You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Dileep Dasa <dd...@progress.com.INVALID> on 2022/08/15 17:56:59 UTC

How to set queryConfigEnabled?

Hi folks,

We are using CXF for Swagger in our webapp for displaying REST endpoints of our application. Everything is configured and is working perfectly until we upgraded Swagger from 3.52.5 to version 4.x.x. With swagger-ui version 4.x.x we always get default petstore APIs. I found that the reason for this is https://github.com/swagger-api/swagger-ui/issues/7702
We use url parameter and it is getting ignored as reading config params from URL is disabled for security reasons.
URL we use: http://host:port/webappname/doc/api-docs?url=/webappname/doc/openapi.json#/

I am trying to enable reading config params from URL by setting queryConfigEnabled parameter to true but it's not working for me (I understand that there are security concerns). I found this page (https://cwiki.apache.org/confluence/display/CXF20DOC/OpenApiFeature) very close to what I am looking for but I couldn't not locate any example on how to set queryConfigEnabled for swaggerUiConfig property in my web.xml. Could someone please help me by providing examples on how to set this?


Sample web.xml:
               <servlet>
                              <servlet-name>MyServlet</servlet-name>
                              <servlet-class>
          org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet
                              </servlet-class>
                              <init-param>
                                             <param-name>javax.ws.rs.Application</param-name>
                                             <param-value>com.abc.xyz.MyApp</param-value>
                              </init-param>
                              <init-param>
                                             <param-name>redirects-list</param-name>
                                             <param-value>
        .*\.jsp
        .*\.jspx
        </param-value>
                              </init-param>
                              <init-param>
                                             <param-name>redirect-servlet-name</param-name>
                                             <param-value>mvc-dispatch</param-value>
                              </init-param>
                              <init-param>
                                             <param-name>static-resources-list</param-name>
                                             <param-value>
        /index.html
        .*\.html
        .*\.htm
        .*\.json
        .*\.js
        </param-value>
                              </init-param>
                              <init-param>
                                             <param-name>static-welcome-file</param-name>
                                             <param-value>/index.html</param-value>
                              </init-param>
                              <load-on-startup>1</load-on-startup>
               </servlet>

Versions:
CXF: 3.5.1 (can upgrade to latest CXF if required) (https://mvnrepository.com/artifact/org.apache.cxf/cxf-core)
Swagger UI: 4.13.2 (Open for any version in 4 series) (https://mvnrepository.com/artifact/org.webjars/swagger-ui)
JDK: openjdk version "17.0.3"
Platform: Windows
Container: Tomcat 9.0.64

Thank you.

RE: How to set queryConfigEnabled?

Posted by Dileep Dasa <dd...@progress.com.INVALID>.

Hi folks,

Could someone please help me with this?

Thank you.

From: Dileep Dasa <dd...@progress.com.INVALID>
Sent: Monday, August 15, 2022 11:27 PM
To: users@cxf.apache.org
Subject: How to set queryConfigEnabled?

Hi folks,

We are using CXF for Swagger in our webapp for displaying REST endpoints of our application. Everything is configured and is working perfectly until we upgraded Swagger from 3.52.5 to version 4.x.x. With swagger-ui version 4.x.x we always get default petstore APIs. I found that the reason for this is https://github.com/swagger-api/swagger-ui/issues/7702
We use url parameter and it is getting ignored as reading config params from URL is disabled for security reasons.
URL we use: http://host:port/webappname/doc/api-docs?url=/webappname/doc/openapi.json#/

I am trying to enable reading config params from URL by setting queryConfigEnabled parameter to true but it's not working for me (I understand that there are security concerns). I found this page (https://cwiki.apache.org/confluence/display/CXF20DOC/OpenApiFeature<https://cwiki.apache.org/confluence/display/CXF20DOC/OpenApiFeature>) very close to what I am looking for but I couldn't not locate any example on how to set queryConfigEnabled for swaggerUiConfig property in my web.xml. Could someone please help me by providing examples on how to set this?

Sample web.xml:
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>
org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet
</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.abc.xyz.MyApp</param-value>
</init-param>
<init-param>
<param-name>redirects-list</param-name>
<param-value>
.*\.jsp
.*\.jspx
</param-value>
</init-param>
<init-param>
<param-name>redirect-servlet-name</param-name>
<param-value>mvc-dispatch</param-value>
</init-param>
<init-param>
<param-name>static-resources-list</param-name>
<param-value>
/index.html
.*\.html
.*\.htm
.*\.json
.*\.js
</param-value>
</init-param>
<init-param>
<param-name>static-welcome-file</param-name>
<param-value>/index.html</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

Versions:
CXF: 3.5.1 (can upgrade to latest CXF if required) (https://mvnrepository.com/artifact/org.apache.cxf/cxf-core<https://mvnrepository.com/artifact/org.apache.cxf/cxf-core>)
Swagger UI: 4.13.2 (Open for any version in 4 series) (https://mvnrepository.com/artifact/org.webjars/swagger-ui<https://mvnrepository.com/artifact/org.webjars/swagger-ui>)
JDK: openjdk version "17.0.3"
Platform: Windows
Container: Tomcat 9.0.64

Thank you.