The first thing to clarify is that perhaps the title is not very concrete but I do not know how to express it better because I do not understand the problem I have.
A little bit of context: I have a Spring Boot application with JWT authentication and Swagger installed.
The controller I am using as an example has the following content.
@RestController
@RequestMapping("/api/v1")
@CrossOrigin(origins = "*")
@Api(value = "Operations Dummy")
public class DummyController {
@Autowired
IDummyService _IDummyService;
@ApiOperation(value = "Get All Dummy")
@GetMapping("/dummy")
public ResponseEntity<ResultList<DummyDTO>> getAllDummy() {
return _IDummyService.getAll();
}
}
Like this controller there are several, all similar.
The correct functioning of the application would be to call the endpoint GET http://localhost:8080/api/v1/dummy
The response would be similar to the following:
{
"data": [
{
"id": 0,
"name": "test"
},
{
"id": 1,
"name": "dummy"
}
],
"metadata": {
"count": 0
}
}
The problem is that some of the endpoints are accessible from the root, as follows: GET http://localhost:8080/dummy
And they produce a different response, but still show the data
{
"_embedded" : {
"dummy" : [ {
"id" : "0",
"name" : "test",
"_links" : {
"self" : {
"href" : "http://localhost:8080A/dummy/0"
}
},{
"id" : "1",
"name" : "dummy",
"_links" : {
"self" : {
"href" : "http://localhost:8080/dummy/1"
}
} ]
},
"_links" : {
"first" : {
"href" : "http://localhost:8080/dummy"
},
.
.
.
},
"page" : {
"size" : 20,
"totalElements" : 32,
"totalPages" : 2,
"number" : 0
}
}
For more information this is a copy of the configuration file:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().
authorizeRequests()
.antMatchers("/api/v1/users/auth").permitAll()
.antMatchers("/error",
"/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/**",
"/swagger-ui.html",
"/webjars/**").permitAll()
.antMatchers("/api/v1/**").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
As I said, not with every controller this happens, in fact, when I realized that this problem was happening, I deleted the dummy controller and compiled the project again, and it was still possible to get the information through /dummy and not through /api/v1/dummy
As for the logs, when we call /dummy the following log is produced:
o.s.web.servlet.DispatcherServlet : GET "/dummy", parameters={}
m.m.a.RequestResponseBodyMethodProcessor : Using 'application/hal+json;q=0.8', ...
m.m.a.RequestResponseBodyMethodProcessor : Writing [PagedResource { content:
o.s.web.servlet.DispatcherServlet : Completed 200 OK
while for the call to /api/v1/dummy it is:
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.example.es.controller.DummyController#getAllDummy()
o.s.web.servlet.DispatcherServlet : GET "/api/v1/dummy", parameters={}
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.example.es.controller.DummyController#getAllDummy()
o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [*/*] and supported [application/json, application/*+json, application/json, application/*+json]
o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [com.example.es.util.ResultList@19771362]
o.s.web.servlet.DispatcherServlet : Completed 200 OK
Update:
I have added the following line in the application.properties file and it seems that now it does return 404, but I am not sure if this can affect the operation
spring.data.rest.detection-strategy=annotated
