I'd like to create URLs based on the URL used by the client for the active request. Is there anything smarter than taking the current HttpServletRequest object and it's getParameter...() methods to rebuilt the complete URL including (and only) it's GET parameters.
Clarification: If possible I want to resign from using a HttpServletRequest object.
Well there are two methods to access this data easier, but the interface doesn't offer the possibility to get the whole URL with one call. You have to build it manually:
public static String makeUrl(HttpServletRequest request)
{
return request.getRequestURL().toString() + "?" + request.getQueryString();
}
I don't know about a way to do this with any Spring MVC facilities.
If you want to access the current Request without passing it everywhere you will have to add a listener in the web.xml:
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
And then use this to get the request bound to the current Thread:
((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest()
Instead of using RequestContextHolder directly, you can also use ServletUriComponentsBuilder and its static methods:
ServletUriComponentsBuilder.fromCurrentContextPath()
ServletUriComponentsBuilder.fromCurrentServletMapping()
ServletUriComponentsBuilder.fromCurrentRequestUri()
ServletUriComponentsBuilder.fromCurrentRequest()
They use RequestContextHolder under the hood, but provide additional flexibility to build new URLs using the capabilities of UriComponentsBuilder.
Example:
ServletUriComponentsBuilder builder = ServletUriComponentsBuilder.fromCurrentRequestUri();
builder.scheme("https");
builder.replaceQueryParam("someBoolean", false);
URI newUri = builder.build().toUri();
Java's URI Class can help you out of this:
public static String getCurrentUrl(HttpServletRequest request){
URL url = new URL(request.getRequestURL().toString());
String host = url.getHost();
String userInfo = url.getUserInfo();
String scheme = url.getProtocol();
String port = url.getPort();
String path = request.getAttribute("javax.servlet.forward.request_uri");
String query = request.getAttribute("javax.servlet.forward.query_string");
URI uri = new URI(scheme,userInfo,host,port,path,query,null)
return uri.toString();
}
in jsp file:
request.getAttribute("javax.servlet.forward.request_uri")
You can also add a UriComponentsBuilder to the method signature of your controller method. Spring will inject an instance of the builder created from the current request.
#GetMapping
public ResponseEntity<MyResponse> doSomething(UriComponentsBuilder uriComponentsBuilder) {
URI someNewUriBasedOnCurrentRequest = uriComponentsBuilder
.replacePath(null)
.replaceQuery(null)
.pathSegment("some", "new", "path")
.build().toUri();
//...
}
Using the builder you can directly start creating URIs based on the current request e.g. modify path segments.
See also UriComponentsBuilderMethodArgumentResolver
If you need the URL till hostname and not the path use Apache's Common Lib StringUtil, and from URL extract the substring till third indexOf /.
public static String getURL(HttpServletRequest request){
String fullURL = request.getRequestURL().toString();
return fullURL.substring(0,StringUtils.ordinalIndexOf(fullURL, "/", 3));
}
Example: If fullURL is https://example.com/path/after/url/ then
Output will be https://example.com
System.out.println(((HttpServletRequest)request).getRequestURI());
I used it. hope it's useful.
Related
Is there a way do not enter a specifc url mapping (vaadin.urlMapping)? But I also want to still use swagger for example (ip:8080/swagger-ui/index.html)? It would be great to exclude some mappings from vaadin.
Thanks for your help!
Best Regards, Thomas
Put the URL/Part of URL/IP in the properties file.
Put the URL/Part of URL/IP in the web.xml file.
In some cases you want the remote URL to be different than the local URL (or remote SSL URL to be different than the local URL).
