I am creating an advanced app that uses websocket instead of ajax for dynamic interaction. My WebSocket messages are handled like HTTP Requests, they contain a json-encoded array of path and parameters, which will be converted to a Request. Now the HttpKernel handles this request like every other HTTP request (as sub-request). The only problem is, that the routes for websocket messages are public avaible.
Has anyone an idea how to allow only internal access for a route in this situation?
This answer explains why the firewall configuration can't be used to block routes by name as it uses the RequestMatcher which allows only path regexes and not route names.
Related
For start - I understand the difference between GET and POST.
What I don't understand is how does a request that doesn't mention either of them work, when and why would I want to use it?
Here's an example from ASP.NET Docs:
Map method
MapGet method
MapPost method
HTTP requests always have an HTTP method associated with them. GET and POST are two such methods, but there are others (see here).
When you call the MapGet, MapPost, or Map methods, you are creating "rules" that ASP.NET will use to route incoming requests to different parts of your application code, depending on which rules are matched.
Part of each rule is the route pattern itself, but you can also require a specific HTTP method in order for a rule to be matched. That's what MapGet and MapPost are doing - when you use them, they will only match requests that also have the appropriate HTTP method (GET and POST, respectively). In contrast, Map will match any incoming request (that also matches the route pattern), regardless of the HTTP method of the request.
This can be an easy way to get your application to behave differently depending on the HTTP method that is used. For example, you could use MapGet to route GET requests to a method that will return something, while using MapPost to route POST requests to a method that will create a new record. If you want your application to behave the same way for all requests (or you want to programmatically check the request method), you could just use Map.
I have an application which uses Apache Camel to build an API. It basically uses blueprint.xml to define routes and processing is done by a bean(please note its not any processor bean. Just a plain Java bean). It uses Jersey client to invoke the backend system Rest API.
My requirement is to get the http headers in the code to be able to send them to our custom logging system.
a) I tried #httpHeaders annotation but this does not inject the headers on my code.
b) Since its not using any BeanProcessor i dont have an Exchange object from where i can get the header values.
Please help with a way to get header values on the code.
Add the request context to your class
#Context
private HttpServletRequest request;
and get the headers in your endpoint using request.getHeader
Returns the value of the specified request header as a String.
We know the difference between POST and GET, but why should a client state the method type when issuing http requests? Why should it make a difference for the server? in the end, it is the server job to deal with those requests according to their URL and Content. either by redirecting, blocking or accepting and using data (existing in the URL or request body).
An endpoint can accept both GET and POST requests (along with PUT, PATCH and DELETE). If the client does not explicitly state what type of request they are sending, the server will interpret it as a GET request (the default).
Consider the following PHP example, sitting on https://api.example.com/resources/:
<?php
if ($_POST["request"]) {
// Create new resource
}
else if ($_GET["request"]) {
// List existing resources
}
In both instances, the request parameter is sent to the same page, and different logic is run based on what the method is. But considering the same data is sent to the same page in both instances, the server wouldn't know which one of the two conditions to step into if the client doesn't explicitly specify the method.
In RESTful programming, both the client and server have been programmed to understand the request, but the client has no knowledge of the server itself. It is up to the server to process the request, based off of what the client asks it to do. And the client asks it to do different things by specifying the method.
I want to route SOAP messages to different servers depending on the message content.
I tried the Application Request Routing (ARR), but it seems, that you can only route by server variables and the HTTP header.
I found this tutorial:
Developing a Custom Rewrite Provider for URL Rewrite Module
My Question is, can I route depending on the HTTP body with a custom ReplaceProvider (IRewriteProvider, IProviderDescriptor)?
This is not possible!
Application Request Routing (ARR) can only access information from the http header.
I have a api url like below in my mvc4 app
http://localhost:15839/api/mydata/getdata/3365895543/PROBLEMDATA/myotherparam
Now client is consuming the above url to send httprequest. In response api is sending back a response. but in PROBLEMDATA of the url user is sending bad characters that are giving me Bad Request - Invalid URL. I can't force my client source to encode data. i need to handle it in my web api and give back my client a string "Unsucessful". I have seen this webapi cycle wondering at which point I should handle this. probably at http message handler but How?
I may need to follow this. but Register(HttpConfiguration config) also doesn't get hit
I believe you can capture this globally by overriding the application_error method. From there I suppose you could produce the "unsucessful" response or pass the request along to be handled at the controller level.
Take a look at this question as well.