2021年3月27日 星期六

XML使用CDATA避免&符號解析失敗

因為國外的客戶姓名有&
導致XML格式錯誤
必須使用CDATA把姓名欄位包以來

https://stackoverflow.com/questions/2784183/what-does-cdata-in-xml-mean

Example:

The string contains "&" in it.

You can not:

<FL val="Company Name">Dolce & Gabbana</FL>

Therefore, you must use CDATA:

<FL val="Company Name"> <![CDATA["Dolce & Gabbana"]]> </FL>

2021年3月10日 星期三

內網環境編譯Maven專案,設定Proxy的步驟

一般公司電腦連外上網都會透過Proxy Server,編譯Maven專案時需要特別設定Proxy並將Maven網站的SSL憑證匯入到keystore,步驟如下。

(一)
設定Proxy:
settings.xml放在使用者目錄的.m2資料夾

(二)
因為Maven站台使用https連線,需要透過瀏覽器匯出並將此SSL憑證匯入到keystore
參考
https://stackoverflow.com/questions/25911623/problems-using-maven-and-ssl-behind-proxy

Use a browser (I used IE) to go to https://repo.maven.apache.org
Click on lock icon and choose "View Certificate"
Go to the "Details" tab and choose "Save to File"
Choose type "Base 64 X.509 (.CER)" and save it somewhere

Now open a command prompt and type (use your own paths):
keytool -import -file C:\temp\mavenCert.cer -keystore C:\temp\mavenKeystore

(三)
加入以下紅色參數(以執行Spring Boot專案為例)
mvn spring-boot:run -Djavax.net.ssl.trustStore=C:\temp\mavenKeystore


備註:
如果沒有設定 -Djavax.net.ssl.trustStore=會有以下錯誤訊息
Maven sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2021年3月2日 星期二

Spring Security Reference (5.0.12)

https://docs.spring.io/spring-security/site/docs/5.0.12.RELEASE/reference/html/

disable-url-rewriting =“true

https://www.cnblogs.com/xjknight/p/10897849.html

从Spring 3.0开始,现在可以通过在命名空间中设置disable-url-rewriting =“true”来禁用将jsessionid附加到URL的URL重写逻辑。

web.xml方式設定:
<session-config>
     <tracking-mode>COOKIE</tracking-mode>
</session-config>

Java config方式設定:
servletContext.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE));

Cookie的setHttpOnly()和setSecure()

https://openhome.cc/Gossip/ServletJSP/Cookie.html

https://ajoshow.com/2017/07/19/201707192223/

 

Spring設定
https://www.itread01.com/content/1558404302.html
public class MainWebAppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext sc) throws ServletException {
        sc.getSessionCookieConfig().setHttpOnly(true);        
        sc.getSessionCookieConfig().setSecure(true);        
    }
}

2021年3月1日 星期一

ddd-by-examples

https://github.com/ddd-by-examples/library

Requirements

  • Java 11
  • Maven

 

REST API的四個Level

https://martinfowler.com/articles/richardsonMaturityModel.html

 

Know how RESTful your API is: An Overview of the Richardson Maturity Model
https://developers.redhat.com/blog/2017/09/13/know-how-restful-your-api-is-an-overview-of-the-richardson-maturity-model/

 

你的REST不是REST?
https://www.ithome.com.tw/voice/128528


Spring HATEOAS
https://spring.io/projects/spring-hateoas
https://openhome.cc/Gossip/Spring/HATEOAS.html

Spring Security設定同個使用者一次只能一個session登入

// https://www.baeldung.com/spring-security-session
//同個使用者一次只能一個session登入,重複原本登入的會回應This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).

http.sessionManagement().maximumSessions(1);


demo code:
https://github.com/imrexhuang/Spring-Boot-Security-Thymeleaf-Demo/commit/f65ba7740cfff0a13417ca12b3bbf052ae8e83bd

Spring Security CSRF不保護GET,HEAD,TRACE,OPTIONS等Safe Methods

https://matthung0807.blogspot.com/2019/11/spring-security-csrf-default-protection.html

Control the Session with Spring Security

https://www.baeldung.com/spring-security-session

demo code:
https://github.com/imrexhuang/Spring-Boot-Security-Thymeleaf-Demo

Thymeleaf加入Spring Security標籤的支援

        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        </dependency>


ref:
https://www.baeldung.com/spring-security-thymeleaf
https://www.thymeleaf.org/doc/articles/springsecurity.html
https://www.marcobehler.com/guides/spring-security

demo code:
https://github.com/imrexhuang/Spring-Boot-Security-Thymeleaf-Demo

JSR 315: Java Servlet 3.0 Specification

https://jcp.org/en/jsr/detail?id=315

https://openhome.cc/Gossip/ServletJSP/Configuration.html

https://zhuanlan.zhihu.com/p/81885441

使用Spring Boot免去web.xml

使用Spring Boot进行Web开发的时候,按照官方的推荐都是使用内嵌的Servlet容器,和应用一起打包成jar包部署,当然,我们可以使用传统war包来部署,Main Class只需继承org.springframework.boot.web.servlet.support.SpringBootServletInitializer即可(启动时会加载所有ServletContainerlnitializer)。

免去web.xml是通过Servlet 3.0中的javax.servlet.ServletContainerInitializer来实现的,ServletContainerInitializer是提供了一个实现和web.xml类似功能的接口,在应用启动的时候能够通过编程的方式来注册Servlet、Fileter、Listener的功能。

SpringBoot通过Servlet3.0的这个设计,结合SPI机制,在spring-web包下发现META-INF/services/javax.servlet.ServletContainerInitializer实现类:org.springframework.web.SpringServletContainerInitializer从而进行初始化,包括对DispatcherServlet的注册,ContextLoaderListener的注册等等,最终免去web.xml