I am having issues with my Spring backend and an AngularJS frontend. As an info, I'm pretty new to Spring Security and learning with this project as well.
I'm not using SpringBoot. Both work seperately and are supposed to be able to run on seperate machines. ATM my frontend is running locally via gulp server on https://localhost:3000, the backend is running in a Tomcat at https://localhost:8443/context. I've set up a CORSFilter in Java.
So far, so good. If I start the frontend, calls are being made to the backend for getting resources and I'm seing the login page. If I choose login, the call is being made to https://localhost:8443/context/login, as its supposed to. But: After the login is being processed in the backend, the backend does a redirect to https://localhost:8443/context instead of https://localhost:3000, which of course creates a 404 and results in a failed login (frontend-wise). I just can't find where this weird redirect is being made.
SpringSecurityConfig:
private static final String C440_LOGIN = "/login";
private static final String c440_START_PAGE = "/index.html";
private static final String FAVICON_ICO = "/favicon.ico";
#Override
protected void configure(HttpSecurity http) throws Exception {
// HttpSecurity workHttp = http.addFilterBefore(new CORSFilter(), SessionManagementFilter.class); does not work!
HttpSecurity workHttp = http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
workHttp.addFilterBefore(new CookieFilter(), ChannelProcessingFilter.class);
workHttp.addFilterBefore(getUsernamePasswordPortalAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
// set authorizations
workHttp = authorizeRequests(http);
// login handling
workHttp = formLogin(workHttp);
// exception handling
workHttp = exceptionHandling(workHttp);
// logout handling
workHttp = logout(workHttp);
// cookie handling
workHttp = rememberMe(workHttp);
// disable caching because if IE11 webfonds bug
// https://stackoverflow.com/questions/7748140/font-face-eot-not-loading-over-https
http.headers().cacheControl().disable();
csrf(workHttp);
}
/**
* Configures request authorization.
*
* #param http The security configuration.
* #return The configured security configuration.
* #throws Exception is throws if the configuration fails.
*/
protected HttpSecurity authorizeRequests(HttpSecurity http) throws Exception {
return http
.authorizeRequests()
// secured pages
.antMatchers("/", getCustomerdWebRessourceSecuredPath()).authenticated()
// common resources
.antMatchers("/app/**").permitAll()
.antMatchers("/profiles/**").permitAll()
.antMatchers("/captcha/**").permitAll()
.antMatchers("/", getCustomerRessourcePath()).permitAll()
.antMatchers("/", getCustomerWebRessourcePath()).permitAll()
.antMatchers("/", c440_START_PAGE).permitAll()
.antMatchers("/", FAVICON_ICO).permitAll()
.antMatchers(C440_LOGIN).permitAll()
// frontend services
.antMatchers("/services/userService/**").permitAll()
.antMatchers("/services/applicationService/**").permitAll()
.antMatchers("/services/textContentService/**").permitAll()
.antMatchers("/services/textContentBlockService/**").permitAll()
.antMatchers("/services/menuItemService/**").permitAll()
.antMatchers("/services/calculatorService/**").permitAll()
.anyRequest().authenticated()
.and();
}
private String getCustomerRessourcePath() {
return "/resources/app-" + portalFrontendBase + "/**";
}
private String getCustomerWebRessourcePath() {
return "/app-" + portalFrontendBase + "/**";
}
private String getCustomerdWebRessourceSecuredPath() {
return "/app-" + portalFrontendBase + "/secure/**";
}
/**
* Configures form login.
*
* #param http The security configuration.
* #return The configured security configuration.
* #throws Exception is throws if the configuration fails.
*/
protected HttpSecurity exceptionHandling(HttpSecurity http) throws Exception {
return http
.exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> {
if (authException != null) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
/**
* IMPORTANT: do not redirect the requests. The front-end will be responsible to do this.
* Otherwise the unauthorized status cannot be caught in the front-end correctly.
*/
return;
}
})
.and();
}
/**
* Configures form login.
*
* #param http The security configuration.
* #return The configured security configuration.
* #throws Exception is throws if the configuration fails.
*/
protected HttpSecurity formLogin(HttpSecurity http) throws Exception {
return http
.formLogin()
.loginPage(c440_START_PAGE)
.successHandler(getAuthenticationSuccessHandler())
.failureHandler(getAuthenticationFailureHandler())
.loginProcessingUrl(C440_LOGIN)
.permitAll()
.and();
}
/**
* Configures logout.
*
* #param http The security configuration.
* #return The configured security configuration.
* #throws Exception is throws if the configuration fails.
*/
protected HttpSecurity logout(HttpSecurity http) throws Exception {
return http
.logout()
.logoutUrl(portalLogoutURL)
.addLogoutHandler(getLogoutHandler())
.logoutSuccessHandler(getLogoutSuccessHandler())
.invalidateHttpSession(true)
.and();
}
#Bean
public UsernamePasswordPortalAuthenticationFilter getUsernamePasswordPortalAuthenticationFilter() throws Exception {
UsernamePasswordPortalAuthenticationFilter customFilter = new UsernamePasswordPortalAuthenticationFilter();
customFilter.setAuthenticationManager(authenticationManagerBean());
return customFilter;
}
UsernamePasswordPortalAuthenticationFilter.java:
#PropertySource(value = {"classpath:application.properties"})
public class UsernamePasswordPortalAuthenticationFilter extends
UsernamePasswordAuthenticationFilter {
private Logger log = Logger.getLogger(this.getClass());
#Value("${captchaActive}")
private boolean captchaActive;
#Override
public AuthenticationManager getAuthenticationManager() {
return super.getAuthenticationManager();
}
#Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
UsernamePasswordPortalAuthenticationToken authRequest = getAuthenticationTokenFromRequest(request);
return getAuthenticationManager().authenticate(authRequest);
}
/**
* Reads the UsernamePasswordPortalAuthenticationToken from the data of the request.
*
* #param request The request to read the data from.
* #return The authentication token.
* #throws AuthenticationException is thrown if the data cannot be read.