In that case, I placed both IP and domain on to web.xml in two different contexts.
final String serverUrl = new URL("" + ((VaadinServletRequest)VaadinService.getCurrentRequest())
.getHttpServletRequest().getRequestURL()).getAuthority();
final String serverProtocol =
((VaadinServletRequest)VaadinService.getCurrentRequest()).getHttpServletRequest().getProtocol();
final boolean serverSecure =
((VaadinServletRequest)VaadinService.getCurrentRequest()).getHttpServletRequest().isSecure();
if(!serverSecure){
UI.getCurrent().getSession().setAttribute(
ResourceProperty.configBundle.getString("APPLICATION_URL"),
"http:" + serverUrl);}
else{
UI.getCurrent().getSession().setAttribute(
ResourceProperty.configBundle.getString("APPLICATION_URL"),
"https:" + serverUrl);}
I want to extract the requested URL in rest assured, I tried with given().log().all()
which is logging everything, I just want to extract only my Request URI.
given().log().uri() would print the request uri in consloe
"QueryableRequestSpecification" is an interface in Rest-Assured, which provides methods like: getBaseUri(), getBasePath(), getBody(), getHeaders() etc.
In order to provide reference to above interface you need to use: SpecificationQuerier.query() method.
Note: You might need to do some changes in your existing code. Because you need to store all the given parameters in the reference of RequestSpecification and then it's reference needs to be used to call get/post/put/delete methods.
Refer below code: (You need to provide valid baseUri and basePath)
RequestSpecification requestSpec= RestAssured.given().baseUri("Some Base URI").basePath("/SomeBasePath");
requestSpec.get();
QueryableRequestSpecification queryRequest = SpecificationQuerier.query(requestSpec);
String retrieveURI = queryRequest.getBaseUri();
System.out.println("Base URI is : "+retrieveURI);
String retrievePath = queryRequest.getBasePath();
System.out.println("Base PATH is : "+retrievePath);
If like me you have a basePath with pathParameters, using queryRequest.getBasePath() will only return the value you built the path with:
example
RequestSpecification requestSpec= RestAssured.given().baseUri("http://example.com").basePath("/{someid}/info");
requestSpec.get();
QueryableRequestSpecification queryRequest = SpecificationQuerier.query(requestSpec);
String retrievePath = queryRequest.getBasePath();
System.out.println("Base PATH is : "+retrievePath);
will return Base PATH is : /{someid}/info
if you need the full url with resolved basePath, use getURI() instead
String retrievePath = queryRequest.getURI();
System.out.println("Full PATH is : "+retrievePath);
will return Full PATH is : http://example.com/1234/info
your IDE might show the method in red like mine did (intelliJ) not sure why,
but here is the reference for the method : https://javadoc.io/doc/io.rest-assured/rest-assured/3.1.1/io/restassured/specification/QueryableRequestSpecification.html#getURI--
I am developing a rest application.
Some endpoints require a custom header parameter, not related to authorisation. I created a custom annotation using jax-rs NameBinding. Here is an usage example:
#GET
#RequiresBankHeader
public int get(
#HeaderParam("bank")
#Parameter(ref = "#/components/parameters/banks")
String bank) {
return someService.getSomeInformation();
}
There is a provider that intercepts this call and do some routine using the information in the header parameter.
The problem is that I have to repeat '#HeaderParam("bank") #Parameter(ref = "#/components/parameters/banks") String bank' everywhere, just so it appears in Swagger, even though the service classes do not need it. I was able to at least reuse the parameter definition with ref = "#/components/parameters/banks", and declaring it in the OpenAPI.yml file, that Quarkus merges with generated code very nicely.
But I also want to create and interceptor to dynamically add this do the OpenApi definition whenever RequiresBankHeader annotation is present.
Is there a way to do it?
I dont think you can use interceptors to modify the generated Openapi schema output.
If all methods on a given endpoint require some parameter, you can specify it on class level like so:
#Path("/someendpoint")
public class MyEndpoint {
#HeaderParam("bank")
#Parameter(name = "bank")
String bank;
#GET
public Response getAll() {return Response.ok().build()}
#GET
#Path("{id}")
public Response someMethod(#PathParam("id") String id) {return Response.ok().build();}
}
As mentioned by Roberto Cortez, the MP OpenAPI spec provides a programmatic way to contribute metadata to the openapi.yml file.
