I am using swagger in java.
I am reading a header called callerId through requestAttributes in the code. I am not using the header through the annotation #HeaderParam.
because of this reason, the header section is not showing up in the swagger UI for try outs.
How can I make this header show up in the try out form.
Is there any way I can achieve this without hard coding the header value.
Thanks in advance.
You can add parameters to an operation using #ApiImplicitParams and #ApiImplicitParam.
The following wiki documentation should provide you with an explanation on how to use these annotations - https://github.com/swagger-api/swagger-core/wiki/Annotations#apiimplicitparam-apiimplicitparams
Keep in mind I assume here that this is not a security header but actually part of the API (at least based on the description you gave). If you're looking for a security header, there's an alternative method. Please leave a comment and I'll edit this response.
Related
I read some data from httprequestservlet headers,in fortify static fortify analyze I got
Header Manipulation vulnerabilities issue.What is the best way to fix request header manipulation for fortify issue
String a=(requestServlet.getRequestURL().toString());
String myId =requestServlet.getHeader("MyID");
According to this page https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.header_manipulation, I think you need to add the sanity check for the header parameters.
Normally the fortify server will give the fix suggestions. for example, they explains the path manipulation as below
I'd like to log the original 'raw' request body (e.g. JSON) while using Camel Rest endpoints. What's the proper way to do this?
My setup (RouteBuilder) looks like this:
restConfiguration().component("jetty")
.host(this.host)
.port(this.port)
.contextPath(this.contextPath)
.bindingMode(RestBindingMode.json);
rest("myService/").post()
.produces("application/json; charset=UTF-8")
.type(MyServiceRequest.class)
.outType(MyServiceResponse.class)
.to(SERVICE_CONTEXT_IN);
from(SERVICE_CONTEXT_IN).process(this.serviceProcessor);
My problem here is that the mechanics such as storing the request as an Exchange property are 'too late' in terms of using this approach, any processors are too late in the route, i.e., the binding already took place and consumed the Request. Also the CamelHttpServletRequest's InputStream has already been read and contains no data.
The first place to use the log EIP is directly before the single processor:
from(SERVICE_CONTEXT_IN).log(LoggingLevel.INFO, "Request: ${in.body}")
.process(this.serviceProcessor);
but at that point the ${in.body} is already an instance of MyServiceRequest. The added log above simply yields Request: x.y.z.MyServiceRequest#12345678. What I'd like to log is the original JSON prior to being bound to a POJO.
There seems to be no built-in way of enabling logging of the 'raw' request in RestConfigurationDefinition nor RestDefinition.
I could get rid of the automatic JSON binding and manually read the HTTP Post request's InputStream, log and perform manual unmarshalling etc. in a dedicated processor but I would like to keep the built-in binding.
I agree there is no way to log the raw request (I assume you mean the payload going through the wire before any automatic binding) using Camel Rest endpoints.
But taking Roman Vottner into account, you may change your restConfiguration() as follows:
restConfiguration().component("jetty")
.host(this.host)
.port(this.port)
.componentProperty("handlers", "#yourLoggingHandler")
.contextPath(this.contextPath)
.bindingMode(RestBindingMode.json);
where your #yourLoggingHandler needs to be registered in your registry and implement org.eclipse.jetty.server.Handler. Please take a look at writing custom handlers at Jetty documentation http://www.eclipse.org/jetty/documentation/current/jetty-handlers.html#writing-custom-handlers.
In the end I 'solved' this by not using the REST DSL binding with a highly sophisticated processor for logging the payload:
restConfiguration().component("jetty")
.host(this.host)
.port(this.port)
.contextPath(this.contextPath);
rest("myService/").post()
.produces("application/json; charset=UTF-8")
.to(SERVICE_CONTEXT_IN);
from(SERVICE_CONTEXT_IN).process(this.requestLogProcessor)
.unmarshal()
.json(JsonLibrary.Jackson, MyServiceRequest.class)
.process(this.serviceProcessor)
.marshal()
.json(JsonLibrary.Jackson);
All the requestLogProcessor does is to read the in body as InputStream, get and log the String, and eventually pass it on.
You can solve this by:
Turning the RestBindingMode to off on your specific route and logging the incoming request string as is.
After which you can convert the JSON string to your IN type object using ObjectMapper.
At the end of the route convert the java object to JSON and put it in the exchange out body, as we turned off the RestBindingMode.
rest("myService/").post()
.bindingMode(RestBindingMode.off)
.to(SERVICE_CONTEXT_IN);
In my case, streamCaching did the trick because the Stream was readable only once. Thefore I was able log but was not able to forward the body any more. I hope this might be of help to someone
I am loading model in apache jena using function FileManager.get().loadModel(url).And I also know that there may be some URLs in HTTP Response Link Header .I want to load model also from the links(URLs) in link header.How to do that ? Is there any inbuilt fuctionality to get access to header and process link header in Response header?