*/
public UsernamePasswordPortalAuthenticationToken getAuthenticationTokenFromRequest(final HttpServletRequest request) throws AuthenticationException {
StringBuffer buf = new StringBuffer();
String line = null;
try {
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null) {
buf.append(line);
}
UsernamePasswordPortalAuthenticationToken loginDataWithCaptcha =
new ObjectMapper().readValue(buf.toString(), UsernamePasswordPortalAuthenticationToken.class);
if (this.captchaActive) {
String answer = (String) request.getSession().getAttribute("COLLPHIRCAPTCHA");
List<CaptchaCookieDto> captchaCookieDtos;
captchaCookieDtos = (List<CaptchaCookieDto>) request.getAttribute("captchaCookies");
CaptchaCookieDto captchaCookieDto = captchaCookieDtos.stream().filter(captchaCookie -> captchaCookie.getUsername().equals(
loginDataWithCaptcha.getUsername())).findAny().orElse(null);
if (captchaCookieDto != null && captchaCookieDto.getCounter() >= 2) {
if (answer.equals(loginDataWithCaptcha.getConfirmCaptcha())) {
return new ObjectMapper().readValue(loginDataWithCaptcha.loginDataToStringWithoutCaptcha(),
UsernamePasswordPortalAuthenticationToken.class);
} else {
throw new BadCredentialsException("invalid data");
}
} else {
return new ObjectMapper().readValue(loginDataWithCaptcha.loginDataToStringWithoutCaptcha(),
UsernamePasswordPortalAuthenticationToken.class);
}
} else {
return new ObjectMapper().readValue(loginDataWithCaptcha.loginDataToStringWithoutCaptcha(), UsernamePasswordPortalAuthenticationToken.class);
}
} catch (Exception e) {
throw new BadCredentialsException("invalid data");
}
}
}
I tried changing the order of my two custom filters (CORSFilter and CookieFilter), or putting the CORSFilter somehwere else (addFilterBefore SessionManagementFilter does not work, if I do that, the login-call won't work because of the missing CORS-header) and almost everything else...
I also tried using the idea from the authsuccesshandler from https://www.baeldung.com/spring_redirect_after_login where I just get the requests origin header (which should be the frontend-URL https://localhost:3000) to redirect back to it:
#Component
public class MyTestAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private Logger LOG = Logger.getLogger(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
public MyTestAuthenticationSuccessHandler() {
super();
setUseReferer(true);
}
#Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException {
LOG.info("onAuthenticationSuccess");
SecurityContextHolder.getContext().setAuthentication(auth);
handle(request, response, auth);
}
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException {
String targetUrl = determineTargetUrl(request);
if (response.isCommitted()) {
LOG.info("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(HttpServletRequest request) {
return request.getHeader("Origin");
}
}
but still it doesn't work.
Also, if I try to debug the backend and set breakpoints inside of the authsuccesshandler and authfailurehandler, it still doesn't stop there. Shouldn't it stop there?
.formLogin()
.loginPage(c440_START_PAGE)
.successHandler(getAuthenticationSuccessHandler())
.failureHandler(getAuthenticationFailureHandler())
.loginProcessingUrl(C440_LOGIN)
.permitAll()
.and();
I really don't understand where this redirect is happening and why it won't use my new authsuccesshandler.
UPDATE 07.03.19: It seems that the successhandler isn't being called at all, even if I deploy both frontend and backend at the same URL as a bundled WAR file which makes the login work again. Weird thing is, even if I remove the .formLogin() stuff from the configure method inside the SecurityConfig the login still works. So I guess it looks like all the magic is happening in the AuthenticationProvider which is being called in our custom UsernamePasswordAuthenticationFilter:
UsernamePasswordAuthenticationFilter
[...]
#Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
UsernamePasswordPortalAuthenticationToken authRequest = getAuthenticationTokenFromRequest(request);
return getAuthenticationManager().authenticate(authRequest);
}
[...]
AuthenticationProvider:
[...]
#Override
public CollphirAuthentication authenticate(Authentication authentication) throws AuthenticationException {
if (authentication == null) {
throw new IllegalArgumentException("authentication");
}
if (UsernamePasswordPortalAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
UsernamePasswordPortalAuthenticationToken clientAuthentication = (UsernamePasswordPortalAuthenticationToken) authentication;
CollphirUser user = getUserService().loginUser(
clientAuthentication.getName(), clientAuthentication.getCredentials().toString(), clientAuthentication.getPortal(), clientAuthentication.getArbeitgeber());
CollphirAuthentication auth = null;
if (user == null || user.getBenutzerkennung() == null || user.getCOLRolle() == null) {
LOG.info("authentication failed");
Notification[] notifications = user.getNotifications();
String msg = null;
if (notifications != null && notifications[0] != null && notifications[0].getText() != null) {
msg = notifications[0].getText();
}
throw new BadCredentialsException(msg);
}
Referenz arbeitgeberReference = getArbeitgeberReference(user, clientAuthentication.getPortal(), clientAuthentication.getArbeitgeber());
auth = new CollphirAuthentication(user, arbeitgeberReference);
auth.setArbeitgeber(getArbeitgeber( arbeitgeberReference));
LOG.debug("is authenticated: " + auth.isAuthenticated());
return auth;
}
throw new BadCredentialsException("type");
}
[...]
So my guess is: Somewhere inside the UsernamePasswordPortalAuthenticationFilter or AuthenticationProvider the redirect is being made. If I think about it, a redirect doesn't make sense at all in an AngularJS frontend where the call to the backend is being made via REST, right? Shouldn't the backend just send back a status code or something which the AngularJS controller can evaluate to change the state or display an error message?
It looks like the whole login process in this application is really weird. I can't imagine it is usual to not use the .formLogin() and .successHandler()? The thing is, I don't have a best practice example for an AngularJS frontend and Spring Security backend as comparison...
Do you use the Springs default AuthenticationSuccessHandler? I think that this handler just redirect to the application base path and it is not working if your frontend is at another context or URL. So you have to perform a redirect after an successfull login back to your frontend.
