My API uses Jersey 2, and now I want to support internationalization. I understand my client should specify the Accept-Language parameter, but I want to understand how to handle it properly.
Let's assume that my API should handle only FRENCH and ENGLISH languages. I know I can retrieve the preferred locale with the following code:
#GET
#Path("a-path")
public Response doSomething(#Context HttpServletRequest request) {
Locale locale = request.getLocale();
// ...
}
The problem is when the preferred locale isn't supported by my API. Let's say that my client send me Accept-Language: da, en-gb;q=0.8, en;q=0.7, according to w3c, it basically means: "I prefer Danish, but will accept British English and other types of English.". Since the preferred locale only return the most expected locale, is there a way to select the first supported language by my API? I would like to handle it in one place (i.e. in Filters) and not in every resources.
One to get the locales is to use HttpHeaders#getAcceptableLanguages().
Get a list of languages that are acceptable for the response.
If no acceptable languages are specified, a read-only list containing a single wildcard Locale instance (with language field set to "*") is returned.
Returns:
a read-only list of acceptable languages sorted according to their q-value, with highest preference first.
You can inject HttpHeaders pretty much anywhere, using #Context
public Response doSomething(#Context HttpHeaders headers) {
List<Locale> langs = headers.getAcceptableLanguages();
If you wanted to get the list in a filter, you can also get the list list of locales from the ContainerRequestContext
#Override
public void filter(ContainerRequestContext requestContext) throw .. {
List<Locales> langs = requestContext.getAcceptableLanguages();
}
If you wanted to use the Locale in the resource method, but didn't want to do all the locale "resolving" in the method, you can use some dependency injection, and create a Factory, where you can inject he HttpHeaders and resolve the locale there
See Also: Dependency injection with Jersey 2.0
Below is a complete test case example using a combination of last two points I mentioned about using a filter and dependency injection along a Factory, so that you can just inject the resolved Locale into the resource method. The example uses a dummy locale resolver that only allows english. After we resolve the locale, we set it into a request context property, and retrieve from inside the Factory so that we can inject it into the resource method
#GET
public String get(#Context Locale locale) {
return locale.toString();
}
See Also: How to inject an object into jersey request context?
Let me know if there is anything else you would like me to explain about the example
import java.io.IOException;
import java.util.List;
import java.util.Locale;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.glassfish.hk2.api.Factory;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.glassfish.jersey.filter.LoggingFilter;
import org.glassfish.jersey.process.internal.RequestScoped;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.junit.Test;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
/**
* Stack Overflow question https://stackoverflow.com/q/36871274/2587435
*
* Run this like any other JUnit test. Only one required test dependency:
*
* <dependency>
* <groupId>org.glassfish.jersey.test-framework.providers</groupId>
* <artifactId>jersey-test-framework-provider-inmemory</artifactId>
* <version>${jersey2.version}</version>
* </dependency>
*
* #author Paul Samsotha
*/
public class AcceptLanguageTest extends JerseyTest {
#Path("language")
public static class TestResource {
#GET
public String get(#Context Locale locale) {
return locale.toString();
}
}
public static interface LocaleResolver {
Locale resolveLocale(List<Locale> locales);
}
// Note: if you look in the javadoc for getAcceptableLanguages()
// you will notice that it says if there is not acceptable language
// specified, that there is a default single wildcard (*) locale.
// So this implementation sucks, as it doesn't check for that.
// You will want to make sure to do so!