FileManager.get().loadModel(url) packages up reading a URL and parsing the results into a model. It is packing up a common thing to do; it is not claiming to be comprehensive. It is quite an old interface.
If you wanted detailed control over the HTTP handling, see if HttpOp (a lower level) mechanism helps, otherwise do the handling in the application and hand the input stream for the response directly to the parser.
You may also find it useful to look at the code in RDFDataMgr.process for help with content negotiation.
I don't think that this is supported by Jena. I don't see any reason in doing so. The HTTP request is done to get the data and maybe also to get the response type. If you want to get the URLs in some header fields, why not simply use plain old Java:
URL url = new URL("http://your_ontology.owl");
URLConnection conn = url.openConnection();
Map<String, List<String>> map = conn.getHeaderFields();
I use spring unit test with spring-restdocs.
this is my mockmvc code:
mockMvc.perform(fileUpload("/api/enterprise/uploadImage")
.file(imageFile)
.with(csrf().asHeader())
.params(params)
).andExpect(status().isOk());
but when use spring-restdocs I don't how to write the snippet of file filed.
this is my snippets create code:
document.snippets(
requestParameters(
parameterWithName("file").description("upload file"),
parameterWithName("imageType").description("image type")
)
);
in this way I get an error:
org.springframework.restdocs.snippet.SnippetException: Request parameters with the following names were not found in the request: [file]
at org.springframework.restdocs.request.RequestParametersSnippet.verificationFailed(RequestParametersSnippet.java:79)
at org.springframework.restdocs.request.AbstractParametersSnippet.verifyParameterDescriptors(AbstractParametersSnippet.java:93)
at org.springframework.restdocs.request.AbstractParametersSnippet.createModel(AbstractParametersSnippet.java:70)
at org.springframework.restdocs.snippet.TemplatedSnippet.document(TemplatedSnippet.java:64)
at org.springframework.restdocs.mockmvc.RestDocumentationResultHandler.handle(RestDocumentationResultHandler.java:101)
at org.springframework.test.web.servlet.MockMvc.applyDefaultResultActions(MockMvc.java:195)
at org.springframework.test.web.servlet.MockMvc.perform(MockMvc.java:163)
at com.athena.edge.enterprise.controller.UploadImageTest.uploadImage(UploadImageTest.java:108)
You're sending a multi-part request so the file that's being uploaded isn't a request parameter. Instead, it's one of the parts in the request and
your test is failing because you're trying to document a request parameter that doesn't exist.
Spring REST Docs doesn't have support for documenting parts in a multipart request at the moment. There is an open issue for it. I haven't implemented anything yet as request parts can be quite complex. For example, in some cases the part name and a description may be sufficient but in others it may be useful to document the part's headers, the structure of its content, etc.
Please comment on the issue linked to above, particularly if support for the simplest case would be useful.
Since the release of version 1.1.0.RELEASE of spring-restdocs you can use RequestPartsSnippet.
You can now write spring-restdocs snippets with MockMultipartFile as the following:
mockMvc.perform(multipart("/upload").file("file", "example".getBytes()))
.andExpect(status().isOk())
.andDo(document("upload", RequestPartsSnippet.requestParts(
RequestPartDescriptor.partWithName("file").description("The file to upload"))
));
This example is taken from the official documentation here.
Is there any way to add custom via header in jain-sip? Adding the oc-parametrs from RFC 7339.
From enter link description hereplace I got the following example, but not sure if it will work. The quote from link:
This could be easily achieved by adding some code to implementation of
javax.sip.message.Message.addHeader(Header header) function.
void addHeader(Header header) {
if(!(header instanceof InternalHeaderObject)
&& header instanceof ExtensionHeader) {
ExtensionHeader extensionHeader = (ExtensionHeader) header;
header = headerFactory.createHeader(extensionHeader.getName(), extensionHeader.getValue());
}
...
}
I will start by saying you can absolutely handle custom via headers in terms of SIP as long as it is valid SIP. For this RFC you just need to use viaHeader.set/getParameter if I am not missing something.
The blog post talks about creating your own header classes, which is not relevant to your needs as far as I can imagine. Custom header classes are tricky and inefficient. For example JAIN SIP will automatically construct it's own ViaHeader instance for inbound messages when parsing them. Plugging a custom header to override the default Via internally will break a lot of validation promises and cause overhead..
If you have a showstopper case for custom header classes I will gladly listen though.