Take a look at this page: https://www.baeldung.com/spring-security-redirect-login
Here you find a few possibilities to handle that case.
Related
Currently I'm developing Spring OAuth2 security project with Angularjs. I'm taking a token with oauth server and I'm parsing to headers but when I try to redirect to home page I'm thrown by "Full authentication is required to access this resource" but I loged in and client server gives an anonymousUser and access denied.
#Configuration
#EnableWebSecurity
#Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/login.html")
.antMatchers("/js/**")
.antMatchers("/css/**")
.antMatchers("/metronic/css/**")
.antMatchers("/metronic/js/**")
.antMatchers("/metronic/image/**")
.antMatchers("/image/**")
.antMatchers("/language/**")
.antMatchers("/404.html")
.antMatchers("/logout")
.antMatchers("/kilitEkrani.html")
.antMatchers("/metronic/css/fonts/**")
.antMatchers("/metronic/fonts/**");
}
#Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**", "/metronic/css/**").permitAll()
.and().authorizeRequests().antMatchers("/metronic/image/**", "/image/**", "/metronic/css/fonts/**", "/metronic/fonts/**").permitAll()
.and().authorizeRequests().antMatchers("/js/**", "/metronic/js/**").permitAll()
.and().httpBasic().and().authorizeRequests()
.antMatchers("/login.html", "/language/**", "/api/kullanici/user", "/logout", "/kilitEkrani.html", "/404.html").permitAll()
.anyRequest().authenticated().and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).csrf().csrfTokenRepository(csrfTokenRepository()).and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login.html")
.permitAll().and().csrf().disable();
}
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
#Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null
&& !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
This is my security config. Am I missing something? Help please...
I think the problem is that you make use of basic authentication in the auth server. You can try to disable the basic authentication and use form authentication instead.
I'm using CXF 3.1.5, How can I apply proxy settings and trust or ignore SSL certificate when sending out request?
I use CXF in the following two ways.
Using org.apache.cxf.bus to get WSDL definition from IdP or SP, bus.getExtension(WSDLManager.class).getDefinition().
Using org.apache.cxf.ws.security.trust.STSClient to request Security Token.stsClient.requestSecurityToken()
and I think I need to use code for configuration instead of configuration file as my callers send me those information about proxy and SSL certificates.
thanks a lot!
After further research, I found something.
to resolve the first problem, add the following code:
ResourceManager extension = bus.getExtension(ResourceManager.class);
extension.addResourceResolver(new ResourceResolver() {
#Override
public <T> T resolve(String resourceName, Class<T> resourceType) {
return null;
}
#Override
public InputStream getAsStream(String name) {
if (!name.startsWith("https")) {
return null;
}
org.apache.http.client.HttpClient httpClient = HttpUtils.createHttpClient(setting);
HttpGet httpGet = new HttpGet(name);
try {
HttpResponse httpResponse = httpClient.execute(httpGet);
return httpResponse.getEntity().getContent();
} catch (IOException e) {
e.printStackTrace();
return null;
}
}
});
then I can get the WSDL definition, but I still don't know how to fix the second problem, I'm trying to use HTTPConduit((HTTPConduit)stsClient.getClient().getConduit()), but when call stsClient.getClient(), cxf will try to load those XML Schema which will lead to the following exception:
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.wsdl11.WSDLServiceFactory.create(WSDLServiceFactory.java:170)
at org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClient.java:657)
at org.apache.cxf.ws.security.trust.AbstractSTSClient.getClient(AbstractSTSClient.java:480)
...
Caused by: org.apache.ws.commons.schema.XmlSchemaException: Unable to locate imported document at 'https://...&xsd=ws-trust-1.3.xsd', relative to 'https://...#types1'.
at org.apache.cxf.catalog.CatalogXmlSchemaURIResolver.resolveEntity(CatalogXmlSchemaURIResolver.java:76)
at org.apache.ws.commons.schema.SchemaBuilder.resolveXmlSchema(SchemaBuilder.java:684)
at org.apache.ws.commons.schema.SchemaBuilder.handleImport(SchemaBuilder.java:538)
at org.apache.ws.commons.schema.SchemaBuilder.handleSchemaElementChild(SchemaBuilder.java:1516)
at org.apache.ws.commons.schema.SchemaBuilder.handleXmlSchemaElement(SchemaBuilder.java:659)
at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:551)
at org.apache.cxf.common.xmlschema.SchemaCollection.read(SchemaCollection.java:129)
at org.apache.cxf.wsdl11.SchemaUtil.extractSchema(SchemaUtil.java:140)
at org.apache.cxf.wsdl11.SchemaUtil.getSchemas(SchemaUtil.java:73)
at org.apache.cxf.wsdl11.SchemaUtil.getSchemas(SchemaUtil.java:65)
at org.apache.cxf.wsdl11.SchemaUtil.getSchemas(SchemaUtil.java:60)
at org.apache.cxf.wsdl11.WSDLServiceBuilder.getSchemas(WSDLServiceBuilder.java:378)
at org.apache.cxf.wsdl11.WSDLServiceBuilder.buildServices(WSDLServiceBuilder.java:345)
at org.apache.cxf.wsdl11.WSDLServiceBuilder.buildServices(WSDLServiceBuilder.java:209)
at org.apache.cxf.wsdl11.WSDLServiceFactory.create(WSDLServiceFactory.java:162)
... 32 more
Found a solution:
implements HTTPConduitFactory and put it into bus.
bus.setExtension(new MyHTTPConduitFactory(setting), HTTPConduitFactory.class)
In the Factory class:
#Override
public HTTPConduit createConduit(HTTPTransportFactory f, Bus b, EndpointInfo localInfo,
EndpointReferenceType target) throws IOException {
return new MyHTTPConduit(settings, f, b, localInfo, target);
}
MyHTTPConduit extends URLConnectionHTTPConduit
To handle SSL certificates.