public static class DefaultLocaleResolver implements LocaleResolver {
#Override
public Locale resolveLocale(List<Locale> locales) {
if (locales.contains(Locale.ENGLISH)) {
return Locale.ENGLISH;
}
return null;
}
}
#Provider
#PreMatching
public static class LocaleResolverFilter implements ContainerRequestFilter {
static final String LOCALE_PROPERTY = "LocaleResolverFilter.localProperty";
#Inject
private LocaleResolver localeResolver;
#Override
public void filter(ContainerRequestContext context) throws IOException {
List<Locale> locales = context.getAcceptableLanguages();
Locale locale = localeResolver.resolveLocale(locales);
if (locale == null) {
context.abortWith(Response.status(Response.Status.NOT_ACCEPTABLE).build());
return;
}
context.setProperty(LOCALE_PROPERTY, locale);
}
}
public static class LocaleFactory implements Factory<Locale> {
#Context
private ContainerRequestContext context;
#Override
public Locale provide() {
return (Locale) context.getProperty(LocaleResolverFilter.LOCALE_PROPERTY);
}
#Override
public void dispose(Locale l) {}
}
#Override
public ResourceConfig configure() {
return new ResourceConfig(TestResource.class)
.register(LocaleResolverFilter.class)
.register(new AbstractBinder() {
#Override
protected void configure() {
bindFactory(LocaleFactory.class)
.to(Locale.class).in(RequestScoped.class);
bind(DefaultLocaleResolver.class)
.to(LocaleResolver.class).in(Singleton.class);
}
})
.register(new LoggingFilter(Logger.getAnonymousLogger(), true));
}
#Test
public void shouldReturnEnglish() {
final String accept = "da, en-gb;q=0.8, en;q=0.7";
final Response response = target("language").request()
.acceptLanguage(accept)
.get();
assertThat(response.readEntity(String.class), is("en"));
}
#Test
public void shouldReturnNotAcceptable() {
final String accept = "da";
final Response response = target("language").request()
.acceptLanguage(accept)
.get();
assertThat(response.getStatus(), is(Response.Status.NOT_ACCEPTABLE.getStatusCode()));
}
}
The JAX-RS API allows you to select a Locale with the Request.selectVariant(List) method.
Try the following code in either the REST handler or a CDI bean :
import javax.ws.rs.core.Variant;
import javax.ws.rs.core.Request;
#Context
private Request req;
private Locale getResponseLocale(boolean throwIfNoneMatch) throws NotAcceptableException{
// Put your supported languages here
List<Variant> langVariants = Variant.languages(
new Locale("da"),
new Locale("en-gb"),
Locale.getDefault()).build();
Locale locale = Locale.getDefault();
Variant selectVariant = this.req.selectVariant(langVariants);
if (selectVariant != null) {
locale = selectVariant.getLanguage();
} else if (throwIfNoneMatch) {
throw new NotAcceptableException(Response.notAcceptable(langVariants).build());
}
return locale;
}
See also The Java EE Tutorial : Runtime Content Negotiation.
Related
I have really poor experience with ribbon/eureka so forgive me if this is a stupid question:
I have two different microservice both connected to a discovery server, the first one calls the second using a custom annotation that sends a request using rest template.
Custom annotation name is PreHasAuthority
Controller :
#PreHasAuthority(value="[0].getProject()+'.requirements.update'")
#PostMapping(CREATE_UPDATE_REQUIREMENT)
public ResponseEntity<?> createUpdateRequirement(#Valid #RequestBody RequirementDTO requirementDTO
, HttpServletRequest request, HttpServletResponse response) {
return requirementService.createUpdateRequirement(requirementDTO, request, response);
}
Annotation interface :
import java.lang.annotation.*;
#Target(ElementType.METHOD)
#Retention(RetentionPolicy.RUNTIME)
public #interface PreHasAuthority {
String value();
}
Annotation implementation:
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.stereotype.Component;
import netcomgroup.eu.service.AuthenticationService;
#Aspect
#Component
public class PreHasAuthorityServiceAspect {
#Autowired
private AuthenticationService authenticationService;
#Around(value = "#annotation(PreHasAuthority)")
public void around(ProceedingJoinPoint joinPoint) throws Throwable {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
PreHasAuthority preHasAuthority = method.getAnnotation(PreHasAuthority.class);
Object[] args = joinPoint.getArgs();
String permission = preHasAuthority.value();
ExpressionParser elParser = new SpelExpressionParser();
Expression expression = elParser.parseExpression(permission);
String per = (String) expression.getValue(args);
String token =null;
for(Object o : args) {
if(o instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest)o;
token=request.getHeader("X-Auth");
break;
}
}
if(token==null) {
throw new IllegalArgumentException("Token not found");
}
boolean hasPerm = authenticationService.checkPermission(per,token);
if(!hasPerm)
throw new Exception("Not Authorized");
}
}
My Ribbon configuration
import com.netflix.client.config.IClientConfig;
import com.netflix.loadbalancer.IRule;
import com.netflix.loadbalancer.RoundRobinRule;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
public class RibbonConfiguration {
#Autowired
IClientConfig config;
#Bean
public IRule ribbonRule(IClientConfig config) {
return new RoundRobinRule();
}
}
Eureka config in application properties
#Eureka config
eureka.client.serviceUrl.defaultZone= http://${registry.host:localhost}:${registry.port:8761}/eureka/
eureka.client.healthcheck.enabled= true
eureka.instance.leaseRenewalIntervalInSeconds= 10
eureka.instance.leaseExpirationDurationInSeconds= 10
by calling the api from postman request is sendend correctly to the second microservice and i'm certain the return is "true".
