Comments (12)
75ACOL
commented on May 28, 2024
Did you not perform authentication and let other people access your /monitoring?
from javamelody.
75ACOL
commented on May 28, 2024
Can you provide some additional information? I can't reproduce this error, and I've had this problem recently.
from javamelody.
MrFastDie
commented on May 28, 2024
Sure thing!
So first of all I have multiple security configs (spring), in all the neccessary parts I have the following included:
.regexMatchers("/monitoring\\?resource=boomerang.min.js", "/monitoring\\?part=rum.*")
.permitAll()
.antMatchers("/monitoring/**")
.hasAuthority("systemconfig")
Therefore access to /monitoring is blocked but the boomerang and the rum part are visible.
We then have a GET mapping:
@GetMapping("**")
public HttpEntity<byte[]> get(HttpServletRequest request) throws IOException {
String servletPath = request.getServletPath();
String resourceName = "/ng/index.html";
if (servletPath.contains(".")) {
resourceName = servletPath.contains("/assets") ?
servletPath.replaceFirst("/ng.*/assets", "/ng/assets") :
servletPath.replaceFirst("/ng.*/", "/ng/");
try (InputStream in = this.getClass().getResourceAsStream(getCommonResourceName(resourceName))) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(getMediaTypeFor(resourceName));
return new HttpEntity<>(IOUtils.toByteArray(in), headers);
}
} else {
try (InputStream in = this.getClass().getResourceAsStream(getCommonResourceName(resourceName))) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(getMediaTypeFor(resourceName));
Integer projectCode = (Integer) (request.getSession(false) == null ?
null :
request.getSession(false).getAttribute("projectCode"));
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
boolean authenticated =
authentication != null && authentication.isAuthenticated() && !"anonymousUser".equals(
authentication.getPrincipal());
return new HttpEntity<>(replaceApi(
in,
request.getScheme(),
request.getServerName(),
request.getServerPort(),
request.getContextPath(),
projectCode,
authenticated,
xxx,
yyy;
}
}
}
And a filter:
@Override
public String getServletPath() {
String p = super.getServletPath();
if (p.contains("/logout") || p.contains("/oauth2") || p.contains("/monitoring") || p.contains("/data")) {
return p;
}
return Arrays.asList("/", "/index").contains(p) ? "/ng" : (p.startsWith("/ng") ? p : ("/ng" + p));
}
Our pom.xml for java melody:
<dependency>
<groupId>net.bull.javamelody</groupId>
<artifactId>javamelody-spring-boot-starter</artifactId>
<version>${javamelody-version}</version>
</dependency>
<javamelody-version>1.94.0</javamelody-version>
And we then have a JavaMelody Configuration:
@Configuration
@ConditionalOnWebApplication
public class JavaMelodyConfiguration {
/**
* Registers the JavaMelody {@link CustomResourceFilter}.
*
* @param servletContext ServletContext
* @return FilterRegistrationBean
*/
@Bean(name = "customResourceFilter")
public FilterRegistrationBean<CustomResourceFilter> customResourceFilter(ServletContext servletContext) {
FilterRegistrationBean<CustomResourceFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new CustomResourceFilter());
registrationBean.setAsyncSupported(true);
registrationBean.setName("customResourceFilter");
registrationBean.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
registrationBean.addUrlPatterns("/monitoring");
updateRegistrationIfPresent(servletContext, registrationBean, "customResourceFilter");
return registrationBean;
}
@Bean(name = JavaMelodyAutoConfiguration.REGISTRATION_BEAN_NAME)
public FilterRegistrationBean<MonitoringFilter> monitoringFilter(
JavaMelodyConfigurationProperties properties,
ServletContext servletContext,
@Autowired AppConfig appConfig) {
final FilterRegistrationBean<MonitoringFilter> registrationBean =
(new JavaMelodyAutoConfiguration()).monitoringFilter(properties, servletContext);
String monitoringPath = resolveRelativePath(appConfig.getMonitoringPath());
registrationBean.addInitParameter(Parameter.STORAGE_DIRECTORY.getCode(), monitoringPath);
updateRegistrationIfPresent(servletContext, registrationBean, "customResourceFilter");
return registrationBean;
}
private String resolveRelativePath(String monitoringPath) {
try {
if (monitoringPath.startsWith(".")) {
String catalinaBase = new ApplicationHome(Application.class).getDir().getCanonicalPath();
monitoringPath = catalinaBase + monitoringPath;
}
monitoringPath = new File(monitoringPath).getCanonicalPath();
} catch (IOException e) {
throw new RuntimeException(e);
}
return monitoringPath;
}
private void updateRegistrationIfPresent(
ServletContext servletContext,
final FilterRegistrationBean<? extends Filter> registrationBean, String beanName) {
final FilterRegistration filterRegistration = servletContext.getFilterRegistration(beanName);
if (filterRegistration != null) {
// if webapp deployed as war in a container with MonitoringFilter already added by web-fragment.xml,
// do not try to add it again
registrationBean.setEnabled(false);
for (final Map.Entry<String, String> entry : registrationBean.getInitParameters()
.entrySet()) {
filterRegistration.setInitParameter(entry.getKey(), entry.getValue());
}
}
}
}
Can I provide you with something more?