TLSClientParameters parameters = new TLSClientParameters();
parameters.setDisableCNCheck(settings.isTurnOffHostVerifier());
if (settings.isIgnoreServerCertificate()) {
parameters.setTrustManagers(new TrustManager[] { new TrustAllCertsTrustManager() });
} else {
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init(settings.getTrustStore());
parameters.setTrustManagers(factory.getTrustManagers());
}
this.setTlsClientParameters(parameters);
TrustAllCertsTrustManager class
private class TrustAllCertsTrustManager implements X509TrustManager {
#Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
#Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
#Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
To handle proxy.
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setProxyServer(proxy.getHostName());
httpClientPolicy.setProxyServerPort(proxy.getPort());
this.setClient(httpClientPolicy);
There are some examples here: http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
I'm trying to add web sockets to my AngularJS application.
I set up the web socket using Spring 4 on the server and Stomp SockJS on the client.
I access the page at http://localhost:9000/#/project/1/bts after a grunt serve command.
But I get a 500 response when doing the web socket handshake:
WebSocket connection to 'ws://localhost:8080/nitro-project-rest/api/socket/bts/405/bmtcztq4/websocket' failed: Error during WebSocket handshake: Unexpected response code: 500
The server has this to say upon each failed websocket request:
SEVERE: Servlet.service() for servlet [NITRo] in context with path [/nitro-project-rest] threw exception [Request processing failed; nested exception is org.springframework.web.socket.sockjs.SockJsException: Uncaught failure in SockJS request, uri=http://localhost:8080/nitro-project-rest/api/socket/bts/970/2xoe6kls/websocket; nested exception is org.springframework.web.socket.sockjs.SockJsTransportFailureException: WebSocket handshake failure; nested exception is java.lang.RuntimeException: Cannot load platform configurator] with root cause
java.lang.RuntimeException: Cannot load platform configurator
More on the error:
2017-02-06 10:36:04,241 DEBUG [http-bio-8080-exec-10] o.s.w.s.h.LoggingWebSocketHandlerDecorator Transport error in WebSocketServerSockJsSession[id=nqj286ob]
java.lang.RuntimeException: Cannot load platform configurator
at javax.websocket.server.ServerEndpointConfig$Configurator.fetchContainerDefaultConfigurator(ServerEndpointConfig.java:123)
at javax.websocket.server.ServerEndpointConfig$Configurator.getContainerDefaultConfigurator(ServerEndpointConfig.java:128)
at javax.websocket.server.ServerEndpointConfig$Configurator.checkOrigin(ServerEndpointConfig.java:192)
The funny thing is the push notification works fine. I can see the webpage being updated live when the expected event occurs. So my websocket works fine, in spite of this exception. This exception occurs at page load time.
When I manually type the url:
http://localhost:8080/nitro-project-rest/api/socket/bts
in the Chromium web browser it displays: Welcome to SockJS!
Here is my web socket connection service:
function StompService(endpoint) {
this.stompClient = Stomp.client(ENV.NITRO_PROJECT_WS_URL + '/socket/' + endpoint);
}
StompService.prototype.connect = function(onConnect, onError) {
this.stompClient.connect({}, function(frame) {
$rootScope.$apply(function() {
onConnect.apply(stompClient, frame);
});
}, function(frame) {
$rootScope.$apply(function() {
onError.apply(stompClient, frame);
});
}, '/');
};
And the controller:
var stomp = new SocketService(BTS_WS_ENDPOINT);
stomp.connect(function() {
$scope.client.subscribe('status', function(message) {
$scope.messages.push(message.body);
});
}, function() {
});
With the server side configuration and controller:
#Configuration
#EnableWebSocketMessageBroker
#ComponentScan(basePackages = "com.nsn.nitro.project.rest.socket")
public class WebSocketConfiguration extends AbstractWebSocketMessageBrokerConfigurer {
#Override
public void configureMessageBroker(MessageBrokerRegistry config) {
// Prefix for destinations towards the server
config.setApplicationDestinationPrefixes("/app");
// Prefix for destinations towards the client
config.enableSimpleBroker("/topic");
}
#Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
// All controllers need to be added to the endpoint registry
registry.addEndpoint("/socket/bts").withSockJS();
}
#Override
public void configureClientInboundChannel(ChannelRegistration registration) {
}
#Override
public void configureClientOutboundChannel(ChannelRegistration registration) {
registration.taskExecutor().corePoolSize(4).maxPoolSize(10);
}
}
#Controller
public class BTSSocketController {
private static Logger logger = LoggerFactory.getLogger(BTSSocketController.class);
#MessageMapping("/socket/bts")
#SendTo("/topic/status")
public BTSMessage status(BTSMessage message) throws Exception {
logger.debug("==========>> Received the message " + message.getBtsId());
message.setStatus(BTSStatus.ONAIR);
return message;
}
}
I'm running Spring Security with Basic Authentication and the following configuration:
#Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(simpleCORSFilter, ChannelProcessingFilter.class);
http
.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().httpBasic().authenticationEntryPoint(restAuthenticationEntryPoint)
.and().authorizeRequests().antMatchers("/socket/**").permitAll()
.and().authorizeRequests().antMatchers("/resources/**").permitAll()
.and().authorizeRequests().antMatchers(RESTConstants.SLASH + RESTConstants.ADMINS + RESTConstants.SLASH + RESTConstants.LOGIN).permitAll()
.and().authorizeRequests().antMatchers("/**").hasRole("ADMIN").anyRequest().authenticated();
}
#Component
public class SimpleCORSFilter implements Filter {
private static final String ORIGIN = "Origin";
private static final String OPTIONS = "OPTIONS";
private static final String OK = "OK";
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
if (httpServletRequest.getHeader(ORIGIN) != null) {
String origin = httpServletRequest.getHeader(ORIGIN);
httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "Accept-Language,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,X-Filename,Content-Disposition,Content-Length");
// Allow more than the 6 default headers to be returned, as the content length is required for a download file request to get the file size
httpServletResponse.setHeader("Access-Control-Expose-Headers", "Accept-Language,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,X-Filename,Content-Disposition,Content-Length");
}
if (httpServletRequest.getMethod().equals(OPTIONS)) {
try {
httpServletResponse.getWriter().print(OK);
httpServletResponse.getWriter().flush();
} catch (IOException e) {
e.printStackTrace();
}
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
My Java dependencies are:
[INFO] +- javax.websocket:javax.websocket-api:jar:1.1:provided
[INFO] +- org.springframework:spring-web:jar:4.3.6.RELEASE:compile
[INFO] +- org.springframework:spring-webmvc:jar:4.3.6.RELEASE:compile
[INFO] +- org.springframework:spring-test:jar:4.3.6.RELEASE:compile
[INFO] +- org.springframework:spring-messaging:jar:4.3.6.RELEASE:compile
[INFO] +- org.springframework:spring-websocket:jar:4.3.6.RELEASE:compile
My Js dependencies are:
"sockjs": "~0.3.4",
"stomp-websocket": "~2.3.4",
To help anyone else who stumbles across this while searching for the "Welcome to SockJS" error: if you are trying to connect to a SockJS address using a regular websocket connection, add /websocket to the end of your url.