After that the request stops before entering the createUpdateRequirement method and returns '1' as postman body response. No error of sort is provided.
My guess is that the problem resides within the custom annotation, cause when i remove the annotation the api call works perfectly, but i cannot understand the problem as it seems all setted up correctly to me.
Your #Around advice never calls joinPoint.proceed(). Hence, the intercepted target method will never be executed.
The second problem is that your advice method returns void, i.e. it will never match any method returning another type such as the ResponseEntity<?> createUpdateRequirement(..) method.
Besides, around is a reserved keyword in native AspectJ syntax. Even though it might work in annotation-driven syntax, you ought to rename your advice method to something else like aroundAdvice or interceptPreHasAuthority - whatever.
Please do read an AspectJ or Spring AOP tutorial, especially the Spring manual's AOP chapter. 😉
This is my current dummy POST login function. I want to read the request headers inside public Response loginPost(). Is it possible? I tried for example changing the function arguments but I always get io.swagger.api.impl.LoginApiServiceImpl is not abstract and does not override abstract method loginPost(io.swagger.model.LoginPostRequestBody,javax.ws.rs.core.SecurityContext) in io.swagger.api.LoginApiService
package io.swagger.api.impl;
import io.swagger.api.*;
import io.swagger.model.*;
import io.swagger.model.LoginPost200Response;
import io.swagger.model.LoginPostRequestBody;
import java.util.Map;
import java.util.List;
import io.swagger.api.NotFoundException;
import java.io.InputStream;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.validation.constraints.*;
#javax.annotation.Generated(value = "io.swagger.codegen.v3.generators.java.JavaJerseyServerCodegen", date = "2020-01-21T12:31:41.554Z[GMT]")public class LoginApiServiceImpl extends LoginApiService {
#Override
public Response loginPost(LoginPostRequestBody body, SecurityContext securityContext) throws NotFoundException {
// do some magic!
}
}
The http headers cannot be accessed by this auto-generated class. Instead one has to go to src/gen/java/io/swagger/api/myApi.java and do the following
import javax.ws.rs.core.HttpHeaders;
edit the response function at the last part of the file so that it
also takes this argument #Context HttpHeaders requestHeaders
change the exception code at the end, the function there also
needs to take the above argument (without #Context in this case)
Then update the myApiService.java file in the same folder and of course the myApiServiceImpl.java file in src/main/java/io/swagger/api/impl/ so that they both import and take as argument the javax.ws.rs.core.HttpHeaders. Do not use #Context in these latter cases either.
The general idea is to first change the myApi.java file so that it passes request headers and then update all the files that use the request function (if you can't figure them all out, compiler errors will guide you)
The solution by Tasos is correct. However, modifying generated code is not my cup of tea. Therefore I would suggest modifying the Mustache templates:
API template and API service template (and the 'Impl' template, which is should follow suit).
I would suggest replacing SecurityContext securityContext in the service with a new container object storing all #Context objects that are needed.