It is not possible to detect an annotation in the JAX-RS endpoint definition, but it was good enough to automate what I needed. Since all methods that had the RequiresBankHeader return the same Schema, I was able to hack it like this:
public class OpenApiConfigurator implements OASFilter {
#Override
public Operation filterOperation(Operation operation) {
operation.getResponses().getAPIResponses().values().stream().
map(APIResponse::getContent).
filter(Objects::nonNull).
map(Content::getMediaTypes).
flatMap(mediaTypes -> mediaTypes.values().stream()).
map(MediaType::getSchema).
filter(Objects::nonNull).
map(Schema::getRef).
filter(Objects::nonNull).
filter(ref -> ref.contains("the common response schema")).
findAny().
ifPresent(schema -> {
ParameterImpl parameter = new ParameterImpl();
parameter.setRef("#/components/parameters/banks");
operation.addParameter(parameter);
});
return operation;
}
OpenApiConfigurator should be configure in the application properties, using mp.openapi.filter=com.yourcompany.OpenApiConfigurator
The former HtmlHelper.AntiForgeryToken method which allows one to override the string path is deprecated.
[ObsoleteAttribute("This method is deprecated. Use the AntiForgeryToken() method instead. To specify a custom domain for the generated cookie, use the <httpCookies> configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.",
true)]
public MvcHtmlString AntiForgeryToken(
string salt,
string domain,
string path
)
Tells you to use <httpCookies>. BUT httpCookies Element does not have a setting for PATH.
Is this an oversight in the deprecation of this method? What is the best way to overwrite this cookie path? (manually?) Running website in a virtual application is not implicitly adding the application path to the __RequestVeririfcation cookie.
Looking at the deprecation message:
"This method is deprecated. Use the AntiForgeryToken() method instead. To specify a custom domain for the generated cookie, use the configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property."
It tells us we can validate additional parameters whenever the forgery token is read back. So even if we can't set the path in the cookie, we can set the path as a property inside the token. To validate it later on, for example:
public class AdditionalDataProvider : IAntiForgeryAdditionalDataProvider
{
public string GetAdditionalData(HttpContextBase context)
{
return AdditionalData(context);
}
public bool ValidateAdditionalData(HttpContextBase context, string additionalData)
{
var currentData = AdditionalData(context);
return currentData == additionalData;
}
private static string AdditionalData(HttpContextBase context)
{
var path = context.Request.ApplicationPath;
return path;
}
}
When asp.net generates the token it will store the current path (or any other unique value you want to validate) for that app and
if you have another app running on a different path, when the token gets sent to that app (due to the lack of cookie path) it will validate the previous app properties against that app's properties. If it is a different set of properties it will fail and deny the request.
Additionally, looking at the code for the AntiforgeryConfig.cs, if the app is running in a virtual directory, it will add that virtual directory in the cookie's name by default:
private static string GetAntiForgeryCookieName()
{
return GetAntiForgeryCookieName(HttpRuntime.AppDomainAppVirtualPath);
}
// If the app path is provided, we're generating a cookie name rather than a field name, and the cookie names should
// be unique so that a development server cookie and an IIS cookie - both running on localhost - don't stomp on
// each other.
internal static string GetAntiForgeryCookieName(string appPath)
{
if (String.IsNullOrEmpty(appPath) || appPath == "/")
{
return AntiForgeryTokenFieldName;
}
else
{
return AntiForgeryTokenFieldName + "_" + HttpServerUtility.UrlTokenEncode(Encoding.UTF8.GetBytes(appPath));
}
}
So it will be like this:
_RequestVerificationToken vs
_RequestVerificationToken_L2RIdjAz0
Meaning App2 although can receive tokens from App1, it won't be able to read them since it will be looking always for App2 verification token only.
