We Keep Coding

Spring MVC Servlet being hit twice for a POST request

I've got an estrange issue while using Spring MVC in order to implement RESTful services for my web application. Everything seems to work OK while performing GET requests, however, the behaviour I'm dealing with when doing POST requests puzzles me. Well, I've implemented this very basic controller code:
#Controller
#RequestMapping("/services")
public class RestService {
#RequestMapping(value = "/test/post", method = RequestMethod.POST)
public void postTest(#RequestBody String postString)
throws PersistenceException {
System.out.println(postString);
}
}
When I perform a POST request against it using Curl:
curl --data "Hello world" http://localhost:8080/SpringMVC-REST/services/test/post
First time my Controller is reached properly and the String is displayed. However, don't know why, the Spring MVC servlet is being called again after that, in this case with a wrong url request. The framework is not finding the matching service case, obviously:
Jun 02, 2014 4:06:21 PM org.springframework.web.servlet.DispatcherServlet noHandlerFound
WARNING: No mapping found for HTTP request with URI [/SpringMVC-REST/services/test/services/test/post] in DispatcherServlet with name 'mvc-dispatcher'
Debugger's stack seems to be slightly different for the first and second cases:
It seems like second time the Spring MVC framework is trying to render the output, even I'm not interested in it, cause I'm not accesing it via web UI. The servlet configuration I use is the standard one:
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring MVC REST</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
That happens to me with Tomcat 6 and 7 and spring-web 3.2.8.RELEASE. Can anybody see the problem here?

use #ResponseBody before method return type..it should solve your problem.
so it should be like
#Controller
#RequestMapping("/services")
public class RestService {
#RequestMapping(value = "/test/post", method = RequestMethod.POST)
public #ResponseBody void postTest(#RequestBody String postString)
throws PersistenceException {
System.out.println(postString);
}
}

how can I stop the application part of the url being passed to my servlet in tomcat6

I am running tomcat6 and have hooked it up in eclipse as a server so I can quickly debug code changes - however I am running into an issue with the routes that are passed to my servlet.
I am running spring mvc3 with my routes annotated on the class eg:
#Controller
#RequestMapping(value="/rest")
public class HandleItController {
...
in web.xml I have
<welcome-file-list>
<welcome-file>welcome.html</welcome-file>
</welcome-file-list>
<servlet-mapping>
<servlet-mapping>handleit</servletmapping>
<url-pattern>/rest</url-pattern>
</servlet-mapping>
However I can only get one of these settings to work as desired at a time.
lets say "Web Project Settings" has Context root set to be appname
now if I GET localhost:8080/appname I will get the welcome page as desired
however if I hit localhost:8080/appname/rest/yadda I get a warning saying
No mapping found for HTTP request with URI [/appname/rest/yadda] in
DispatcherServlet with name 'handleit'
If I change my servlet url-pattern to / then I get request routed through the servlet without the appname prepended and the servlet handles them as expected - however I cannot then hit the welcome page
I need a solution that does not involve hard coding appname into the web.xml or the controller mappings, there must be some way I can serve both the html file and the servlet that is independent of the uri to which my application is deployed - ie stop sending the context part of the url through to the servlet

The URI in the #RequestMapping will be appended to the url-mapping of the dispatcher servlet. So if both the servlet and controller is mapped to rest, the full URI will become /contextpath/rest/rest. If you don't want that, map your controller to /
Edit: The reason it doesn't work when you map your servlet to / is that the Spring dispatcher servlet handles everything under the context root. So to get that to work, you need to configure Spring MVC to serve static files.

Securing Glassfish REST Service with basic auth using annotations

I have been trying to secure an application, which is deployed to glassfish 3 using annotation instead of the deployment descriptor. However, I haven't been able to get it working correctly. If I try to access the service, I end up with a server error 500, which displays this message:
type Exception report
message
descriptionThe server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: javax.ejb.AccessLocalException: Client not authorized for this invocation
root cause
javax.ejb.AccessLocalException: Client not authorized for this invocation
The EJB looks like this:
#Path("/myresource")
#Stateless
#RolesAllowed("user-role")
public class MyResource {
#GET
#Path("/{uuid}")
public Response getData(#PathParam("uuid") final String uuid) {
....
}
}
sun-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN"
"http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app>
<security-role-mapping>
<role-name>user-role</role-name>
<group-name>user-group</group-name>
</security-role-mapping>
</sun-web-app>
This is the web.xml:
<web-app id="myservice" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>org.test.myservice</display-name>
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>org.test.myservice.rest</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<role-name>user-role</role-name>
</security-role>
</web-app>
The file realm in glassfish is set up using the user and role specified in the sun-web.xml and has been working well, when setting up the application security via deployment descriptor.
If I understand this document correctly I do not have to link security role references if their names are the same. http://docs.oracle.com/javaee/5/tutorial/doc/bnbyl.html#bnbyt
Any ideas what I am missing?
Edit
Related to the problem of not being able to specify the required information with annotations, there is a another problem, which caused me to think about this issue. Maybe that will make the initial question a little clearer:
Taken above example, the resource /myresource/* is only available for users with role 'user-role'. However, if there is a second resource at path /myresource/*/thumbnail (translating to /myresource/[uuid]/thumbnail) which should be available without authentication, this is not possible by specifying security-constraints with url-mapping, since it does not seem to be possible to use the wildcard between constants. However, this would be doable by specifying the roles, that are allowed to access a method by annotions. As described above, I haven't been able to do so. How could a mapping like that be done?