E.g.:
// ... snippet from apiService.mustache ...
public abstract class {{classname}}Service {
public static class Context {
private final UriInfo uriInfo;
private final SecurityContext securityContext;
public Context(HttpHeaders httpHeaders, SecurityContext securityContext) {
this.httpHeaders = httpHeaders;
this.securityContext = securityContext;
}
// ... getters
}
{{#operation}}
public abstract Response {{nickname}}({{#allParams}}{{>serviceQueryParams}}{{>servicePathParams}}{{>serviceHeaderParams}}{{>serviceBodyParams}}{{>serviceFormParams}},{{/allParams}}Context context) throws NotFoundException;
{{/operation}}
}
{{/operations}}
The api.mustache file can be modified accordingly to fill the Context before calling the delegate method.
public Response {{nickname}}({{#allParams}}{{>queryParams}}{{>pathParams}}{{>headerParams}}{{>bodyParams}}{{>formParams}},{{/allParams}}#Context SecurityContext securityContext,
#Context HttpHeaders httpHeaders) throws NotFoundException {
var context = new {{classname}}Service.Context(httpHeaders, securityContext);
return delegate.{{nickname}}({{#allParams}}{{#isFormParam}}{{#isFile}}{{paramName}}Bodypart{{/isFile}}{{/isFormParam}}{{^isFile}}{{paramName}}{{/isFile}}{{^isFormParam}}{{#isFile}}{{paramName}}{{/isFile}}{{/isFormParam}}, {{/allParams}}context);
}
The approach above allows the implementations that use the generated code to be consistent and require no modification after code generation.
I have the following SecurityScheme definition using springdoc-openapi for java SpringBoot RESTful app:
#Bean
public OpenAPI customOpenAPI() {
return new OpenAPI()
.components(new Components().addSecuritySchemes("bearer-jwt",
new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")
.in(SecurityScheme.In.HEADER).name("Authorization")))
.info(new Info().title("App API").version("snapshot"));
}
Is it possible to apply it globally to all paths, without having to go and add #SecurityRequirement annotations to #Operation annotation everywhere in the code?
If it is, how to add exclusions to unsecured paths?
Yes, you can do it in the same place calling addSecurityItem:
#Bean
public OpenAPI customOpenAPI() {
return new OpenAPI()
.components(new Components().addSecuritySchemes("bearer-jwt",
new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")
.in(SecurityScheme.In.HEADER).name("Authorization")))
.info(new Info().title("App API").version("snapshot"))
.addSecurityItem(
new SecurityRequirement().addList("bearer-jwt", Arrays.asList("read", "write")));
}
Global security schema can be overridden by a different one with the #SecurityRequirements annotation. Including removing security schemas for an operation. For example, we can remove security for registration path.
#SecurityRequirements
#PostMapping("/registration")
public ResponseEntity post(#RequestBody #Valid Registration: registration) {
return registrationService.register(registration);
}
While still keeping security schemas for other APIs.
Old answer (Dec 20 '19):
Global security schema can be overridden by a different one with the #SecurityRequirements annotation. but it cannot be removed for unsecured paths. It is acctualy missing fueature in the springdoc-openapi, OpenAPI standard allows it. See disable global security for particular operation
There is a workaround though. The springdoc-openapi has a concept of an OpenApiCustomiser which can be used to intercept generated schema. Inside the customizer, an operation can be modified programmatically. To remove any inherited security, the field security needs to be set to an empty array. The logic may be based on any arbitrary rules e.g operation name. I used tags.
