This article explains why the error java.lang.StringIndexOutOfBoundsException: String index out of range: -1 in the class ServerSideStateHelper in the method getState (313) might be someone trying to hack your application server. It is getting quite technical in here… but bear with me… it’s really interesting. I also break down the actual attack to demonstrate what the attacker was trying to do.
This article demonstrates how inbound request from a webserver (Apache) can be proxied to an application server (WildFly 10) using the Apache JServ Protocol (AJP). For more information on what AJP actually is, take a look at https://en.wikipedia.org/wiki/Apache_JServ_Protocol .
WildFly 10 Configuration
First you have to add an ajp-listener to the undertow subsystem (line 4).
This article demonstrates how to set up an Angular2 project with Webpack. The setup also supports Typescript, Less, CSS packages like Twitter Bootstrap and Fonts e.g. FontAwesome.
It describes how to set up all the different plugins, loaders etc. I needed for a real Angular2 application. Most articles I read so far only concentrate on one small part of a complete setup. If you think I forgot to mention an elementary part of the setup, please let me know.
Required NPM Packages
All required dependencies for Webpack are put into package.json as devDependencies, so that NPM will automatically install them.
If you make a request to a REST service and are not logged in, by default ASP .NET 5 Identity returns a 302 Redirect to login page. This is great if you are visiting the URL of a controller directly. If you make an Ajax request to a specific REST API and are not logged in however, you are also redirected to the login page and instead of the content of the API you will get the content of the login page itself. Probably without even noticing it right away.
So in instance of API calls I would prefer a 401 Unauthorized status code, e.g. $http requests using AngularJS. Here only the Ajax call itself gets redirected, but the URL of the browser remains the same. This means you won’t see that there is an “authentication problem” and you are not redirected to the login page.
In this article I will demonstrate how to restrict controller access to users that have already logged in. In the second part I will show how to do authentication using a REST Controller.
In order to restrict access to a Controller you only have to add the Authorize Attribute to Controller as shown below.
After adding this Attribute all consumers of this REST service that are not logged in will get a status code 302 redirect to the default login location. I will demonstrate how this location and behavior can be modified in a future article.
In my Angular2 application I want to be redirected to the login page whenever I get a 401 response during an Ajax call. Therefore I want to intercept all Ajax calls and check for the response code. In addition to that I also want to set a couple of default request headers for each Ajax call. The code below shows an interceptor for angular2 http requests.