I have included a dependency which will add an interceptor.
In my case, I don't want this interceptor to filter every request, instead, I want to specify specific URL patten for it to intercept.
Is there any way to modify the a registered inteceptor's path pattern?
Related
I have just started with Spring Web Flow. I have a basic doubt. In case of Spring MVC, the #RequestMapping contains the URL mapping, say for eg, #RequestMapping("/home"), this means, when the URL nodeContent is /home, the Contorller with #RequestMapping("/home") will be delegated by the dispatcher servlet. In case of Spring Web Flow, how is this mapping done? I mean, how do we even identify the request URL? is it the flow-location id in flow-registry? Basically, I want to know how to identify that when a Spring web flow is invoked based on what kind of URL request? eq- "https://stackoverflow.com/questions/ask", if this URL has to invoke a flow, how is the mapping done with the URL /ask.
Please can anyone answer this?
The main thinks is, there are two beans which is complete the mapping.
First of all,
FlowHandlerMapping : in general, DispatcherServlet know the request mapping by handler mapping, but in WebFlow, FlowHandlerMapping helps DispathcerServlet to know the mapping. Basically it's "flow-registry". When hit the url, then it's get the url with the id. now it's ready to execute the flow.
FlowHandlerAdapter : When the executable flow url is ready then it's try to load the flow file with id like
configure-flow.xml
Once you successfully get the path then flow will start. The flow will continue until view-state to end-state.
Maintain the order of your view page, because next flow will come in order.
If you have any question, leave in comment section.
I've been following a series of videos on how to create a web API using MVC 4. The sixth video describes the authorization process, but it is both too complex for what I want, and it somehow redirects to a form (which makes no sense to me, but then I'm new to this stuff).
I've used API's from other sites, and they usually use one of 2 methods:
a token in the url (http://myurl/api/service/?token=[bunch of characters here]
a username or password (or token) in the header
I'm leaning towards the second method, as it means I wouldn't have to add a parameter to each of my methods.
If I use this approach, do I need to add code to the beginning of each method to check the headers (request.headers?) for username/password (then find them in our database and see if they have permission to access this method)...Or is there a simpler way of doing this?
You can mark your Controller class with attribute which is derived from AthorizationFilterAttribute.
http://msdn.microsoft.com/en-us/library/system.web.http.filters.authorizationfilterattribute(v=vs.108).aspx
In this case you will not need to write authorization checks in every method, but only in one place.
This approach is well described under the following link:
http://www.tugberkugurlu.com/archive/api-key-authorization-through-query-string-in-asp-net-web-api-authorizationfilterattribute
I want to submit a form using AJAX to a MVC 3 Controller.
The form and the controller are on two different domains, which is why i want to use CORS.
I have read that the following code should do the trick in ASP.NET:
Response.AppendHeader("Access-Control-Allow-Origin", "*");
from http://enable-cors.org/#how-asp.net
Should this code go directly in the controller that takes the form data?
As far as i know, there has to be some exchange of data between the client posting data and the server, to determine wether CORS is enabled/supported or not, so i figure that the one line of code has to go somewhere else?
Thanks
This could go in the controller. Actually I would probably externalize it in a custom action filter to avoid repeating it in every controller action that needs to be invoked from a cross domain AJAX call. There are no additional steps necessary. Just make sure that your browser supports CORS because if it doesn't adding this line will have strictly no effect whatsoever.
My back-end server is built using the Microsoft WCF REST Starter Kit Preview 2. I want to add some request processing to all requests, except for those methods I explicitly disable by marking them with an attribute. I have over a hundred service methods and there are only a few I want to exclude from this extra processing. I'll tag them all if I have to, but I'm trying to avoid disrupting what's already written.
I haven't seen anything I can add to WebInvoke, and adding an interceptor won't let me examine the method that the request is routed to.
I am asking for an explanation of how to register HttpOperationHandler object(s) so I can do my extra request processing (i.e. authorization based on information in the request headers) before it is handed off to the method it was routed to. Can someone please explain how to do this, without rewriting my existing codebase to use Web API?
You can't use an HttpOperationHandler with WCF REST Starter Kit. However the Web API is very compatible with ServiceContracts that were created for WCF REST Starter kit. You should be able to re-host them in a Web API host relatively easily. You may have to change places where you access WebOperationContext, but it should not be a huge change.
I solved my problem by adopting another method. It authenticates all requests. I can't control which method it applies to, but I was able to work around that.
I created a custom ServiceAuthorizationManager class to process the Authorization header. The CheckAccess() method returns true to allow the request through or false if the user is not authenticated or not authorized to perform the service. I hooked it up to the ServiceHost for my services by creating a custom WebServiceHostFactory class and assigning an instance to the Authorization.ServiceAuthorizationManager in its CreateServiceHost() methods.
Although I can't directly check method attributes for the service being executed, the Message.Headers member of the object passed to CheckAccess() has a To property that contains the URI of the service being called. If necessary, I could examine it to determine what method the request would be routed to.
The ServiceAuthorizationManager applies to all requests, so no web methods or classes must be marked with any special attributes to enable it.
I'm wondering if it is possibile to customize routing in a way that all requests are evaluated by a piece of code, redirected to the relevant controller if a match is found or passed to next rout in list if not found.
sample request:
/my coolpage/another one
the code searches and determine that the right controller for this is
Page, action is "list" and id is "123" and so redirects
another request:
/products/list/5
code finds no match al passes it back to next route that knows how to handle it...
any idea on how to do this?
Custom Route class
If you really need this kind of request mangling and you can't do it with IIS URL Rewriting module, then writing your own Route class is your best bet. You will probably have to write some other parts as well, but a custom Route class will be your starting point.