The customizer:
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import org.springdoc.api.OpenApiCustomiser;
import org.springframework.stereotype.Component;
import javax.validation.constraints.NotNull;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
#Component
public class SecurityOverrideCustomizer implements OpenApiCustomiser {
public static final String UNSECURED = "security.open";
private static final List<Function<PathItem, Operation>> OPERATION_GETTERS = Arrays.asList(
PathItem::getGet, PathItem::getPost, PathItem::getDelete, PathItem::getHead,
PathItem::getOptions, PathItem::getPatch, PathItem::getPut);
#Override
public void customise(OpenAPI openApi) {
openApi.getPaths().forEach((path, item) -> getOperations(item).forEach(operation -> {
List<String> tags = operation.getTags();
if (tags != null && tags.contains(UNSECURED)) {
operation.setSecurity(Collections.emptyList());
operation.setTags(filterTags(tags));
}
}));
}
private static Stream<Operation> getOperations(PathItem pathItem) {
return OPERATION_GETTERS.stream()
.map(getter -> getter.apply(pathItem))
.filter(Objects::nonNull);
}
private static List<String> filterTags(List<String> tags) {
return tags.stream()
.filter(t -> !t.equals(UNSECURED))
.collect(Collectors.toList());
}
}
Now we can add #Tag(name = SecurityOverrideCustomizer.UNSECURED) to unsecured methods:
#Tag(name = SecurityOverrideCustomizer.UNSECURED)
#GetMapping("/open")
#ResponseBody
public String open() {
return "It works!";
}
Please bear in mind that it is just a workaround. Hopefully, the issue will be resolved in the next springdoc-openapi versions (at the time of writing it the current version is 1.2.18).
For a working example see springdoc-security-override-fix
Tested with v1.2.29 of springdoc-openapi: Its possible to disable security for particular Endpoint using: #SecurityRequirements
#GetMapping("/open")
#ResponseBody
#SecurityRequirements
public String open() {
return "It works!";
}
For older versions, for example tested with v1.2.28 using OperationCustomizer:
public static final String UNSECURED = "security.open";
#Bean
public OperationCustomizer customize() {
return (Operation operation, HandlerMethod handlerMethod) -> {
List<String> tags = operation.getTags();
if (tags != null && tags.contains(UNSECURED)) {
operation.setSecurity(Collections.emptyList());
operation.setTags(tags.stream()
.filter(t -> !t.equals(UNSECURED))
.collect(Collectors.toList()));
}
return operation;
};
}
According to Documentation of springdoc, for new versions you can do this
Add the #SecurityRequirement for the protected route like
#PostMapping(value = "/example")
#SecurityRequirement(name = "bearer-key")
public ResponseEntity<Object> exampleHandler() {
/// logic here
}
and then in your Security config class add
#Bean
public OpenAPI customOpenAPI() {
return new OpenAPI()
.components(new Components()
.addSecuritySchemes("bearer-key",
new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")));
}
Here is the link to the docs
I am using JAX-RS and it has default implementations for #OPTIONS and #HEAD methods, but I would like to provide a different functionality.
What I have done currently is this:
#GET
#Path("path/to/resource")
#Produces(MediaType.APPLICATION_JSON)
public Response resourceCall(){
// Normal method implementation
}
#OPTIONS
#Path("path/to/resource")
#Produces(MediaType.APPLICATION_JSON)
public Response resourceCall(){
Response.status(Response.Status.METHOD_NOT_ALLOWED).build();
}
So basically I create a new call to each one of my resources. But I would like to have a catch-all method here that would treat all my calls to #OPTION or to #HEAD.
How do I implement such functionality?
EDIT
Just for clarity. I know how to do this using a Servlet Filter but I am wondering if JAX-RS has a similar feature built-in for th is specific case.
Since you are using Jersey, Jersey has a feature that allows you to programmatically add and modify resources. So you could add OPTIONS and HEAD methods to all your resources, without having to touch your resource classes. Below is an example that does nothing but send a 405 with a No <Method> message. Probably not what you want, but you should be able to figure out what you need to modify to get what you want.
