How to restrict REST API v2 to allow POST only?

chesslover · December 9, 2017, 4:22pm

Hello,

I am following this to expose a REST API v2 for my services:

How can I restrict an endpoint to allow POST only?

Thank you.

gorbunkov · December 12, 2017, 6:04am

Hi,
There is no specific configuration in Cuba to do that. However, you can always define a regular HttpFilter in your web.xml and forbid unwanted requests there.

chesslover · December 12, 2017, 7:29am

Thank you Max, glad to know that CUBA also has that certain level of being configurable using standard means.

sushma.nainakanti · May 10, 2018, 6:47am

Hi,

Could you give any example how we can allow only one method like POST to the services by using HttpFilter.

I am using ContainerRequestFilter to give access control. But this class is not triggering in cuba platform.

//my code

@Provider
public class RoleBasedResource implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException{
System.out.println(“Test======>”);
}
}

While making a rest api service call. @Provider with ContainerRequestFilter is not triggering.Can you please help here.

Thanks!!

gorbunkov · May 17, 2018, 4:53am

Hi,
you may create a regular Filter and register it in web.xml

package com.company.resttest1.web.sys;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class MyServletFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        if (isRestServiceUrl(httpRequest.getRequestURI()) && "GET".equals(httpRequest.getMethod())) {
            httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        } else {
            chain.doFilter(request, response);
        }
    }

    private boolean isRestServiceUrl(String uri) {
        return uri.contains("/rest/v2/services/");
    }

    @Override
    public void destroy() {}
}

web.xml

    <filter>
        <filter-name>restPermissionsFilter</filter-name>
        <filter-class>com.company.resttest1.web.sys.MyServletFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>restPermissionsFilter</filter-name>
        <url-pattern>/rest/*</url-pattern>
    </filter-mapping>