from javamelody.
75ACOL
commented on May 28, 2024
Thanks for your efforts, I can't see anything wrong with these codes for the time being.
from javamelody.
MrFastDie
commented on May 28, 2024
Probably the private static String getRumUrlForBrowser(String requestName) from the RumInjector is the problem here. Is there an opportunity to add some kind of configuration to explicit set the URL instead of parsing it from the request? As we already have some kind of configuration file that would make some sense.
from javamelody.
75ACOL
commented on May 28, 2024
The code has been processed, but I'm not sure what your configuration has done, resulting in parsing, can you send me your entire pom file, I'll check it.
from javamelody.
MrFastDie
commented on May 28, 2024
Sure thing!
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>ch.ess.app</groupId>
<artifactId>app</artifactId>
<version>2.0.15-SNAPSHOT</version>
<packaging>jar</packaging>
<name>app</name>
<description>app</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.6</version> <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-parent -->
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<tomcat.version>9.0.74</tomcat.version>
<start-class>ch.ess.app.Application</start-class>
<java.version>17</java.version>
<maven.compiler.target>17</maven.compiler.target>
<maven.compiler.source>17</maven.compiler.source>
<aspectj.version>1.9.8.RC3</aspectj.version>
<jackson-version>2.9.8</jackson-version>
<jodconverter.version>4.4.2</jodconverter.version>
<ess.version>0.3.0-SNAPSHOT</ess.version>
<extjs.version>7.3.1-SNAPSHOT</extjs.version>
<batik-version>1.14</batik-version>
<poi-version>5.1.0</poi-version>
<mapdb-version>3.0.8</mapdb-version>
<commons-math3-version>3.6.1</commons-math3-version>
<commons-validator-version>1.7</commons-validator-version>
<jopendocument-version>1.2</jopendocument-version>
<pdfbox-version>1.8.16</pdfbox-version>
<javamelody-version>1.94.0</javamelody-version>
<owasp-encoder-version>1.2.3</owasp-encoder-version>
<jsoup-version>1.11.3</jsoup-version>
<extjs-themes-version>1.0.8-SNAPSHOT</extjs-themes-version>
<cxf.version>3.4.5</cxf.version>
<nashorn-version>15.3</nashorn-version>
<springdoc-version>1.6.1</springdoc-version>
<hibernate-search-orm.version>5.11.10.Final</hibernate-search-orm.version>
<lucene.version>5.5.5</lucene.version>
<frontend-maven-plugin-version>1.12.0</frontend-maven-plugin-version>
<node-version>v16.13.0</node-version>
<npm-version>8.1.4</npm-version>
<maven.compiler.debug>true</maven.compiler.debug>
<maven.build.timestamp.format>yyyy-MM-dd'T'hh:mm:ss.SSSZ</maven.build.timestamp.format>
<build.timestamp>${maven.build.timestamp}</build.timestamp>
<maven.repo.releases.url>releases-url-set-by-jenkins</maven.repo.releases.url>
<maven.repo.snapshots.url>snapshots-url-set-by-jenkins</maven.repo.snapshots.url>
<maven.site.url>site-url-set-by-jenkins</maven.site.url>
</properties>
<repositories>
<repository>
<id>ess</id>
<url>http://repo.ess.ch/repo/content/repositories/public/</url>
<snapshots>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>ess</id>
<url>http://repo.ess.ch/repo/content/repositories/public/</url>
</pluginRepository>
</pluginRepositories>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-properties-migrator</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>${springdoc-version}</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-webmvc-core</artifactId>
<version>${springdoc-version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-envers</artifactId>
</dependency>
<dependency>
<groupId>net.sourceforge.jtds</groupId>
<artifactId>jtds</artifactId>
</dependency>
<dependency>
<groupId>com.querydsl</groupId>
<artifactId>querydsl-jpa</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