HTH
For ASP.NET Core - See: AntiforgeryOptions Class
Cookie - Determines the settings used to create the antiforgery
cookies.
Ex (adapted from Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core):
services.AddAntiforgery(options =>
{
options.Cookie.Path = "Path";
});
The best aproach to overwrite AntiForgeryToken's cookie configuration (Path, HttpOnly,...) is with encapsulation (Microsoft team post).
It is possible to configure the cookie path instead of setting it on the properties.
public static class AntiForgeryTokenExtensions
{
///<summary>
///Generates a hidden form field (anti-forgery token) that is
///validated when the form is submitted. Furthermore, this extension
///applies custom settings on the generated cookie.
///</summary>
///<returns>Generated form field (anti-forgery token).</returns>
public static MvcHtmlString AntiForgeryTokenExtension(this HtmlHelper html)
{
// Call base AntiForgeryToken and save its output to return later.
var output = html.AntiForgeryToken();
// Check that cookie exists
if(HttpContext.Current.Response.Cookies.AllKeys.Contains(AntiForgeryConfig.CookieName))
{
// Set cookie into the variable
var antiForgeryTokenCookie = HttpContext.Current.Response.Cookies.Get(AntiForgeryConfig.CookieName);
// Set cookie configuration
antiForgeryTokenCookie.Path = "/Path";
// antiForgeryTokenCookie.HttpOnly = true;
// ...
}
return output;
}
}
There is a last change that must be done and it is replace AntiForgeryToken() for AntiForgeryTokenExtension() if it is an existing project.
NOTES
With this code you can configure AntiForgeryToken cookie as a normal cookie.
It is also possible to add input parameters to this method, but I am not sure it would be a good practice.
There are different ways to get the cookies but I think that through Response.Cookies is the "most correct", since it is a response cookie.
IMPORTANT
It is needed to check if cookie exist first before trying to get it. If you try to get a Response cookie which doesn't exist, it will be generated. It doesn't happen with Request cookies.
COOKIE KNOWLEDGE
It is not the question itself but explains part of the code and it is quite important to know when we are working with cookies, so I consider it is good to have this information here too.
All Response.Cookies are in Request.Cookies, but not all Request.Cookies are in Response.Cookies.
If you create a Response.Cookie it will appear also in Request.Cookies.
If you create a Request.Cookie it will NOT appear in Response.Cookies.
If you try to get a non-existent cookie from Request.Cookies it will return a null.
If you try to get a non-existent cookie Response.Cookies it will return a new generated cookie.
SOURCES
There is the link where the developers tell to use encapsulation and many other things that could be useful.
Microsoft developers recommendations and information
Source to knowledge of cookies, Request.Cookies and Response.Cookies differences.
Difference between request cookies and response cookies
Difference between request cookies and response cookies 2
Check if cookie exist and difference between kind of cookies
I am referring to a url which has paramID from my portlet. The content of that paramID is handled in different portlet and it has its own controller.
That controller is taking HttpServletRequest to read that param.
HttpServletRequest request = PortalUtil.getOriginalServletRequest(PortalUtil.getHttpServletRequest(renderRequest));
String paramID= request.getParameter("paramID");`
My param is in the url http://mysite.com?paramID=123
Will the HttpServletRequest read this param when I am calling using renderURL
<liferay-portlet:renderURL var="xyz" portletName="ABC" windowState="Normal"/>
...
Click here
Some information about render URL and such is under this question on its community wiki answer.
Also in some tutorial that is not on web I have read this kind of parameter passing is easiest done via session. Session is common for porlet and servlet so you don't have to think where the which parameter is visible and where not.
I did it with providing the param value while I invoked the renderURL
<liferay-portlet:renderURL var="xyz" portletName="ABC" windowState="Normal"/>
</liferay-portlet:renderURL>
.....
<JAVASCRIPT>
var URL = NULL;
function(called){
URL = "${xyz}¶mID=123" //and this was read as servlet param
}
</JAVASCRIPT>