Despite searching the plugin docs and general searching, I can't find an answer to this one. The closest I've gotten is the end of this page, which seems to describe setting a Tomcat timeout. There is an entire section of the plugin docs titled "Configuration Settings Now in Config.groovy", is there no way to configure timeout for the plugin without involving the container's settings?
The plugin doesn't have settings for session duration - it just uses whatever is configured for the whole app. You can do this by editing web.xml (run grails install-templates if you haven't yet) and edit src/templates/war/web.xml. Add
<session-config>
<session-timeout>30</session-timeout>
</session-config>
before the welcome-file-list element and set the session-timeout value to whatever number of minutes you want it to be.
Related
Setup:
I am using the Java library springdoc-openapi-ui in version 1.4.0 (via Maven) without any customization in a simple spring-boot project.
The Swagger page is generated under
https://my-url.com/my-context-path/swagger-ui/index.html
and the api-docs under
https://my-url.com/my-context-path/v3/api-docs/
both of these work and I can reach them. So far so good!
Now the problem:
When simply navigating to https://my-url.com/my-context-path/swagger-ui.html I am getting a HTTP Status 302 and a location attribute set in the response header that is supposed to redirect me to the swagger page from above (I assume).
However, the URL in the location attribute misses the context path! It looks like this:
https://my-url.com/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config
It redirects to a page that does not exist and I am getting a 404 error code. Note, that the configUrl also seems to be missing the context-path.
Any ideas why this occurs and how it can be fixed?
This Github Issue seemed to be the same problem, but in the end it is stated that the problem is fixed: https://github.com/springdoc/springdoc-openapi/issues/37 and that is for a previous version than mine.
Okay so the issue is that springdoc-openapi-ui is unaware of your app context path unless it is defined in spring boot, which may not be possible for everybody.
Hopefull it does support the non-standard header X-Forwarded-Prefix that can be sent by your gateway.
I my case (Kubernetes), the Ingress can be configured in your chart by simply adding nginx.ingress.kubernetes.io/x-forwarded-prefix: "true"
And in your application config you also need to specify
server:
forward-headers-strategy: framework
to use Spring's support for handling forwarded headers.
Sources:
https://github.com/kubernetes/ingress-nginx/issues/3670
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#x-forwarded-prefix-header
https://github.com/springdoc/springdoc-openapi/issues/607
There are no know issues about context-path usage. As you can #37 is resolved and that reported it has confirmed that!
Just make sure you follow the instructions of setting context-path on standard spring-boot application.
You can test the configuration of your context path, in the different demos samples:
https://github.com/springdoc/springdoc-openapi-demos
If you have any problem, you can log an issue by provinding a minimal/reproducible sample or with unit tests that reproduces the problem.
In order to configure a swagger-ui correctly when an external context-path is configured use the follow configuration.
springdoc.swagger-ui.config-url=/context-path/api-docs/swagger-config
springdoc.swagger-ui.url=/context-path/api-docs
springdoc.api-docs.path=/api-docs
I'm using Vaadin 7.4.3, tomcat 8. During the wizard to create Vaadin 7 project in eclipse, it has a checkbox called "Generate web.xml deployment descriptor".
The new way is to use annotation instead of specify it in the web.xml. Are there any configurations that I have to use web.xml because there's no annotation for it? Is it a good practice to always generate the web.xml even if you might not use it for Vaadin 7.1 projects and up?
Thanks
Yes, there are for sure some aspects of app that cannot be configured using annotations (i.e. there is no annotation to state that you want to have your session cookies "http-only" ).
I would recommend you to create web.xml file when it is needed. Sooner or later it would probably will be used, but don't worry too much in advance. It is not a dark magic to create web.xml file in existing project :)
My required setup is a (spring-security enabled) webapp that can either be pre-authenticated (using pubcookie) OR have a "dev" mode enabled so I can ignore pubcookie and show a login form. Naturally, dev-mode will be turned-off in production, where the app will sit behind an Apache running mod_pubcookie, but for dev/QA I don't really need the external authentication mechanism.
The login form should appear only if (1) there's no REMOTE_USER request header (meaning we didn't go through pubcookie); AND (2) dev-mode is turned on in a property file.
My question: can this be configured in the spring security XML file, or do I need to take this into the code? (and how do I do that?)
Thanks,
D.
You can write your own custom filter and specify that it in your security context. As it is your custom filter you can get request object as well as configuration from properties file.
if you found REMOTE_USER and dev-mode on then set authentication in security context holder.
for implementing custom filter refer to link
Ok, so what I did was using Spring Profiles to create two separate profiles for "dev" and "prod", where I used different http and authentication-manager elements.
This blog entry from springsource helped a lot:
http://blog.springsource.com/2011/02/11/spring-framework-3-1-m1-released/
Just pay attention to where he says you can declare a profile in the dispatcher servlet's init-param element - that didn't work for me, so I used the global context-param in web.xml to declare my profile:
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>dev</param-value>
</context-param>
D.
I know that I can set the session timeout in web.xml in the <session-config> section. What I need now is to change this setting dynamically during runtime, i.e. call a method that overrides the web.xml setting if needed.
Any ideas? I found nothing so far.
Found it! As described in JBoss Session Timeout one can use HttpSession.setMaxInactiveInterval(int seconds).
in a struts application, I have a filter that forces certain pages to be accessed only over https via redirection. I'm thinking in porting it to grails so my question is: In the this environment, is there a "grails" way to implement such filter or is it similar/the same as I did ? Thanks
The Spring Security core plugin has support for this. See section 17 - "Channel security"