<dependency>
<groupId>com.github.ben-manes.caffeine</groupId>
<artifactId>caffeine</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.janino</groupId>
<artifactId>janino</artifactId>
</dependency>
<dependency>
<groupId>ch.ess.webjars</groupId>
<artifactId>extjs</artifactId>
<version>${extjs.version}</version>
</dependency>
<dependency>
<groupId>ch.ess.webjars</groupId>
<artifactId>extjs-src</artifactId>
<version>${extjs.version}</version>
</dependency>
<dependency>
<groupId>ch.ess.webjars</groupId>
<artifactId>extjs-ux</artifactId>
<version>${extjs.version}</version>
</dependency>
<dependency>
<groupId>ch.ess.webjars</groupId>
<artifactId>extjs-theme-classic</artifactId>
<version>${extjs.version}</version>
</dependency>
<dependency>
<groupId>ch.ess.webjars</groupId>
<artifactId>extjs-theme-triton</artifactId>
<version>${extjs.version}</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>flag-icon-css</artifactId>
<version>0.7.1</version>
</dependency>
<dependency>
<groupId>ch.ess</groupId>
<artifactId>ext-generator</artifactId>
<version>${ess.version}</version>
</dependency>
<dependency>
<groupId>ch.ess</groupId>
<artifactId>uic-analyzer</artifactId>
<version>${ess.version}</version>
</dependency>
<dependency>
<groupId>ch.ess</groupId>
<artifactId>rest-service</artifactId>
<version>${ess.version}</version>
</dependency>
<dependency>
<groupId>ch.ess</groupId>
<artifactId>uic-annotations</artifactId>
<version>${ess.version}</version>
</dependency>
<dependency>
<groupId>ch.ess</groupId>
<artifactId>utx</artifactId>
<version>${ess.version}</version>
</dependency>
<dependency>
<groupId>ch.ess</groupId>
<artifactId>common-mailer</artifactId>
<version>${ess.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<version>4.3.1</version><!-- override ist ok -->
</dependency>
<dependency>
<groupId>org.mapdb</groupId>
<artifactId>mapdb</artifactId>
<version>${mapdb-version}</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>${poi-version}</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>${poi-version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-math3</artifactId>
<version>${commons-math3-version}</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>${commons-validator-version}</version>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>jopendocument</groupId>
<artifactId>jopendocument</artifactId>
<version>${jopendocument-version}</version>
</dependency>
<dependency>
<groupId>org.jodconverter</groupId>
<artifactId>jodconverter-spring-boot-starter</artifactId>
<version>${jodconverter.version}</version>
</dependency>
<dependency>
<groupId>org.jodconverter</groupId>
<artifactId>jodconverter-local</artifactId>
<version>${jodconverter.version}</version>
</dependency>
<dependency>
<groupId>org.apache.pdfbox</groupId>
<artifactId>pdfbox</artifactId>
<version>${pdfbox-version}</version>
</dependency>
<dependency>
<groupId>net.bull.javamelody</groupId>
<artifactId>javamelody-spring-boot-starter</artifactId>
<version>${javamelody-version}</version>
</dependency>
<dependency>
<groupId>javax.jws</groupId>
<artifactId>javax.jws-api</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>${owasp-encoder-version}</version>
</dependency>
<dependency>
<!-- jsoup HTML parser library @ https://jsoup.org/ -->
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>${jsoup-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>ch.ess.webjars</groupId>
<artifactId>extjs-themes</artifactId>
<version>${extjs-themes-version}</version>
</dependency>
<dependency>
<groupId>net.sf.uadetector</groupId>
<artifactId>uadetector-resources</artifactId>
<version>2014.10</version>
<exclusions>
<exclusion>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>0.9.7.RC1</version>
<exclusions>
<exclusion>
<artifactId>javassist</artifactId>
