autowired
RestTemplate restTemplate;
public ResponseEntity<Response> test(String url, Request request){
return restTemplate.postForEntity(url, request, Response.class);
}
}
Basically as the title says. Apache HttpClient and Spring RestTemplate allow for defining custom interceptors which wrap around requests/responses and allow for additional (global) modification of request parameters, logging, etc...
I do not see such a feature available in standard Java implementation of java.net.http.HttpClient (as of Java 11). Am I missing something or is there no way to intercept all requests/responses on a single HttpClient?
There isn't a built-in solution, but you can write your own code as in this answer or use this interceptable-http-client library.
We were looking to use Apache CXF framework to implement REST services. We would like to provide federated access to the rest services via SAML. The identify provider will a rest service (back ended by a DB) that would accept a user/pass and return a SAML assertion.
What would be the best practice in achieving this?
Best practice is to conform to the SAML v2 Web Profile. But the problem there is that the Web Profile relies on sessions, typically managed by cookies. Sessions are a stateful artifact that are contrary to REST.
So, rather than using SAML, perhaps you should consider something like OAuth 2, which is a bit friendlier to HTTP and REST, since it can (by design) use the actual HTTP headers as part of its transaction and not rely on sessions.
If you are willing to be a little loose in your definition of "RESTful", you may want to look at this:
http://cxf.apache.org/fediz.html
This is CXF's implementation of the SAML standard.
Or, follow the directions here to do it with CXF without the Fediz plugin:
https://cwiki.apache.org/confluence/display/CXF20DOC/SAML+Web+SSO
Is it possible to write a servlet which handles FTP request instead of usual HTTP request?, If yes, how can we do this?
Although it says that you can extend GenericServlet to use other protocols than HTTP - you can't. There's no implementation that handles the networking, especially since FTP is a statefull protocol.
I would suggest implementing something like the Apache Mina Ftp Server (http://mina.apache.org/ftpserver-project/) to handle that for you.
I am a student building a http proxy server. I want to cache those requests that are frequently accessed. May I get any idea about this? Especially in java.
To figure out what you need to implement, read and understand the HTTP specification. Focus particularly on the sections on how a proxy is supposed to behave.
You could possibly base part of the implementation on the Apache HttpClient library, but I have a feeling that the APIs will prove to be unsuitable for the proxy server use-case.
I'd also like to point out that a more practical way to implement an HTTP proxy server would be to simply deploy an existing server like Squid.