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.glassfish.jersey.process.Inflector;
import org.glassfish.jersey.server.model.ModelProcessor;
import org.glassfish.jersey.server.model.Resource;
import org.glassfish.jersey.server.model.ResourceModel;
#Provider
public class HeadAndOptionsModelProcessor implements ModelProcessor {
#Override
public ResourceModel processResourceModel(ResourceModel resourceModel,
Configuration configuration) {
ResourceModel.Builder resourceModelBuilder = new ResourceModel.Builder(false);
for (Resource rootResource: resourceModel.getResources()) {
final Resource.Builder rootResourceBuilder = Resource.builder(rootResource);
addOptions(rootResourceBuilder);
addHead(rootResourceBuilder);
for (Resource childResource: rootResource.getChildResources()) {
final Resource.Builder childResourceBuilder = Resource.builder(childResource);
addOptions(childResourceBuilder);
addHead(childResourceBuilder);
rootResourceBuilder.addChildResource(childResourceBuilder.build());
}
resourceModelBuilder.addResource(rootResourceBuilder.build());
}
return resourceModelBuilder.build();
}
#Override
public ResourceModel processSubResource(ResourceModel subResourceModel,
Configuration configuration) {
return subResourceModel;
}
private void addOptions(Resource.Builder resourceBuilder) {
resourceBuilder.addMethod("OPTIONS")
.handledBy(new Inflector<ContainerRequestContext, Response>() {
#Override
public Response apply(ContainerRequestContext context) {
return getOptionsResponse(context);
}
}).produces(MediaType.TEXT_PLAIN).extended(true);
}
private void addHead(Resource.Builder resourceBuilder) {
resourceBuilder.addMethod("HEAD")
.handledBy(new Inflector<ContainerRequestContext, Response>() {
#Override
public Response apply(ContainerRequestContext context) {
return getHeadResponse(context);
}
}).produces(MediaType.TEXT_PLAIN).extended(true);
}
private static Response getOptionsResponse(ContainerRequestContext context) {
return Response.status(Response.Status.METHOD_NOT_ALLOWED).entity("No Options").build();
}
private static Response getHeadResponse(ContainerRequestContext context) {
return Response.status(Response.Status.METHOD_NOT_ALLOWED).entity("No Head").build();
}
}
Default options handler is implemented via
#OPTIONS
#Path("{path: .*}")
public Response allOptions() {
}
As an example, take subdomain mapping.
This article: Managing multiple Domain and Sub Domain on Google App Engine for Same Application
recommends to resolve subdomain on Filter and assign variable to ServletRequest headers.
Then the mapping will look like this:
#RequestMapping(value = "/path", headers="subdomain=www")
public String subsiteIndexPage(Model model,HttpServletRequest request) { ... }
If we'd like to create custom #RequestMapping property, such as subdomain, eg. to create mapping like this:
#RequestMapping(value = "/some/action", subdomain = "www")
public String handlerFunction(){ ... }
we should override #RequestMapping #interface definition and override RequestMappingHandlerMapping protected methods, with our own implementation
(as stated on JIRA: "Allow custom request mapping conditions SPR-7812").
Is it right? Can anybody provide a hint, how to achieve this functionality?
Idea 1:
As suggested on original jira thread, is to create own implementation of RequestCondition
There is an project which uses this solution available on github: https://github.com/rstoyanchev/spring-mvc-31-demo/
And related SO question: Adding custom RequestCondition's in Spring mvc 3.1
Maybe mapping like #Subdomain("www") for both Type and Method, is possible solution?