<groupId>javassist</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.openjdk.nashorn</groupId>
<artifactId>nashorn-core</artifactId>
<version>${nashorn-version}</version>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<!--<version>5.5.2</version>-->
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-params</artifactId>
<version>5.3.2</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>4.6.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-junit-jupiter</artifactId>
<version>4.6.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.docx4j</groupId>
<artifactId>docx4j-core</artifactId>
<version>8.3.2</version>
</dependency>
<dependency>
<groupId>org.docx4j</groupId>
<artifactId>docx4j-JAXB-ReferenceImpl</artifactId>
<version>8.3.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
</dependency>
<dependency>
<groupId>com.opencsv</groupId>
<artifactId>opencsv</artifactId>
<version>5.7.1</version>
</dependency>
<dependency>
<groupId>org.checkerframework</groupId>
<artifactId>checker</artifactId>
<version>3.21.1</version>
</dependency>
<dependency>
<groupId>org.jodd</groupId>
<artifactId>jodd-util</artifactId>
<version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.jobrunr</groupId>
<artifactId>jobrunr-spring-boot-starter</artifactId>
<version>5.1.7</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
</dependency>
<dependency>
<groupId>dev.samstevens.totp</groupId>
<artifactId>totp-spring-boot-starter</artifactId>
<version>1.7.1</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-search-orm</artifactId>
<version>${hibernate-search-orm.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-backward-codecs</artifactId>
<version>${lucene.version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>owasp-java-html-sanitizer</artifactId>
<version>20220608.1</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>pdf</nonFilteredFileExtension>
<nonFilteredFileExtension>properties</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
<excludes>
<exclude>
<groupId>com.squareup</groupId>
<artifactId>javapoet</artifactId>
</exclude>
<exclude>
<groupId>com.google.auto</groupId>
<artifactId>auto-common</artifactId>
</exclude>
<exclude>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service</artifactId>
</exclude>
<exclude>
<groupId>org.immutables</groupId>
<artifactId>value</artifactId>
</exclude>
<exclude>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
</exclude>
</excludes>
</configuration>
<executions>
<execution>
<id>build-info</id>
<goals>
<goal>build-info</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs>
<arg>-AmergeDir=${basedir}/build/mergedir</arg>
<arg>-AstrutsConfDir=${basedir}/target</arg>
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>com.mysema.maven</groupId>
<artifactId>apt-maven-plugin</artifactId>
<version>1.1.3</version>
<executions>
<execution>
<goals>
<goal>process</goal>
</goals>
<configuration>
<outputDirectory>target/generated-sources/java</outputDirectory>
<processor>com.querydsl.apt.hibernate.HibernateAnnotationProcessor</processor>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>com.querydsl</groupId>
<artifactId>querydsl-apt</artifactId>
<version>${querydsl.version}</version>
</dependency>
<dependency>
<groupId>com.querydsl</groupId>
<artifactId>querydsl-jpa</artifactId>
<classifier>apt</classifier>
<version>${querydsl.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
<version>${cxf.version}</version>
<executions>
<execution>
<id>generate-sources</id>
<phase>generate-sources</phase>
<configuration>
<sourceRoot>${project.build.directory}/generated-sources/cxf</sourceRoot>
<wsdlOptions>
<wsdlOption>
<wsdl>${basedir}/src/main/resources/MasterDataVendor_OutService.wsdl</wsdl>
<wsdlLocation>classpath:MasterDataVendor_OutService.wsdl</wsdlLocation>
