I have debugged Java codes as JAVA APPLICATION.(its simple)
Now I am working with Maven project, and I am Keen to know comprehensive flow of this MAVEN+SPRING-JERSEY Project.
I guess debugging could help me with that, I have crawled many sites but cant really get how to debug a Maven Project.
Can anyone help me with this babyish doubt.
Or even you can explain me flow from this example.JERSEY+SPRING+MAVEN
Sorry ! I know This might be silly question,Let me know if I should delete it.
Please let me know if I am Correct:
WHAT I HAVE UNDERSTOOD:
1.Request comes from client,Web.xml Handles this request.
It finds the REST class(with URIs) in given Package.
(Also in meantime,Spring registers all Beans with help of Bean Registry)
2.Then from Service It gets URI , Now request is sent to particular URI.
3.At that URI we have beans,(i.e business logic) which gets executed
4.Then this beans send back result to REST and REST send this response message to client.
This is My understanding from #Michael Hoffman answer.
Please Let me know if this is correct.
Maven is simply providing you with build management. For most cases, it has no impact on how you will debug an application.
Based on your question, the best approach for debugging your application would be to use an IDE like Eclipse. You will need to have Tomcat, or a similar web container, in order to debug at runtime. Otherwise, the flow of code at design time is likely as follows:
At runtime, Spring loads any beans that are to be managed into the Spring container (application context). This may include the controller or service that is executed by the REST-ful call.
Web page or other integration makes a call to the rest service. The address depends on the configuration of the service across the web.xml and Spring application context.
A request flows through the configured servlet. Here is an example of servlet configuration in the web.xml of an app:
<web-app>
<servlet>
<servlet-name>MyApplication</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
...
</init-param>
</servlet>
...
<servlet-mapping>
<servlet-name>MyApplication</servlet-name>
<url-pattern>/myApp/*</url-pattern>
</servlet-mapping>
...
</web-app>
Based on the path requested, the request will flow to an implementing class, often times a controller or service class. The class or methods on the class will have annotation like: #Path("/helloWorld")
Related
I have a very typical problem. I am using in-house developed platform which uses Jetty server and rest easy to provide a wrapper over REST framework. When they did that they made lot of tweaks for some specific scenes.
Now problem is that when I developed a REST based service with raw interfaces of rest easy and embed my jetty server in same JVM. My service can receive the request but response is always 500 server error.
I feel the in-house framework is intercepting the response doing some security validations so my response doesn't reach.
I was wondering if there is a way to use the different rest easy version and run in same JVM. I have tried to embed a jetty server and added a normal Servlet and I can access it but I can't achieve the same with my rest based servlet.
Any Idea how could I load two versions of rest easy on same JVM ?
What you can't have is two applications in the same web application context, since you are supposed to define only one class implementing javax.ws.rs.Application.
But that shouldn't be a problem, as long as classes live in different ClassLoaders. Each web application context must be in isolation of other contexts, each defining its own ClassLoader.
You can perform all kinds of class loading manipulation in Jetty: https://wiki.eclipse.org/Jetty/Reference/Jetty_Classloading
In conclusion, as long as you use different jar files of RESTEasy in each web context, you should be able to run two REST applications using different RESTEasy versions in the same JVM process.
My question is
"Can I use #RolesAllowed on RESTful Resources implemented on CXF ?".
First of all, I explain the context causing this question.
I'm working at some projects in which developers have to remake one part of the some web systems into RESTful WEB Apis.This present system has server system built by Spring and Hibernate. And its client application as UI is developed by ActionScript through
FLEX framework.
Now I'm surveying the proper way to design and remake our present system into RESTful APIs through reading some documents or develop some prototypes.So, we temporarily decided to use Apache-CXF ver.2.7.4 as JAX-RS implementation and TOMCAT ver.7 as Web applications container.
Then, I am struggling for the way of user authorizations now.
As you know, I mean the word 'Authorization' as some control mechanism that constrain some users to access functions according to user's roll like ROLE_ADMIN, ROLL_EMPLOYEE and so on.And our team wants to use #RolesAllowed annotation to constrain user to access some RESTful methods in REST resource classes.
Through surveying, I knew that we can use #RolesAllowed annotation if we use Jersey as JAX-RS imple and TOMCAT, because Jersey framework provides
com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory
for developers to activate #RolesAllowed annotation by adding following lines in web.xml
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>
com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory
</param-value>
</init-param>
as init-param of jersey's ServletContainer.
But our team has decided Apache CXF as JAX-RS imple.I've already surveyed the security and authorization parts of web documents in CXF site. But I couldn’t get solutions or how to use #RolesAllowed on RESTful resource methods.