I am currently training and I'm working on Android application that uses RESTEasy API and I encounter some problem with ProxyFactory.create method (..., ...).
Let me explain it:
I have two REST services.
AuthenticateService :
#Path("/authent/tokens")
public interface AuthenticateService {
// This method add a data "token" in cookie
#POST
#Produces(MediaType.APPLICATION_JSON)
#Consumes(MediaType.APPLICATION_JSON)
public PostCustomerOutput createToken(PostCustomerInput postCustomerInput) throws ConnectException;
#Path("/{id}")
#DELETE
#Produces(MediaType.APPLICATION_JSON)
#Consumes(MediaType.APPLICATION_JSON)
public Void deleteToken(#PathParam("id") String token);
}
EnrollmentService :
#Path("/enrollment/otp")
public interface UserEnrollmentService {
#POST
#Produces(MediaType.APPLICATION_JSON)
#Consumes(MediaType.APPLICATION_JSON)
public PostGenerateOTPOutput postGenerateOTP(PostGenerateOTPInput postGenerateOTPInput);
#POST
#Path("/check")
#Produces(MediaType.APPLICATION_JSON)
#Consumes(MediaType.APPLICATION_JSON)
public OutputImpl postCheckOTP(PostCheckOTPInput postCheckOTPInput);
}
On these two services, I have a interceptor that handles recovered data in Cookies.
GrantAccessInterceptor :
public class GrantAccessInterceptor extends AbstractInDatabindingInterceptor {
public GrantAccessInterceptor() {
super(Phase.USER_STREAM);
}
#Override
public void handleMessage(Message message) throws Fault {
HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
if (null != request) {
// Read http header to get cookie/
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cook : cookies) {
if (cook.getName().equals("token")) {
log.info("Token find in cookies");
// TODO : do what I want with the cookie
}
}
} else {
log.info("Cookies are empty !");
}
}
}
}
Now I wrote the following test :
#org.junit.Test
public void testCreateToken() {
RegisterBuiltin.register(ResteasyProviderFactory.getInstance());
// Recover AuthenticateService
AuthenticateService authenticateService = ProxyFactory.create(AuthenticateService.class, urlLocal, executor);
// Recover UserEnrollmentService
UserEnrollmentService userEnrollmentService = ProxyFactory.create(UserEnrollmentService.class, urlLocal, executor);
PostCustomerInput in = new PostCustomerInput();
// put data in PostCustomerInput
PostCustomerOutput out = authenticateService.createToken(in);
// authenticateService.deleteToken(out.getCustomerToken());
PostGenerateOTPInput postGenerateOTPInput = new PostGenerateOTPInput();
userEnrollmentService.postGenerateOTP(postGenerateOTPInput);
}
When I call the method authenticateService.createToken, my GrantAccessInterceptor shows me the right message "Cookies are empty!" This is normal because the cookie is added to the createToken method.
Now, if I call deleteToken method on the same service (AuthenticateService) I get the message "Token find in cookies" which is OK.
Until then all is well.
Now, if after calling the method createToken of AuthenticateService I call a method of my UserEnrollmentService, GrantAccessInterceptor finds nothing in cookies ... -> "Cookies are empty!"
I think that the problem comes from ProxyFactory which does not share cookies between differents services.
It's not ProxyFactory's job to handle cookies, that's up to the ClientExecutor.
By passing the same ClientExecutor to ProxyFactory, you should be able to share cookies:
ApacheHttpClient4Executor executor = new ApacheHttpClient4Executor();
ProxyFactory.create(ServiceIntf1.class, "http://my-service-url", executor);
ProxyFactory.create(ServiceIntf1.class, "http://my-service-url", executor);
I'm using GWT RPC to connect to server side. On server side I've to connect to MySQL database, from which I get data I need. My question is which is best practice when I want to test my application, because I haven't deployed it yet on Tomcat app server, and it seems I cant test it, if it is not deployed. When I test it in development mode, I can't connect to database. Do I have to deploy it on Tomcat to test my application, or is there any other way.
P.S. I included JDBC driver, so that is not a problem.
You don't need to deploy to Tomcat or any other webserver to be able to test your application. Separate you test in several layers (JDBC or JPA layer, Service layer), use JUnit and Spring test and you'll be fine.
Take a look at this documentation:
http://static.springsource.org/spring/docs/2.5.x/reference/testing.html
Don't really know what problems you're encountering at this time since you don't have any exceptions posted, but the best practice I follow when I test my GWT code in Development Mode is to proxy the request from GWT to a backend implementation running on a different app server. Since you're planning on moving your code to tomcat, I'm assuming you will be moving your GWT compiled code under the war directory of your J2EE project running on tomcat and the actual db calls will be done from this J2EE project. Follow the below steps.
Basically, in your GWT application, on the 'server' side, you need to create a proxy servlet that will proxy all of the requests to a different port (the port on which your backend application is running -- for example tomcat's port).
