What is this response header (x-Application-Context) stands for? is it specific to Spring framework?
what does the below header means?
X-Application-Context airtel-project-service:aws:27094
does it reveals any senstive information like hostname or port number?
Spring Boot ApplicationContextHeaderFilter does add this header.
Class description:
OncePerRequestFilter to add a X-Application-Context header that contains the ApplicationContext ID.
AppliationContext ID is a name for the deployed application that this context belongs to.
You can change the default behavior by setting management.add-application-context-header property to false.
management.add-application-context-header=true # Add the "X-Application-Context" HTTP header in each response.
Spring Boot resolved issue 1308.
Related
I am trying to make Rest Web-service POST method call with custom header . Tried to add the custom header in enrichHeaders still getting HTTP 403 Forbidden response. Could you please help with right code snippet?
.enrichHeaders(h -> h.header("X-API-Key","ABCEDABCED").header(CONTENT_TYPE, APPLICATION_JSON_VALUE).header(APP_NAME, XXX).header(ACCEPT,
APPLICATION_JSON_VALUE))
.handle(Http.outboundGateway(config.getXxxWebServiceUrl()).httpMethod(HttpMethod.POST)
.expectedResponseType(String.class).requestFactory(xxxRequestFactory()),
c -> c.advice(sendToArchive.sendToArhive()))
.log().get();
Error Logs :-
[bean 'xxxDispatcher1.http:outbound-gateway#0' for component 'xxxDispatcher1.org.springframework.integration.config.ConsumerEndpointFactoryBean#2'; defined in: 'class path resource [service/xxxDispatcher.class]'; from source: 'bean method xxxDispatcher1']; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: [{"message":"Forbidden"}]
at
See Header mappings section in the docs: https://docs.spring.io/spring-integration/docs/current/reference/html/http.html#http-header-mapping
By default, all standard HTTP headers are mapped from the message to HTTP request or response headers without further configuration.
So, since you don't provide a mappedRequestHeaders() option for the Http.outboundGateway() therefore your APP_NAME custom header is not mapped and not transferred over the HTTP to the REST service.
My application is supposed to pass through a custom http header, hence I tell the inbound http gateway to map that header as request and response header:
#Bean
public IntegrationFlow myFlow() {
return IntegrationFlows
.from(Http.inboundGateway("/myresource/{transactionId}")
.mappedRequestHeaders("X-My-Header",
HTTP_REQUEST_HEADER_NAME_PATTERN)
.mappedResponseHeaders("X-My-Header",
HTTP_RESPONSE_HEADER_NAME_PATTERN)
...
The header gets passed through alright, but it is converted to lowercase, i.e. I find x-my-header in the response. I know that http headers are case-insensitive, still I would prefer to keep the header in its original form. Is that possible?
According HTTP RFC headers are case-insensitive, therefore the logic in your app has to be changed to ignore case for those names.
Tomcat team suggests to implement a custom Filter to override response headers: https://bz.apache.org/bugzilla/show_bug.cgi?id=58464.
Anyway I would reconsider a client app logic do not deal with case. Nothing to do with Spring Integration though.
I implemented a Rest service that creates an Employee. In the response message I want to dynamically set the HTTP Location header with the newly created Employee resource Uri.
The below code is working fine and I am able to see the value in Location header as expected. However I have the Uri hardcoded in the EmpService and I want it to be dynamic. How do I extract/pass Uri information to the EmpService bean?
Config.xml
<int-http:inbound-gateway
request-channel="httpPostChannel"
reply-channel="responseChannel"
path="/emp"
supported-methods="POST"
message-converters="converters"
request-payload-type="com.samples.jaxb.Employee"/>
<int:service-activator ref="empService" method="post"
input-channel="httpPostChannel" output-channel="responseChannel"/>
EmpService.java
public Message<Employee> post (Message<Employee> msg) {
Employee emp = empDao.createEmployee(msg.getPayload());
return MessageBuilder.withPayload(emp)
.setHeader(org.springframework.http.HttpHeaders.LOCATION, "http://localhost:8080/RestSample/emp/" + emp.getEmpId())
.build();
}
Actually even right now your URI is dynamic:
"http://localhost:8080/RestSample/emp/" + emp.getEmpId()
OTOH you always can inject it via setter or #Value property during application start from some external property.
Or you even can do that extracting some property/header from the incoming Message.
However I guess you would like to know the host and port you are ran on.
The host you can know via InetAddress.getLocalHost().
The port you can extract via an appropriate ServletContainer vendor API, e.g. for Tomcat: Get the server port number from tomcat with out a request.
With Spring Boot you can just use #LocalServerPort:
* Annotation at the field or method/constructor parameter level that injects the HTTP
* port that got allocated at runtime. Provides a convenient alternative for
* <code>#Value("${local.server.port}")</code>.
Although... I guess this one should be enough for:
.setHeader(org.springframework.integration.http.HttpHeaders.REQUEST_URL,
request.getURI().toString())
I mean that your incoming Message after <int-http:inbound-gateway> has header set. In my test case with Spring Boot and random Tomcat port it looks like:
"http_requestUrl" -> "http://localhost:64476/service/?name=foo"
I am trying to get security working with my jersey2 web app.
I register RolesAllowedDynamicFeature and my Request filter with AUTHENTICATION priority in my ResourceConfig
packages("example.jersey");
register(MyRequestFilter.class, Priorities.AUTHENTICATION);
register(RolesAllowedDynamicFeature.class);
I added #RolesAllowed to the method
#RolesAllowed("quinn")
#GET
#Path("/")
public Response getIt(#Context UriInfo uriInfo) {
return Response.ok().entity(service.get()).build();
}
In my request filter I set my security context
SecurityContext securityContext = containerRequestContext.getSecurityContext();
containerRequestContext.setSecurityContext(new MySecurityContext("gary", securityContext));
When I call the method from postman I get a 403 - Forbidden
I added logging to my request filter to see when it is called. It is NOT called.
If I remove the #RolesAllowed from the web method it does call the request filter.
It seems the Priorities.AUTHENTICATION is not making a difference.
Is there anything I'm missing?
Your filter is implemented as a post-matching filter. It means that the filters would be applied only after a suitable resource method has been selected to process the actual request i.e. after request matching happens. Request matching is the process of finding a resource method that should be executed based on the request path and other request parameters.
#RolesAllowed blocks the selection of the particular resource method giving you the 'not executing' behavior you mentioned.
You have two options... using #PreMatching as explained here.
Or, use custom annotations as explained on a similar question.
IOwinContext does not appear to have the HTTP Referrer in it, and I need to grab it. What is the right way to get that particular variable? IOwinContext has several Typed PEMs but I don't see referer in particular.
The system I am working is self-hosted.
Thanks.
The OwinContext doesn't have 'HTTP Referer' as item in Request header. This has been renamed in Owin self host context. It's now known as 'Referer'. So once you have object of owin context you can get the information by using:
context.Request.Headers["Referer"]