You need to use the security-constraint element in web.xml descriptor in order to block specific resources and paths, and to specify the authorization constraints.
This doesn't mean that you can't add more fine-grained controls using Programmatic Security, as explained in Oracle's Java EE 6 Tutorial:
Programmatic security is embedded in an application and is used to make security decisions. Programmatic security is useful when declarative security alone is not sufficient to express the security model of an application.
As per your edited question.
I would use the security-constraint element for blocking the access to all non-registered users. This will force everybody to authenticate, so that your application knows the roles they have.
Then you can fine-grain control the access to the various resources using programmatic security.
With basic authentication I guess there are no other ways. If you want to avoid authentication for basic users, you need to go with form authentication and handle the authentication programmatically behind the scenes, authenticating them even if they aren't aware of, by using HttpServletRequest#login().
In both ways you should be able to setup rights in the way you have described. If you want to handle the unauthorized exception more smoothly, you'd better remove the #RolesAllowed annotation and instead use something like:
#GET
#Path("/{uuid}")
public Response getData(#PathParam("uuid") final String uuid, #Context SecurityContext sc) {
if (sc.isUserInRole("MyRole")) {
return result;
} else {
return notAllowedResult;
}
}

The Roles-Allowed is an EJB construct and not congruent with access to the resource, which is handled by the security constraint.
Unfortunately, the two security concepts do not mesh as well as they should, and instead of getting a 401 if you're not authorized (a web concept), you get the security exception that you are receiving (and EJB concept). In fact, I don't know what error you will receive if you annotate an EJB web service with a RolesAllowed and try to access the web service with an invalid role. I assume you'll get a SOAP fault, in that case.
The EJB security is a system that keeps unauthorized people out, but it's a last ditch effort. It assumes that any decisions to route folks to the method calls is already done up front. For example, there's no high level way to test if a method is allowed or not, rather you can only call it and catch the exception.
So the harsh truth is beyond coarse gatekeepers, you want to leverage Programmatic Security.

RESTEasy Asynchronous Job Service + Spring MVC?

I am using the RESTEasy integration with Spring MVC as described here in section "39.2. Spring MVC Integration"
http://docs.jboss.org/resteasy/docs/2.0.0.GA/userguide/html/RESTEasy_Spring_Integration.html
I'd like to experiment with RESTEasy's implementation of the "async job service" as described here:
http://docs.jboss.org/resteasy/docs/2.3.4.Final/userguide/html/async_job_service.html
Reading the doc, my assumption is that RESTEasy will intercept the request and respond with a HTTP 202 and do the job queueing and tracking and create the .../async/jobs endpoint. So I modified my web.xml as described in the documention. Here's what it looks like:
<web-app>
<context-param>
<param-name>resteasy.async.job.service.enabled</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>resteasy.async.job.service.base.path</param-name>
<param-value>/asynch/jobs</param-value>
</context-param>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springmvc-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
I tried to test whether this works by making a call to one of my REST services like this (running under Tomcat 6):
POST http://localhost:8080/myservice?async=true
According to the documentation this service is supposed to return a HTTP 202 but it returned the normal HTTP 200 as if I had called without the async=true query param.
I didn't change anything else with my services. Am I missing something?
Btw, here's what the service annotation looks like:
#Controller
#Path("/")
public class MyServices {
#POST
#Produces({MediaType.APPLICATION_XML})
#Path("myservice")
public Response createMyResource(#Context UriInfo uri, myResource) {
// create the resource
// construct and return a OK Response
}
}
Has anyone tried this successfully? If not, do you have another easy to use alternative for making async calls to RESTEasy RESTful services (that also works with Spring running under tomcat)
Thanks.

Try with asynch=true not async=true

REST Service - #POST call works while #GET doesn't

I am very new in REST services and I am facing a problem during the last two weeks. I am using Jersey. I am trying to use a simple REST client in order to call a POST method, which accepts a JSON object as a parameter and stores it to a database. My approach didn't work, but I decided to go one step behind, so now I am using an even simpler client with a simpler provider, in order to just test my POST and GET methods. The strange thing is that while I am able to call the POST method:
#POST
#Path("/store")
#Consumes(MediaType.TEXT_PLAIN)
#Produces(MediaType.TEXT_PLAIN)
public String storeData(String str) throws SQLException {
String query = "insert into myDB.test (id, name) values ('1', '" + str + "')";
MyDB db = new MyDB();
db.runQuery(query);
return responseCode.toString();
}
This works just fine!
But in the same class, the #GET method is not working and returns a 404 error.
My code is as following:
#GET
#Path("/retrieve")
#Produces(MediaType.TEXT_PLAIN)
public String getResponse() {
return "Hello!";
}
I know that my question might be quite simple to many... but I'm trying to find out what I'm doing wrong so as to go on to my actual implementation...
Thanks a lot in advance.
Marina
here is my client-side code
public class TestClient {
public static void main(String[] args) {
ClientConfig clientConfig = new DefaultClientConfig();
Client client = Client.create(clientConfig);
WebResource webResource = client.resource("http://localhost:8080/server_classes/rest/server/retrieve");
System.out.println(webResource.accept(MediaType.TEXT_PLAIN).post(ClientResponse.class, "hello"));
}
}
And here is my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>server_classes</display-name>
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class> com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>server_classes</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
My package is named server_classes and the resource's path is #Path("/server")
I tried the vogella tutorial again, from the beginning, just changing the annotation paths and the methods (for not just giving a "Hello Jersey" response). But now, I am not able to run anything. There is only a 404 error!
O also deleted Tomcat's instance, then the whole tomcat installation and re-installed it, the problem still the same. I am working on Ubuntu 12.04 if this helps..
Thanks!

try to change your request from post to get, as your servlet-mapping expects:
webResource.accept(MediaType.TEXT_PLAIN).get(ClientResponse.class);