You will need to have both applications running at the same time (obviously on different ports). That way, when you're in GWT Development Mode, all of the requests are sent to the jetty app server first, and then forwarded to tomcat, and that's how you can keep on testing without copying the files back and forth and testing your real backend implementation.
The proxy Servlet (from http://edwardstx.net/wiki/attach/HttpProxyServlet/ProxyServlet.java)
package com.xxxxxxx.xxxxx.gwt.xxxxx.server;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.zip.GZIPInputStream;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
/**
* ProxyServlet from http://edwardstx.net/wiki/attach/HttpProxyServlet/ProxyServlet.java
* (This seems to be a derivative of Noodle -- http://noodle.tigris.org/)
*
* Patched to skip "Transfer-Encoding: chunked" headers, avoid double slashes
* in proxied URLs, handle GZip and allow GWT RPC.
*/
public class ProxyServlet extends HttpServlet {
private static final int FOUR_KB = 4196;
/**
* Serialization UID.
*/
private static final long serialVersionUID = 1L;
/**
* Key for redirect location header.
*/
private static final String STRING_LOCATION_HEADER = "Location";
/**
* Key for content type header.
*/
private static final String STRING_CONTENT_TYPE_HEADER_NAME = "Content-Type";
/**
* Key for content length header.
*/
private static final String STRING_CONTENT_LENGTH_HEADER_NAME = "Content-Length";
/**
* Key for host header
*/
private static final String STRING_HOST_HEADER_NAME = "Host";
/**
* The directory to use to temporarily store uploaded files
*/
private static final File FILE_UPLOAD_TEMP_DIRECTORY = new File(System.getProperty("java.io.tmpdir"));
// Proxy host params
/**
* The host to which we are proxying requests. Default value is "localhost".
*/
private String stringProxyHost = "localhost";
/**
* The port on the proxy host to wihch we are proxying requests. Default value is 80.
*/
private int intProxyPort = 80;
/**
* The (optional) path on the proxy host to wihch we are proxying requests. Default value is "".
*/
private String stringProxyPath = "";
/**
* Setting that allows removing the initial path from client. Allows specifying /twitter/* as synonym for twitter.com.
*/
private boolean removePrefix;
/**
* The maximum size for uploaded files in bytes. Default value is 5MB.
*/
private int intMaxFileUploadSize = 5 * 1024 * 1024;
private boolean isSecure;
private boolean followRedirects;
/**
* Initialize the ProxyServlet
* #param servletConfig The Servlet configuration passed in by the servlet container
*/
public void init(ServletConfig servletConfig) {
// Get the proxy host
String stringProxyHostNew = servletConfig.getInitParameter("proxyHost");
if (stringProxyHostNew == null || stringProxyHostNew.length() == 0) {
throw new IllegalArgumentException("Proxy host not set, please set init-param 'proxyHost' in web.xml");
}
this.setProxyHost(stringProxyHostNew);
// Get the proxy port if specified
String stringProxyPortNew = servletConfig.getInitParameter("proxyPort");
if (stringProxyPortNew != null && stringProxyPortNew.length() > 0) {
this.setProxyPort(Integer.parseInt(stringProxyPortNew));
}
// Get the proxy path if specified
String stringProxyPathNew = servletConfig.getInitParameter("proxyPath");
if (stringProxyPathNew != null && stringProxyPathNew.length() > 0) {
this.setProxyPath(stringProxyPathNew);
}
// Get the maximum file upload size if specified
String stringMaxFileUploadSize = servletConfig.getInitParameter("maxFileUploadSize");
if (stringMaxFileUploadSize != null && stringMaxFileUploadSize.length() > 0) {
this.setMaxFileUploadSize(Integer.parseInt(stringMaxFileUploadSize));
}
}
/**
* Performs an HTTP GET request
* #param httpServletRequest The {#link HttpServletRequest} object passed
* in by the servlet engine representing the
* client request to be proxied
* #param httpServletResponse The {#link HttpServletResponse} object by which
* we can send a proxied response to the client
*/
public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
throws IOException, ServletException {
// Create a GET request
String destinationUrl = this.getProxyURL(httpServletRequest);
debug("GET Request URL: " + httpServletRequest.getRequestURL(),
"Destination URL: " + destinationUrl);
GetMethod getMethodProxyRequest = new GetMethod(destinationUrl);
// Forward the request headers
setProxyRequestHeaders(httpServletRequest, getMethodProxyRequest);
setProxyRequestCookies(httpServletRequest, getMethodProxyRequest);
// Execute the proxy request
this.executeProxyRequest(getMethodProxyRequest, httpServletRequest, httpServletResponse);
}
/**
* Performs an HTTP POST request
* #param httpServletRequest The {#link HttpServletRequest} object passed
* in by the servlet engine representing the
* client request to be proxied
* #param httpServletResponse The {#link HttpServletResponse} object by which
* we can send a proxied response to the client
*/
public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
throws IOException, ServletException {
// Create a standard POST request
String contentType = httpServletRequest.getContentType();
String destinationUrl = this.getProxyURL(httpServletRequest);
debug("POST Request URL: " + httpServletRequest.getRequestURL(),
" Content Type: " + contentType,
" Destination URL: " + destinationUrl);
PostMethod postMethodProxyRequest = new PostMethod(destinationUrl);
// Forward the request headers
setProxyRequestHeaders(httpServletRequest, postMethodProxyRequest);
setProxyRequestCookies(httpServletRequest, postMethodProxyRequest);
// Check if this is a mulitpart (file upload) POST
if (contentType == null || PostMethod.FORM_URL_ENCODED_CONTENT_TYPE.equals(contentType)) {
this.handleStandardPost(postMethodProxyRequest, httpServletRequest);
} else {