</wsdlOption>
</wsdlOptions>
</configuration>
<goals>
<goal>wsdl2java</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<version>${frontend-maven-plugin-version}</version>
<configuration>
<workingDirectory>./ng</workingDirectory>
<nodeVersion>${node-version}</nodeVersion>
<npmVersion>${npm-version}</npmVersion>
<nodeDownloadRoot>http://nodejs.org/dist/</nodeDownloadRoot>
<npmDownloadRoot>http://registry.npmjs.org/npm/-/</npmDownloadRoot>
<installDirectory>./</installDirectory>
</configuration>
<executions>
<execution>
<id>install node and npm</id>
<goals>
<goal>install-node-and-npm</goal>
</goals>
<phase>initialize</phase>
</execution>
<execution>
<id>npm install</id>
<goals>
<goal>npm</goal>
</goals>
<phase>initialize</phase>
<configuration>
<arguments>ci --loglevel=error</arguments>
</configuration>
</execution>
<execution>
<id>npm run-script build</id>
<phase>generate-resources</phase>
<goals>
<goal>npm</goal>
</goals>
<configuration>
<arguments>run-script build</arguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<distributionManagement>
<repository>
<id>x</id>
<name>X Release Repository</name>
<url>${maven.repo.releases.url}</url>
</repository>
<snapshotRepository>
<id>x.snapshots</id>
<name>X Snapshots Repository</name>
<layout>default</layout>
<url>${maven.repo.snapshots.url}</url>
<uniqueVersion>true</uniqueVersion>
</snapshotRepository>
<site>
<id>x.sites</id>
<name>X</name>
<url>${maven.site.url}</url>
</site>
</distributionManagement>
</project>
And from the application.yml the javamelody part:
javamelody:
init-parameters:
log: false
system-actions-enabled: true
rum-enabled: true
url-exclude-pattern: /app/.*|/ess/.*|/resources/.*|/heartbeat|/login|/logout|/adie.*|/register|/orderpassword|/newpassword|/2fa|/saml.*|/index|/newprocreq|/webjars/.*|/info|/appoverride.*|/app.*|/fullscreen.*|/i18n.*
from javamelody.
75ACOL
commented on May 28, 2024
What does the replaceApi function provide? I doubt it handles anything.
from javamelody.
MrFastDie
commented on May 28, 2024
That method is only replacing some strings in the raw nodejs files for global variables and stuff...
private byte[] replaceApi(
@Nullable InputStream in,
String scheme,
String serverName,
Integer serverPort,
String contextPath,
@Nullable Integer projectCode,
boolean authenticated,
String ruecksprungUrl,
String xBaseUrl) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
String baseUrl = scheme + "://" + serverName + ":" + serverPort + contextPath + "/data/";
//String baseUrl = "https://x.y.z/app" + "/data/";
String base = "<base href=\"/ng/\">";
String correctBase = "<base href=\"" + contextPath + "/\">";
try (
BufferedReader br = new BufferedReader(new InputStreamReader(in, StandardCharsets.UTF_8));
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(out, StandardCharsets.UTF_8))
) {
for (String line; (line = br.readLine()) != null; ) {
bw.write(line
.replace("http://localhost:8080/dah/data/", baseUrl)
.replace(base, correctBase)
.replaceFirst(
"const SUBMISSION *= *((\\d+;)|(null;))",
"const SUBMISSION = " + projectCode + ";")
.replaceFirst(
"const AUTHENTICATED *= *((true;)|(false;))",
"const AUTHENTICATED = " + authenticated + ";")
.replaceFirst(
"const Y_CONVERSION_TARGET = undefined;",
"const Y_CONVERSION_TARGET = '" + ruecksprungUrl + "';")
.replaceFirst(
"const X_BASEURL = undefined;",
"const X_BASEURL = '" + xBaseUrl + "';"));
bw.newLine();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
return out.toByteArray();
}
from javamelody.
evernat
commented on May 28, 2024
Like @75ACOL , I do not reproduce the issue which @MrFastDie has when using the RUM feature.
@MrFastDie No, private static String getRumUrlForBrowser(String requestName) from the RumInjector is not at stake here.
