I want hide swagger API in dependence of my deployment environment.
You can hide API by Annotation:
#Api(
hidden = false)
public class MyRESTClass { ... }
It work fine, but is not dynamic. Is there another way to hide or not dynamic the swagger API?
see: ApiMode Swagger
Yes there is a spec-filter interface that you can implement for dynamic spec filtering. You can extend AbstractSpecFilter.java and implement the methods that you want, which allows you to filter based on headers, parameters, etc. It's very flexible.
Related
I want to send to client side like this:
{
"success": true,
"message": "Your Message",
"result": ""
}
When it comes to Blueprint APIs, we will not be able to send custom responses. In order to send custom responses, you have to define custom actions/controller methods with the desired response and define a custom route for that action/controller method in config/routes.js. If the Blueprint APIs still override the custom methods, you can disable the Blueprint APIs by changing the value of actions to false in config/blueprints.js. This will disable Blueprint APIs completely.
module.exports.blueprints = {
actions: true,
// rest: true,
// shortcuts: true,
};
If you want to disable Blueprint routes on a per-controller basis, checkout https://sailsjs.com/documentation/reference/blueprint-api#?disabling-blueprint-routes-on-a-percontroller-basis for more info.
Even though Blueprint APIs come in handy during development, it is recommended to use custom routes while moving to production, since custom routes are more secure than Blueprint APIs.
I am new to .net core and not very good with the routing understanding. I am trying to make api calls using the route template as follows
routeTemplate: "api/{controller}/{action}/{id}"
When I created the .net core project of api type, it added a controller with the name of Values and the way its accessing the api calls is placing the routes on top of the controller.. [Route("api/[controller]")]
How can I set my controller to use the action step?
I basically want to be able to make calls to my api like this
https://localhost:44345/api/MyProcessor/getValues
https://localhost:44345/api/MyProcessor/AllDefinations
Where MyProcessor is the name of the controller.
You want to make calls to your api like:https://localhost:port/api/[controllerName]/XXX.
1.If the last XXX is defined to action. There are two options as
follow:
Change the [Route] template:
[Route("api/[controller]/[action]")]
Change [HttpGet] which is based on [Route("api/[controller]")]:
[HttpGet("[action]")]
2.If the last XXX is defined to any other name. You could change the [HttpGet] which is based on [Route("api/[controller]")]:
[HttpGet("getValues")]
Recently I need to create REST API for existing grails application.
I am thinking that is it really possible to have both of the controllers (Normal and Restful) for same domain class in one single grails application?
Which controller will handle the request if make a HTTP GET request?
Please discuss your thoughts or if it is possible at all please guide me how.
We can define a new Controller to handle to REST API calls. e.g. In my app I have User as Domain Class and have UserController which return the data to GSP pages. I wanted to add REST API support (unfortunately) in the same app and I don't wanted to deal with mess it is already there in UserController. So I added new Controller UserRestController which will specifically handle the REST API calls and following mapping in UrlMappings.groovy which now works fine. Thanks to #codehx for helping me on this.
"/api/users"(controller: "userRest", parseRequest: true) {
action = [GET: "list", POST: "save" }
"/api/users/$id"(controller: "usersRest", parseRequest: true) {
action = [GET: "show", PUT: "update", DELETE: "delete"] }
Which controller will handle the request if make a HTTP GET request?
As far as it is not possible to have two controllers with same name in grails app this will not be confusing.
Just use two different names for Normal controller and for your RESTFUL controller, so obviously the URL for accessing the two urls will be different.
What I'm trying to do is described in great detail here:
Call a Server-side Method on a Resource in a RESTful Way
I have Ember Data's RESTAdapter working with my API, but now I want to give Ember.js a way to kick off various server-side actions using custom routes, such as /docs/1/share or /docs/1/activate. The former would possibly modify the record but the latter would not.
What's the best way to do this?
TIA!
Ember has jQuery baked in. In your controller:
actions: {
activate: function() {
var docId= this.get('id'), self= this;
Ember.$.ajax({
url: '/docs/%#/activate'.fmt(docId),
// your other details...
}).then(function(resolve) {
self.set('name', resolve.doc.name);
// process the result...
});
}
}
You can also use ic-ajax which is a nice wrapper around jQuery.ajax, you can see an example here using ix-ajax.
I have REST api for accessing "parties" and the URL's look like this:
/parties
/parties/{partyId}
Using Spring controllers and #PathVariable I'm able to implement this interface. But to prevent users from accessing parties they don't have access to, I have to add checks to every method call which is kind of repeating myself and I might forget to add it everywhere:
#RequestMapping(value="/parties/{partyId}", method=RequestMethod.GET)
public #ResponseBody Party getParty(#PathVariable Integer partyId){
authorizeForParty(partyId);
...
Now what I would like to do is create a check that would be called every time that user enters url like this:
/parties/{partyId}/**
How would I do something like this? Do I have to create some servlet filter and parse the url myself? If I have to parse the url then is there atleast tools that would make it easy? I wish there was a way to add a method to controller that would be called before methods but could still use #PathVariables and such...
What I ended up with is using the Spring MVC interceptors and parsing the path variables in the same way that Spring does. So I define an interceptor for the REST url:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/parties/*/**" />
<bean class="PartyAuthorizationInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
The PartyAuthorizationInterceptor has to implement HandlerInterceptor in which we have to implement preHandle. It has HttpServletRequest as a parameter so we can get the request URL but we still have to parse the partyId from the url. After reading how Spring MVC does it, I found out they have a class named org.springframework.util.AntPathMatcher. It can read the path variables from the URL and place the values in a map. The method is called extractUriTemplateVariables.
So the result looks like this:
#Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String partyIdStr = new AntPathMatcher().extractUriTemplateVariables("/parties/{partyId}/**", request.getPathInfo()).get("partyId");
...
That makes the parsing almost as easy as using #PathVariable in MVC Controller methods. You still have to do conversions yourself(e.g. String -> Integer).
Now I can implement authorization logic on all urls that access a party in this interceptor and keep that logic out of the individual controller methods. Not as easy as I would have hoped but it gets the job done.
Are you already using some kind of security library in your application, e. g. Spring Security?
Because the kind of logic you want to implement is a classic case for an AccessDecisionVoter in an authentication chain. You would just put your API behind Spring Security's protection and implement the custom check as part of the security chain.
If you are not using a security framework at all, your idea of implementing a HandlerInterceptor may be the best alternative, though. But it would require you (as you mentioned) to take into account all kinds of obfuscation the user may use in order to gain access to other URLs (e. g. %-encoding of letters, ../../ patterns etc.).