this.handleContentPost(postMethodProxyRequest, httpServletRequest);
}
// Execute the proxy request
this.executeProxyRequest(postMethodProxyRequest, httpServletRequest, httpServletResponse);
}
/**
* Sets up the given {#link PostMethod} to send the same standard POST
* data as was sent in the given {#link HttpServletRequest}
* #param postMethodProxyRequest The {#link PostMethod} that we are
* configuring to send a standard POST request
* #param httpServletRequest The {#link HttpServletRequest} that contains
* the POST data to be sent via the {#link PostMethod}
*/
#SuppressWarnings("unchecked")
private void handleStandardPost(PostMethod postMethodProxyRequest, HttpServletRequest httpServletRequest) {
// Get the client POST data as a Map
Map mapPostParameters = (Map) httpServletRequest.getParameterMap();
// Create a List to hold the NameValuePairs to be passed to the PostMethod
List listNameValuePairs = new ArrayList();
// Iterate the parameter names
for (String stringParameterName : mapPostParameters.keySet()) {
// Iterate the values for each parameter name
String[] stringArrayParameterValues = mapPostParameters.get(stringParameterName);
for (String stringParamterValue : stringArrayParameterValues) {
// Create a NameValuePair and store in list
NameValuePair nameValuePair = new NameValuePair(stringParameterName, stringParamterValue);
listNameValuePairs.add(nameValuePair);
}
}
// Set the proxy request POST data
postMethodProxyRequest.setRequestBody(listNameValuePairs.toArray(new NameValuePair[]{}));
}
/**
* Sets up the given {#link PostMethod} to send the same content POST
* data (JSON, XML, etc.) as was sent in the given {#link HttpServletRequest}
* #param postMethodProxyRequest The {#link PostMethod} that we are
* configuring to send a standard POST request
* #param httpServletRequest The {#link HttpServletRequest} that contains
* the POST data to be sent via the {#link PostMethod}
*/
private void handleContentPost(PostMethod postMethodProxyRequest, HttpServletRequest httpServletRequest) throws IOException, ServletException {
StringBuilder content = new StringBuilder();
BufferedReader reader = httpServletRequest.getReader();
for (;;) {
String line = reader.readLine();
if (line == null) break;
content.append(line);
}
String contentType = httpServletRequest.getContentType();
String postContent = content.toString();
if (contentType.startsWith("text/x-gwt-rpc")) {
String clientHost = httpServletRequest.getLocalName();
if (clientHost.equals("127.0.0.1")) {
clientHost = "localhost";
}
int clientPort = httpServletRequest.getLocalPort();
String clientUrl = clientHost + ((clientPort != 80) ? ":" + clientPort : "");
String serverUrl = stringProxyHost + ((intProxyPort != 80) ? ":" + intProxyPort : "") + httpServletRequest.getServletPath();
//debug("Replacing client (" + clientUrl + ") with server (" + serverUrl + ")");
postContent = postContent.replace(clientUrl , serverUrl);
}
String encoding = httpServletRequest.getCharacterEncoding();
debug("POST Content Type: " + contentType + " Encoding: " + encoding,
"Content: " + postContent);
StringRequestEntity entity;
try {
entity = new StringRequestEntity(postContent, contentType, encoding);
} catch (UnsupportedEncodingException e) {
throw new ServletException(e);
}
// Set the proxy request POST data
postMethodProxyRequest.setRequestEntity(entity);
}
/**
* Executes the {#link HttpMethod} passed in and sends the proxy response
* back to the client via the given {#link HttpServletResponse}
* #param httpMethodProxyRequest An object representing the proxy request to be made
* #param httpServletResponse An object by which we can send the proxied
* response back to the client
* #throws IOException Can be thrown by the {#link HttpClient}.executeMethod
* #throws ServletException Can be thrown to indicate that another error has occurred
*/
private void executeProxyRequest(
HttpMethod httpMethodProxyRequest,
HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse)
throws IOException, ServletException {
// Create a default HttpClient
HttpClient httpClient = new HttpClient();
httpMethodProxyRequest.setFollowRedirects(false);
// Execute the request
int intProxyResponseCode = httpClient.executeMethod(httpMethodProxyRequest);
String response = httpMethodProxyRequest.getResponseBodyAsString();
// Check if the proxy response is a redirect
// The following code is adapted from org.tigris.noodle.filters.CheckForRedirect
// Hooray for open source software
if (intProxyResponseCode >= HttpServletResponse.SC_MULTIPLE_CHOICES /* 300 */ && intProxyResponseCode responseHeaders = Arrays.asList(headerArrayResponse);
if (isBodyParameterGzipped(responseHeaders)) {
debug("GZipped: true");
if (!followRedirects && intProxyResponseCode == HttpServletResponse.SC_MOVED_TEMPORARILY) {
response = httpMethodProxyRequest.getResponseHeader(STRING_LOCATION_HEADER).getValue();
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
intProxyResponseCode = HttpServletResponse.SC_OK;
httpServletResponse.setHeader(STRING_LOCATION_HEADER, response);
} else {
response = new String(ungzip(httpMethodProxyRequest.getResponseBody()));
}
httpServletResponse.setContentLength(response.length());
}
// Send the content to the client
debug("Received status code: " + intProxyResponseCode,
"Response: " + response);
httpServletResponse.getWriter().write(response);
}
/**
* The response body will be assumed to be gzipped if the GZIP header has been set.
*
* #param responseHeaders of response headers
* #return true if the body is gzipped
*/
private boolean isBodyParameterGzipped(List responseHeaders) {
for (Header header : responseHeaders) {
if (header.getValue().equals("gzip")) {
return true;
}
}
return false;
}
/**
* A highly performant ungzip implementation. Do not refactor this without taking new timings.