In your example when creating the issue, the problem is the value after data-request-name. So the problem is more in private String getHttpRequestName().
Note that /ng/** seems to be your Spring's best matching pattern, that is your request mapping in your Spring's controller. And after /ng/**, getHttpRequestName() adds a large part of your request name (hallo velo" ...), just because it finds an unexpected space in it.
This is not supposed to happen because HttpServletRequest#getRequestUri() is not supposed to return a decoded value containing spaces or ". It is supposed to return a not decoded value containing %20 and %22, as said at https://jakarta.ee/specifications/servlet/4.0/apidocs/javax/servlet/http/httpservletrequest#getRequestURI--
@MrFastDie which app server and version are you using ? Do you use mod_jk, which may decode the request uri in some configurations, in front of your app server ? If yes, with which options ? Do you confirm that request.getRequestUri() is not decoded and contains %20 and %22 in your app server used alone (you can test locally in dev in a servlet or in a Spring's controller) ? or do you confirm the opposite ?
To be on the safe side, the MonitoringFilter or RumInjector in getContent() may replace " by %22 or by anything safe in the request name (and space by %20). But this may not be necessary if your app server follows the servlet api.
from javamelody.
MrFastDie
commented on May 28, 2024
@evernat thank you so far!
The request.getRequestURI() indeed returns the unescaped string: /app/ng/landing hallo velo" on-load=eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKQo='))
We dont use mod_jk and I cant tell your the app server version as we don't control it (its a different part of this org) but with your help I did find out that we do
@Override
public String getRequestURI() {
return getContextPath() + getServletPath();
}
and after removing that the string is as expected.
Is there a way to just disable the rum monitoring for specific WebSecurityConfigurerAdapter? In that case I would just disable rum for the angular part of the page.
from javamelody.
evernat
commented on May 28, 2024
I did find out that we do ...
If you override getRequestURI() like that, you can't expect to be safe with encoded URL. So this issue is invalid.
Is there a way to just disable the rum monitoring for specific WebSecurityConfigurerAdapter? In that case I would just disable rum for the angular part of the page.
It is not supposed to be possible. If you look at the code, it happens that if request.getAttribute("javamelody.injectorWrapped") != null before executing the MonitoringFilter, then RUM is disabled for that request. So you could for example call setAttribute("javamelody.injectorWrapped", "excludeRUM") in your getRequestURI() above, with a condition on getServletPath(). It would depend on the current implementation, but not more than breaking servlet implementation of getRequestURI().
from javamelody.
Related Issues (20)
- java.lang.NoClassDefFoundError: org/jrobin/core/RrdException HOT 2
- Is it possible to run it on a Minecraft 1.18.2 Fabric server with OpenJ9 JVM? HOT 1
- Latest IBM Java 8 SDK breaks JavaMelody: MBeansAccessor.getThreadAllocatedBytes throws UnsupportedOperationException HOT 6
- Auto registrating in optional collector in spring-boot-starter HOT 2
- InfluxDB 2.X (Auth) Support HOT 3
- Unable to expand to get more details
- Persist statistics data to database HOT 1
- Javamelody 2.0.1/Jakarta EE 10/Java 17 HOT 8
- MBeans view on JBoss/WildFly leads to OutOfMemoryError HOT 2
- Exception NoClassDefFoundError (HttpSessionListener) when trying to start Tomcat HOT 2
- License called "ASL" HOT 4
- Unable to Delete Cache Entries after Upgrading to Spring Boot 3.2.1 with EhCache 3.10.8 and JavaMelody 2.0.1 with JCaheManager
- Question about sending alerts HOT 3
- Kubernetes. Is there a way to save the data to a fixed storage directory? HOT 2
- Collect Server War uses highly vulnerable version of Jackson Databind HOT 5
- Error 500 from Confluence DC 8.7.2 HOT 2
- JavaMelodyDisabledAutoConfiguration turns off MonitoringFilter in every webapp (if many are deployed) HOT 1
- Release new OfflineViewer
- PostgreSQL pg_database request fails due to missing column since PostgreSQL 15
- NPE in jira-confluence-javamelody-1.98.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from javamelody.