So If you know the requirements or how to use #RolesAllowed on RESTful resource implemented on Apache CXF and TOMCAT, teach me that, please.Or if you can definitively conclude that we can't use #RolesAllowed in frameworks choice of Apache CXF and TOMCAT, please teach me the background knowledge of that conclusion.
Additionally, I suppose that I can use #RolesAllowed in REST resource by CXF on JBOSS as app server, not on TOMCAT. Is this assumption true ? I'm sorry that I've not made a trial to use JBOSS instead of TOMCAT.
Best regards.
Yes, this can be done. I'll assume that you (like me) did not want to use Spring Security as part of the solution (to handle authentication and authorization) since there is seem to be plenty of resources on how to enable the JSR-250 annotations with Spring Security.
My solution began with a simple JAX-RS project built from the CXF-supplied Archetype Project org.apache.cxf.archetype:cxf-jaxrs-service:2.7.5 (lastest GAV # time of writing).
This gives you a basic HelloWorld class with supporting config files.
A few modifications need to be made.
First, add the following dependencies to the pom.xml:
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>jsr250-api</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
Why? Because Tomcat is not a full J2EE Container, it does not support all JSR-250 Annotations (of which #RolesAllowed is one). Further, although CXF recognizes and will work with #RolesAllowed, it does not bundle an implementation, expecting it to be provided by either a J2EE container or the inclusion of the api as above.
The servlet-api is listed because I needed it # compile time for a method I add to HellowWorld.java (see below).
Second, modify beans.xml as follows:
<bean class="my.pkg.HelloWorld" id="helloWorldService"/>
<jaxrs:serviceBeans>
<ref bean="helloWorldService"/>
</jaxrs:serviceBeans>
<bean id="authorizationInterceptor"
class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
<property name="securedObject" ref="helloWorldService" />
</bean>
The SecureAnnotationsInterceptor is what will scan the helloWorldService and enforce the #RolesAllowed annotations.
Note that the helloWorldService had to be pulled out of the <jaxrs:serviceBeans> stanza so it could be referenced both there and in the authorizationInterceptor.
Third, add some roles and users to tomcat-users.xml or alternative (eg. JDBC Realm, etc.) I did this:
<role rolename="hello-user" />
<role rolename="hello-role1"/>
<role rolename="hello-role2" />
<user username="hello1" password="Password1" roles="hello-role1,hello-user"/>
<user username="hello2" password="Password1" roles="hello-role2,hello-user"/>
This creates 2 users who each have a shared role (hello-user) plus their own distinct role.
Fourth, add the following to web.xml to enable BASIC authentication:
<security-constraint>
<web-resource-collection>
<web-resource-name>Hello Services</web-resource-name>
<url-pattern>/hello/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>hello-user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
With this, I decided to require the role hello-user for everything under /hello/*. That's not essential, but beware that I did have some issues omitting some of the stanzas, wildcards and roles... so experiment with care here.
Fifthly (and finally), mark up the HelloWorld.java class:
#Path("/hello")
#RolesAllowed("hello-user")
public class HelloWorld {
#GET
#Path("/echo/{input}")
#Produces("text/plain")
#RolesAllowed("hello-role1")
public String ping(#PathParam("input") String input) {
return input;
}
#POST
#Produces("application/json")
#Consumes("application/json")
#Path("/jsonBean")
#RolesAllowed("hello-role2")
public Response modifyJson(JsonBean input) {
input.setVal2(input.getVal1());
return Response.ok().entity(input).build();
}
#GET
#Produces("text/plain")
#Path("/cliche")
public Response getClichedMessage(#Context HttpServletRequest request) {
return Response.
ok().
entity("Sending \"Hello World\" to user \"" + request.getUserPrincipal().getName() + "\"").
build();
}
}
I added the last method (getClichedMessage()) to show that both users can access the method because they have the hello-user role with which the class is annotated. The SecureAnnotationsInterceptor is smart enough to handle that.
That's all. Seems to me, this is the STTCPW using just Tomcat, CXF and BASIC authenitcation. The key for the CXF + #RolesAllowed is the SecureAnnotationsInterceptor.
Update: I should acknowledge that Converting Jersey REST Examples to Apache CXF was particularly helpful, especially for pointing out the SecureAnnotationsInterceptor whose connection to #RolesAllowed is not well documented elsewhere.
Update 2: The Jersey-CXF blog entry doesn't seem be migrated to gmazza's new blog. However, the example I used is on github. It contains a config file with SecureAnnotationsInterceptor definition and a bean with #RolesAllowed annotation
I want to use a python backend while developing a SmartGWT front end. In order to get the debugging working correctly, I think I need the dev server running in eclipse which means the webserver will be running in eclipse.
My python (Django) backend needs to serve the requests for the data and I'd like it to not be a cross-domain issue, however cross-domain also seems to require the ports match too.