* See ElementTest in ehcache for timings
*
* #param gzipped the gzipped content
* #return an ungzipped byte[]
* #throws java.io.IOException when something bad happens
*/
private byte[] ungzip(final byte[] gzipped) throws IOException {
final GZIPInputStream inputStream = new GZIPInputStream(new ByteArrayInputStream(gzipped));
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(gzipped.length);
final byte[] buffer = new byte[FOUR_KB];
int bytesRead = 0;
while (bytesRead != -1) {
bytesRead = inputStream.read(buffer, 0, FOUR_KB);
if (bytesRead != -1) {
byteArrayOutputStream.write(buffer, 0, bytesRead);
}
}
byte[] ungzipped = byteArrayOutputStream.toByteArray();
inputStream.close();
byteArrayOutputStream.close();
return ungzipped;
}
public String getServletInfo() {
return "GWT Proxy Servlet";
}
/**
* Retrieves all of the headers from the servlet request and sets them on
* the proxy request
*
* #param httpServletRequest The request object representing the client's
* request to the servlet engine
* #param httpMethodProxyRequest The request that we are about to send to
* the proxy host
*/
#SuppressWarnings("unchecked")
private void setProxyRequestHeaders(HttpServletRequest httpServletRequest, HttpMethod httpMethodProxyRequest) {
// Get an Enumeration of all of the header names sent by the client
Enumeration enumerationOfHeaderNames = httpServletRequest.getHeaderNames();
while (enumerationOfHeaderNames.hasMoreElements()) {
String stringHeaderName = (String) enumerationOfHeaderNames.nextElement();
if (stringHeaderName.equalsIgnoreCase(STRING_CONTENT_LENGTH_HEADER_NAME)) {
continue;
}
// As per the Java Servlet API 2.5 documentation:
// Some headers, such as Accept-Language can be sent by clients
// as several headers each with a different value rather than
// sending the header as a comma separated list.
// Thus, we get an Enumeration of the header values sent by the client
Enumeration enumerationOfHeaderValues = httpServletRequest.getHeaders(stringHeaderName);
while (enumerationOfHeaderValues.hasMoreElements()) {
String stringHeaderValue = (String) enumerationOfHeaderValues.nextElement();
// In case the proxy host is running multiple virtual servers,
// rewrite the Host header to ensure that we get content from
// the correct virtual server
if (stringHeaderName.equalsIgnoreCase(STRING_HOST_HEADER_NAME)) {
stringHeaderValue = getProxyHostAndPort();
}
Header header = new Header(stringHeaderName, stringHeaderValue);
// Set the same header on the proxy request
httpMethodProxyRequest.setRequestHeader(header);
}
}
}
/**
* Retrieves all of the cookies from the servlet request and sets them on
* the proxy request
*
* #param httpServletRequest The request object representing the client's
* request to the servlet engine
* #param httpMethodProxyRequest The request that we are about to send to
* the proxy host
*/
#SuppressWarnings("unchecked")
private void setProxyRequestCookies(HttpServletRequest httpServletRequest, HttpMethod httpMethodProxyRequest) {
// Get an array of all of all the cookies sent by the client
Cookie[] cookies = httpServletRequest.getCookies();
if (cookies == null) {
return;
}
for (Cookie cookie : cookies) {
cookie.setDomain(stringProxyHost);
cookie.setPath(httpServletRequest.getServletPath());
httpMethodProxyRequest.setRequestHeader("Cookie", cookie.getName() + "=" + cookie.getValue() + "; Path=" + cookie.getPath());
}
}
// Accessors
private String getProxyURL(HttpServletRequest httpServletRequest) {
// Set the protocol to HTTP
String protocol = (isSecure) ? "https://" : "http://";
String stringProxyURL = protocol + this.getProxyHostAndPort() + "/gui";
// simply use whatever servlet path that was part of the request as opposed to getting a preset/configurable proxy path
if (!removePrefix) {
if (httpServletRequest.getServletPath() != null) {
stringProxyURL += httpServletRequest.getServletPath();
}
}
stringProxyURL += "/";
// Handle the path given to the servlet
String pathInfo = httpServletRequest.getPathInfo();
if (pathInfo != null && pathInfo.startsWith("/")) {
if (stringProxyURL != null && stringProxyURL.endsWith("/")) {
// avoid double '/'
stringProxyURL += pathInfo.substring(1);
}
} else {
stringProxyURL += httpServletRequest.getPathInfo();
}
// Handle the query string
if (httpServletRequest.getQueryString() != null) {
stringProxyURL += "?" + httpServletRequest.getQueryString();
}
stringProxyURL = stringProxyURL.replaceAll("/null", "");
//System.out.println("----stringProxyURL: " + stringProxyURL);
return stringProxyURL;
}
private String getProxyHostAndPort() {
if (this.getProxyPort() == 80) {
return this.getProxyHost();
} else {
return this.getProxyHost() + ":" + this.getProxyPort();
}
}
protected String getProxyHost() {
return this.stringProxyHost;
}
protected void setProxyHost(String stringProxyHostNew) {
this.stringProxyHost = stringProxyHostNew;
}
protected int getProxyPort() {
return this.intProxyPort;
}
protected void setSecure(boolean secure) {
this.isSecure = secure;
}
protected void setFollowRedirects(boolean followRedirects) {
this.followRedirects = followRedirects;
}
protected void setProxyPort(int intProxyPortNew) {
this.intProxyPort = intProxyPortNew;
}
protected String getProxyPath() {
return this.stringProxyPath;
}
protected void setProxyPath(String stringProxyPathNew) {
this.stringProxyPath = stringProxyPathNew;
}
protected void setRemovePrefix(boolean removePrefix) {
this.removePrefix = removePrefix;
}
protected int getMaxFileUploadSize() {
return this.intMaxFileUploadSize;
}
protected void setMaxFileUploadSize(int intMaxFileUploadSizeNew) {
this.intMaxFileUploadSize = intMaxFileUploadSizeNew;
}
private void debug(String ... msg) {
for (String m : msg) {
//System.out.println("[DEBUG] " + m);
}
}
}
You then need to subclass it and provide the port:
package xxx.xxxx.xxxxx;
import javax.servlet.ServletConfig;
public class MyProxyServlet extends ProxyServlet {
public void init(ServletConfig servletConfig) {
//System.out.println("in the init");
setFollowRedirects(true);
setRemovePrefix(false);
//setProxyPath("gui/" + getProxyPath());
setProxyPort(8080);
}
}