I have a spring data REST application in which I have added a interceptor for authentication & authorization.
private static final boolean IS_JPA_AVAILABLE = ClassUtils.isPresent("javax.persistence.EntityManager",
RepositoryRestMvcConfiguration.class.getClassLoader());
#Override
public JpaHelper jpaHelper() {
if (IS_JPA_AVAILABLE) {
JpaHelper helper = new JpaHelper();
helper.getInterceptors().add(new MyInterceptor());
return helper;
} else {
return null;
}
}
In this application, I have few controllers as well. Some of them are #RepositoryRestController & other are #BasePathAwareController. I want to call the interceptor when a request comes to these controllers. For #RepositoryRestController the interceptor get called, but for #BasePathAwareController it is bypassed.
How can I make this interceptor get called for both controller classes?
This issue is resolved by adding mapped interceptor (thanks llya for your inputs). In the configuration class, I have added following mapped interceptor. In this way it will be called for all requests coming to any controller.
#Bean
public MappedInterceptor myMappedInterceptor() {
return new MappedInterceptor(new String[]{"/**"}, getSecurityInterceptor());
}
Reference
How to add Custom Interceptor in Spring data rest (spring-data-rest-webmvc 2.3.0)
Related
I'm using Phalcon v.4 and I have seen that are two ways to create the session inside a controller:
class PostController extends Controller
{
public function postAction(): Response
{
$session = new Phalcon\Session\Manager()
}
}
or
class PostController extends Controller
{
public function postAction(): Response
{
$this->session;
}
}
I have seen that the methods are the same, but I'm not able to understand the different and which is better to use.
if you created your project using phalcon's cli devtools then the session service would be created by default in app/config/services.php
that being said in your controller when you access the instance's property session aka $this->session this would look for a service called session and by default it would setup session using file adapter and starts it and $this->session would return an instance of Phalcon\Session\Manager
I use Restlet integration with Jetty in my project. I would need to remove the "Server" header from the response as it discloses server information. But since I use Restlet integration with Jetty (restlet, jetty, org.restlet.ext.jetty.jar) the HttpConfiguration object is instantiated inside Restlet and not in my code. So I am not able to set "_sendServerVersion" as false and hence not able to remove the server header from the response. How to remove the server header from the response in this case ?
The best way to create a Filter and remove the header through the Filter:
public class ServerFilter extends Filter {
public ServerFilter(Context context) {
super(context);
}
#Override
protected void afterHandle(Request request, Response response) {
response.getHeaders().set("Server", null);
super.afterHandle(request, response);
}
}
Then use it like:
ServerFilter serverFilter = new ServerFilter(getContext());
serverFilter.setNext(router);
return serverFilter;
See: https://javadocs.restlet.talend.com/2.4/jee/api/index.html for documentation
I am trying to add RequireHttpsAttribute attribute to MVC filters collection to push web site to HTTPS when it is deployed on prod server. The problem is with HttpContext.Current.Request.IsLocal line, the Request object is not available yet. Then how to check is site running localy or on prod server in RegisterGlobalFilters?
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
if (!HttpContext.Current.Request.IsLocal) //Exception here!!!
{
filters.Add(new RequireHttpsAttribute());
}
}
In this method you are to register the filters that will do the checking when the request comes in. This method will only get called once each time the application is started. So here you need to do something along the lines of:
filters.Add(new MyAuthorizeAttribute());
With MyAuthorizeAttribute being something along the lines of:
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
If(!httpContext.Request.IsLocal)
{
**//Check for HTTPS and return false if need be**
}
}
Of course it does not need to be an AuthorizeAttribute.
EDIT
As I said before this method is called only once at the start of the application so there is no request for you to check in here. Here you can only apply filters that will be called every time a request is received. It is inside those filters that you can check request specific properties.
If you insist on using the RequireHttpsAttribute, than you either have to apply it to all methods regardless of whether the request is local or not or you have to extend RequireHttpsAttribute and override HandleNonHttpsRequest to handle local requests.
