Spring

Using com.graphql-java-kickstart:graphql-spring-boot-starter:14.1.0 I was refactoring some code to switch Strings for enums and I got the following error. Caused by: graphql.kickstart.tools.SchemaError: Type 'Integration' is declared as an enum in the GraphQL schema but is not a Java enum! I double checked, and Integration was in the GraphQL correctly, and was also a proper Java enum. GraphQL: enum Integration { STRIPE } input IntegrationCriteria { integration: Integration identifier: String } Java enum: ...

TL;DR spring: jpa: generate-ddl: true properties: javax: persistence: schema-generation: database: action: drop-and-create create-source: script-then-metadata create-script-source: init.sql init.sql CREATE ALIAS IF NOT EXISTS H2GIS_SPATIAL FOR "org.h2gis.functions.factory.H2GISFunctions.load"; CALL H2GIS_SPATIAL(); CREATE DOMAIN POINT AS GEOMETRY(POINT); CREATE DOMAIN POLYGON AS GEOMETRY(POLYGON);

TL;DR In Spring CSRF generates a new token for each new session. If you have http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) then there is a new session triggered for each request. This means we need a different mechanism to calculate the CSRF token, otherwise it’ll be rotated with every request, and you’ll end up with a race condition where your UI will have its token changed mid-request (at least in Angular 12). The solution here is to derive a hash from the SSO session. ...

TL;DR The classes that publish the AuditEvent object are instantiated by AuditAutoConfiguration which is conditional on an AuditEventRepository. If you don’t want to store the events, e.g., in an InMemoryAuditEventRepository, then you need to either: 1) manually instantiate AuthenticationAuditListener and AuthorizationAuditListener, or 2) listen for AbstractAuthorizationEvent and build up from there. The Slightly Longer Version There are a lot of articles on the web about how you can get Spring Security audit events simply by including the spring-boot-starter-actuator artifact, and then creating a listener. ...

The common way to configure Spring Security is by extending WebSecurityConfigurerAdapter and annotating with @Configuration. e.g., from the Java docs: @Configuration class SimpleSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() .and() .logout().deleteCookies("remove").invalidateHttpSession(false) .logoutUrl("/custom-logout").logoutSuccessUrl("/logout-success"); } } If you need to have multiple configurations, for instance, for different paths, then you can either http.antMatchers(...), or you can provide multiple configurations. But these achieve different things, and this distinction needs to be understood. ...

When you are using Tiles for layout composition with Spring you configure it as a view resolver by adding something like this to the applicationContext.xml <!-- Configure the Tiles templates --> <bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer"> <property name="definitions"> <list> <value>/WEB-INF/tiles.xml</value> </list> </property> <property name="preparerFactoryClass" value="org.springframework.web.servlet.view.tiles2.SpringBeanPreparerFactory" /> </bean> <!-- Resolve views using Tiles --> <bean id="tilesViewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView" /> </bean> This will read the tiles.xml on startup. If you want it to refresh when the file changes you either need to add the Tiles filter, or more elegantly just add this context-param to the web.xml ...

A quick note about using the BindingResult to detect and report errors in a form. One gotcha that got me was the need to set a name on the @ModelAttribute in order to properly relate the form:form commandName and the validation object. Essentially, if you don’t set a name then @ModelAttribute will get the command name from the name of the argument, and BindingResult will get the command name from the type of the argument, meaning that when you go to use form:errors nothing will be displayed. ...

Here’s a little lesson that I had to relearn today: When using Spring use interfaces. The premise was I had a DAO bean that was configured with Spring, and it was @Autowired into my controller (or test case in this instance). Because I only intended to have a single implementation of this class, and because this was the first iteration of the project, I made the DAO bean concrete. However, when I tried to inject it into the test case got an exception: ...

Sometimes in a webapp you will be in a situation where a filter/app/container other than Spring will be responsible for authenticating a user and setting the user principal, leaving the authz to the Spring webapp. A portlet container is a typical example. There is a few examples floating around showing how to do this in Spring 2.x, but it appears some thing (packages, etc) have changed for Spring 3.x, so here is how to make it work. Use the following in your applicationContext.xml ...

Recently I had need to deploy some Spring webapps which required predeploy configuration. Being the first time I had to find a serious answer I looked to the mythical JNDI for an answer. This document is meant to complement other Spring JNDI documents out there. Essentially the problem is this. We need to deploy a webapp. The webapp needs configurations (database and webservice endpoint locations). Editing properties files or XML config within the webapp isn’t nice, because on a redeploy the config will be lost. Inside containers like Tomcat I am not aware of a way to easily add extra items to the classpath which won’t get nuked unexpectedly, so solutions like PropertyPlaceholderConfigurer don’t really fly as the properties file will end up within the webapp. And I don’t like the idea of setting environment variables for to locate such things. ...