What is the simplest way to work around this? Been thinking about setting up my hosts file with a bogus domain and then have two entries, one for data, one for js. But, this requires setting up a second IP on the machine because the ports have to match too.
If I want anyone else to be able to see the pages I can't use localhost and my external IP since they won't be able to get to my localhost.
Is there some simpler setup?
Is there some simple proxy piece I could drop into the eclipse dev server that would proxy the data requests to a different server?
Other ideas?
I am using a proxy servlet in my gwt setup for this purpose.
I am using a tomcat proxy servlet from jetty util artifact:
<dependency>
<groupId>org.mortbay.jetty</groupId>
<artifactId>jetty-util</artifactId>
<version>6.1.22</version>
<scope>runtime</scope>
</dependency>
My web.xml looks like this:
<servlet>
<servlet-name>JettyProxy</servlet-name>
<servlet-class>org.mortbay.servlet.ProxyServlet$Transparent</servlet-class>
<init-param>
<param-name>ProxyTo</param-name>
<param-value>http://yourserver</param-value>
</init-param>
<init-param>
<param-name>Prefix</param-name>
<!-- will be removed from request -->
<param-value>/prefix/</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>JettyProxy</servlet-name>
<url-pattern>/prefix/*</url-pattern>
</servlet-mapping>
If you get some weired error about some _context variable, make sure that the jetty-util.jar is in your classpath before the GWT SDK.
Use -noserver for the DevMode. See http://code.google.com/webtoolkit/doc/latest/DevGuideCompilingAndDebugging.html#How_do_I_use_my_own_server_in_development_mode_instead_of_GWT's
The easiest way to do it is if you have both backend and frontend on your development machine.
For my projects I am using GWT on the frontend and cherrypy (python) on the backend.
I set up both projects in eclipse and when developing I start a debugger for the cherrypy backend and one for the GWT frontend. So I can basically debug backend and frontend at the same time. Works really good.
Communication between python backend and gwt frontend is done via RequestBuilder (JSON) and the good thing about this setup is that I can test the backend's data communication directly without GWT.
So the development url is usually something like: http://localhost:8080/?gwt.codesvr=127.0.0.1:9997
Port 8080 is used by my cherrypy backend.
How is it possible to run some EJB logic during the server start/stop ?
I am using JBoss 5 and EJB 3.0.
Thanks.
Server start is relatively easy: Add a servlet that is called with load-on-startup 1 so that it gets started early and can then initialize stuff on the system in it's init() method. As the deployers first deploy ejbs and then servlets, you should be good here to use the ejbs from within the servlet.
When the app shuts down, the servlet's destroy() method is (supposed to be) called, so you could shutdown stuff from there.
<servlet>
<servlet-name>InitShutdownServlet</servlet-name>
<display-name>Init Servlet</display-name>
<servlet-class>com.acme.InitServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
MBeans can be used as JBoss provides ServiceMBean interface & ServiceMBeanSupport abstract class to execute custom code during startup/shutdown.
Override life-cycle callback methods to add custom logic.
For further reference, see JBoss Service
When I deploy a JSF application on a Glassfish V2.1 Patch02 Cluster, the following exception is thrown while loading the first page.
java.security.ProviderException: update() failed
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457)
at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:485)
at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:471)
at javax.crypto.Cipher.doFinal(DashoA13*..)
...
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:510)
I am NOT using any kind of encryption/decryption inside my application.
When I googled up for this exception, I found this which is the case when Ciphers are loaded in the application.
I would like to know if Glassfish/JSF load default Ciphers which are causing this exception?
If not, what could be the possible cause and the solution for it?
The issue has been resolved. The problem is this 'minor' bug - https://issues.apache.org/jira/browse/MYFACES-1786
The solution is to put the following entries in the web.xml to disable encryption for state management and to switch the state saving to server
<context-param>
<param-name>org.apache.myfaces.USE_ENCRYPTION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
From my experience the application when deployed with encryption enabled by 'default' (i.e. having no entry for org.apache.myfaces.USE_ENCRYPTION in web.xml) in Websphere(standalone or cluster) works perfectly okay.
But the application does NOT get deployed in Glassfish cluster or in Tomcat 6 (the problem is defined in the thread - nabble.com/BadPadding-Exception-and-more-td21984713.html)
The only place I can think where the base JSF implementation might use encryption is in state management. The component tree is stateful, so it is preserved between requests, either in the session or in a hidden form field (set by the javax.faces.STATE_SAVING_METHOD init parameter). If a hidden form field is used, the implementation would be wise to encrypt it to prevent hackers rewriting server state. (Note that state management in JSF is pluggable, so 3rd party libraries could replace the default behaviour. If you're using a rich component library, it's worth checking the doc.)
You could try deploying your app in non-clustered glassfish, or in tomcat and see if you get the same situation. Then you would know if the problem is your app or the configuration of the app server or cluster.