Link to same question on forum.springsource.com
I've created solution based on referenced spring-mvc-31-demo
This solution can be used to map only single RequestCondition as of now. I've created two Issues to notify, this should be changed:
https://github.com/rstoyanchev/spring-mvc-31-demo/issues/5
https://jira.springsource.org/browse/SPR-9350
This solution uses custom #RequestCondition feature of Spring 3.1.1.RELEASE platform
USAGE
Example 1:
#Controller
#SubdomainMapping(value = "subdomain", tld = ".mydomain.com")
class MyController1 {
// Code here will be executed only on address match:
// subdomain.mydomain.com
}
Example 2:
#Controller
class MyController2 {
#RequestMapping("/index.html")
#SubdomainMapping("www")
public function index_www(Map<Object, String> map){
// on www.domain.com
// where ".domain.com" is defined in SubdomainMapping.java
}
#RequestMapping("/index.html")
#SubdomainMapping("custom")
public function index_custom(Map<Object, String> map){
// on custom.domain.com
// where ".domain.com" is defined in SubdomainMapping.java
}
}
We need three files
SubdomainMapping.java
SubdomainRequestCondition.java
SubdomainRequestMappingHandlerMapping.java
SubdomainMapping.java
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
#Target({ElementType.METHOD, ElementType.TYPE})
#Retention(RetentionPolicy.RUNTIME)
public #interface SubdomainMapping {
/**
* This param defines single or multiple subdomain
* Where the Method/Type is valid to be called
*/
String[] value() default {};
/**
* This param defines site domain and tld
* It's important to put the leading dot
* Not an array, so cannot be used for mapping multiple domains/tld
*/
String tld() default ".custom.tld";
}
SubdomainRequestCondition.java
import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.springframework.web.servlet.mvc.condition.RequestCondition;
public class SubdomainRequestCondition implements
RequestCondition<SubdomainRequestCondition> {
private final Set<String> subdomains;
private final String tld;
public SubdomainRequestCondition(String tld, String... subdomains) {
this(tld, Arrays.asList(subdomains));
}
public SubdomainRequestCondition(String tld, Collection<String> subdomains) {
this.subdomains = Collections.unmodifiableSet(new HashSet<String>(
subdomains));
this.tld = tld;
}
#Override
public SubdomainRequestCondition combine(SubdomainRequestCondition other) {
Set<String> allRoles = new LinkedHashSet<String>(this.subdomains);
allRoles.addAll(other.subdomains);
return new SubdomainRequestCondition(tld, allRoles);
}
#Override
public SubdomainRequestCondition getMatchingCondition(
HttpServletRequest request) {
try {
URL uri = new URL(request.getRequestURL().toString());
String[] parts = uri.getHost().split(this.tld);
if (parts.length == 1) {
for (String s : this.subdomains) {
if (s.equalsIgnoreCase(parts[0])) {
return this;
}
}
}
} catch (Exception e) {
e.printStackTrace(System.err);
}
return null;
}
#Override
public int compareTo(SubdomainRequestCondition other,
HttpServletRequest request) {
return org.apache.commons.collections.CollectionUtils.removeAll(other.subdomains, this.subdomains).size();
}
}
SubdomainRequestMappingHandlerMapping.java
import java.lang.reflect.Method;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.servlet.mvc.condition.RequestCondition;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
public class CustomRequestMappingHandlerMapping extends
RequestMappingHandlerMapping {
#Override
protected RequestCondition<?> getCustomTypeCondition(Class<?> handlerType) {
SubdomainMapping typeAnnotation = AnnotationUtils.findAnnotation(
handlerType, SubdomainMapping.class);
return createCondition(typeAnnotation);
}
#Override
protected RequestCondition<?> getCustomMethodCondition(Method method) {
SubdomainMapping methodAnnotation = AnnotationUtils.findAnnotation(
method, SubdomainMapping.class);
return createCondition(methodAnnotation);
}
private RequestCondition<?> createCondition(SubdomainMapping accessMapping) {
return (accessMapping != null) ? new SubdomainRequestCondition(
accessMapping.tld(), accessMapping.value()) : null;
}
}
Instalation
IMPORTANT: So far, it is not possible to use this solution with XML element
<mvc:annotation-driven />, see JIRA https://jira.springsource.org/browse/SPR-9344 for explanation
You have to register custom MappingHandler bean, pointing at this custom implementation SubdomainRequestMappingHandlerMapping class
You have to set it's order to be lower than default RequestMappingHandlerMapping
OR
Replace the registered RequestMappingHandlerMapping (possibly on order=0)
For more wide explanation on implementing this solution, see the related github project
That's correct, but that would be too complicated. You'd better check the Host header, whether it contains a given subdomain.
But you should not really need this more than once or twice, so you can also do it manually in the method body. If you really need it in many places, it would be an odd requirement.