堆栈内存溢出
  简体   繁体   English

如何禁用oData API的HTTP POST REQUEST?

[英]How to disable HTTP POST REQUEST of oData APIs?

 原文  2019-07-09 10:06:57       java/ spring/ api/ odata/ olingo

问题描述

I'm setting up a new Java application using oData and ServletRegistrationBean. 我正在使用oData和ServletRegistrationBean设置新的Java应用程序。 I'd like to disable the option of receiving POST request and to allow only GET requests. 我想禁用接收POST请求的选项,只允许GET请求。

Where should I set it up? 我应该在哪里设置? Can I create kind of a whitelist/blacklist? 我可以创建一种白名单/黑名单吗? 

ServletRegistrationBean odataServRegstration = new ServletRegistrationBean(new CXFNonSpringJaxrsServlet(), "/odata/*");
Map<String, String> initParameters = new HashMap<>();
initParameters.put("javax.ws.rs.Application", "org.apache.olingo.odata2.core.rest.app.ODataApplication");
initParameters.put("org.apache.olingo.odata2.service.factory", "com.sap.context.JPAServiceFactory");
odataServRegstration.setInitParameters(initParameters);
return odataServRegstration;

2 个解决方案

解决方案1
 2 已采纳  2019-07-09 14:51:49

In spring Security you can easily configure that for example only users of role admin are able to make non GetRequests. 在Spring Security中,您可以轻松配置,例如,只有角色admin的用户才能发出非GetRequests。 I will provide an example soon unless you find it on the net before that. 除非您在网上之前找到它,否则我将尽快提供一个示例。 Other unseres will receive a 403. 其他解题将收到403。

A minimalistic example would be: 一个简单的例子是: 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .csrf().disable()
          .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN")
            .antMatchers("/**").hasAnyRole("ADMIN","USER")
          .and()
          .httpBasic()
        ;
    }

Pay attention to .antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN") . 注意.antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN")

解决方案2
 0  2019-07-15 05:58:41

It is my method to disable POST option. 这是我禁用POST选项的方法。 

@Override
@RequestMapping(method = {GET,  PATCH, DELETE})
public void service(final HttpServletRequest servletRequest, final HttpServletResponse servletResponse) throws ServletException {

    try {........................

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何禁用特定 http 请求的证书验证? - How to disable certificate validation for particular http request? 如何读取HTTP POST请求参数 - How to read HTTP POST request parameters 如何在Java中执行HTTP Post请求? - How to perform HTTP Post request in Java? 如何在http post请求中插入cypher语句 - how to insert cypher statement in http post request 如何在 Android 中进行简单的 http 发布请求? - How to make a simple http post request in Android? Android 仿真器 - 如何向它发送 http 发布请求? - Android Emulator - How to send a http post request to it? 如何读取HTTP POST请求返回的XML? - How to read XML returned by HTTP POST request? 如何将 Serializable 编写为 http post 请求的正文? - How to write a Serializable as the body of an http post request? 如何在java中发送带有post参数的简单http post请求 - How to send simple http post request with post parameters in java 如何在 Jersey 客户端 HTTP POST 请求中发布原始 json 文本? - How to post raw json text in Jersey Client HTTP POST request?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM