[英]How to disable HTTP POST REQUEST of oData APIs?
I'm setting up a new Java application using oData and ServletRegistrationBean. 我正在使用oData和ServletRegistrationBean设置新的Java应用程序。 I'd like to disable the option of receiving POST request and to allow only GET requests.
我想禁用接收POST请求的选项,只允许GET请求。
Where should I set it up? 我应该在哪里设置? Can I create kind of a whitelist/blacklist?
我可以创建一种白名单/黑名单吗?
ServletRegistrationBean odataServRegstration = new ServletRegistrationBean(new CXFNonSpringJaxrsServlet(), "/odata/*");
Map<String, String> initParameters = new HashMap<>();
initParameters.put("javax.ws.rs.Application", "org.apache.olingo.odata2.core.rest.app.ODataApplication");
initParameters.put("org.apache.olingo.odata2.service.factory", "com.sap.context.JPAServiceFactory");
odataServRegstration.setInitParameters(initParameters);
return odataServRegstration;
In spring Security you can easily configure that for example only users of role admin are able to make non GetRequests. 在Spring Security中,您可以轻松配置,例如,只有角色admin的用户才能发出非GetRequests。 I will provide an example soon unless you find it on the net before that.
除非您在网上之前找到它,否则我将尽快提供一个示例。 Other unseres will receive a 403.
其他解题将收到403。
A minimalistic example would be: 一个简单的例子是:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN")
.antMatchers("/**").hasAnyRole("ADMIN","USER")
.and()
.httpBasic()
;
}
Pay attention to .antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN")
. 注意
.antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN")
。
It is my method to disable POST option. 这是我禁用POST选项的方法。
@Override
@RequestMapping(method = {GET, PATCH, DELETE})
public void service(final HttpServletRequest servletRequest, final HttpServletResponse servletResponse) throws ServletException {
try {........................
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.