I am working on the spring data rest services & facing some issue in the custom interceptors. Earlier I used spring-data-rest-webmvc 2.2.0 & added interceptor in following way.
public RequestMappingHandlerMapping repositoryExporterHandlerMapping() {
RequestMappingHandlerMapping mapping = super
.repositoryExporterHandlerMapping();
mapping.setInterceptors(new Object[] { new MyInterceptor() });
return mapping;
}
It worked perfectly fine for me. But when i upgraded to spring-data-rest-webmvc 2.3.0 version, I noticed that handlerMapping is hidden behind DelegatingHandlerMapping. Hence I tried to add interceptor in following way.
In one of my config class I have extended RepositoryRestMvcConfiguration class & override its method.
public class AppConfig extends RepositoryRestMvcConfiguration {
#Autowired ApplicationContext applicationContext;
#Override
public DelegatingHandlerMapping restHandlerMapping()
{
RepositoryRestHandlerMapping repositoryMapping = new RepositoryRestHandlerMapping(super.resourceMappings(), super.config());
repositoryMapping.setInterceptors(new Object[] { new MyInterceptor()});
repositoryMapping.setJpaHelper(super.jpaHelper());
repositoryMapping.setApplicationContext(applicationContext);
repositoryMapping.afterPropertiesSet();
BasePathAwareHandlerMapping basePathMapping = new BasePathAwareHandlerMapping(super.config());
basePathMapping.setApplicationContext(applicationContext);
basePathMapping.afterPropertiesSet();
List<HandlerMapping> mappings = new ArrayList<HandlerMapping>();
mappings.add(basePathMapping);
mappings.add(repositoryMapping);
return new DelegatingHandlerMapping(mappings);
}
}
But after adding this some of my repository operations (findAll() operation on repository) start failing. If I removed this interceptors those operations worked fine. (In this interceptor I am just authenticate the user.)
Hence I am unable to understand problem here. Am I adding the interceptor in wrong way? Is there any other way to add the interceptor?
You should not use repositoryMapping.setInterceptors() - it destoys the internal interceptors Spring placed there, and that's probably the reason some methods stopped working.
I suggest you override jpaHelper() method and put your interceptors into the JpaHelper object in RepositoryRestMvcConfiguration. Spring will should them to the global interceptor list.
But, again, if all you need is authentication, why not use a Spring Security filter?
EDIT: the solution above works only for RepositoryRestHandlerMapping, not for BasePathAwareHandlerMapping.
I suggest you declare a custom MappedInterceptor bean somewhere:
#Bean
public MappedInterceptor myMappedInterceptor() {
return new MappedInterceptor(new String[]{"/**"}, new MyInterceptor());
}
From my understanding of the source code Spring should automatically add this interceptor to all request handlers.
I am trying to figure how to create tests for my controllers that are consuming a WCF service (via a proxy class)
The proxy class is pretty much identical to the one listed in this post http://blog.weminuche.net/2008/08/test-post.html
Base Controller
public abstract class ServiceProxyController<TService> : Controller
where TService : class
{
private readonly ServiceProxy<TService> _proxyHelper;
protected ServiceProxyController(string endpoint)
{
_proxyHelper = new ServiceProxy<TService>(endpoint);
}
private Stuff GetStuff(int num)
{
Call((service) => {
service.DoSomeStuff(num)
});
................
}
...........
}
Controller Implementation
public class MyController : ServiceProxyController<IService>
{
public MyController() : base("ServiceBindingName")
{
}
}
I want to be able to inject a proxy helper(???) into my controller so as I can mock it and therefor test the controller
How about injecting the proxy helper to the constructor (notice the introduction of an abstraction):
private readonly IServiceProxy<TService> _proxyHelper;
protected ServiceProxyController(IServiceProxy<TService> proxyHelper)
{
_proxyHelper = proxyHelper;
}
and the controller:
public MyController(IServiceProxy<TService> proxyHelper)
: base(proxyHelper)
{
}
This way in your unit test when instantiating the controller you could inject a mocked instance of the IServiceProxy<TService> interface.
You will then need to configure your DI framework to insert the proper implementation into the controller constructor which will wrap the actual ChannelFactory.
I just asked a similar question. I am injecting the service using structure map. I am dynamically creating a proxy using channel factory.
Look at this example for using Channel factory.
creating WCF ChannelFactory<T>
My question for your reference.
Rhinomocks - Mocking delegates
Note- Actually it was Darin who posted the ServiceInvoker