I have enabled the Struts 2 convention plugin.
package system;
#Namespace("/customer")
public class IndexAction extends ActionSupport {
public execute() {
return SUCCESS;
}
}
If I type http://localhost:8080/customer/ and http://localhost:8080/customer/index.action, both can reach the same page.
How can I disable http://localhost:8080/customer/ and only allow access using http://localhost:8080/customer/index.action ?
When invoking http://localhost:8080/customer Struts2 will find the Action (ie IndexAction) mapped with the corresponding namespace and redirect to the execute() (default) method.
If you don't want this behavior you can remove execute() and create a specific method in the class
public String index() {
return SUCCESS;
}
The corresponding URL is http://localhost:8080/customer!index (http://localhost:8080/customer!index.action works too)
Related
I have the following Web API ActionFilterAttribute
namespace namespace.Filters {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
public class LogApiRequestActionFilterAttribute : ActionFilterAttribute {
public LogApiRequestActionFilterAttribute() {
}
private void logData(HttpActionContext actionContext) {
var controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.FullName;
var actionName = actionContext.ActionDescriptor.ActionName;
var parameters = "";
foreach (var item in actionContext.ActionArguments) {
parameters += string.Format("{0} = {1}, ", item.Key, item.Value);
}
if (parameters.Any()) {
parameters = parameters.Remove(parameters.Count() - 2);
}
var message = string.Format("{0}.{1}({2})", controllerName, actionName, parameters);
// Do the logging
}
public override void OnActionExecuting(HttpActionContext actionContext) {
logData(actionContext);
base.OnActionExecuting(actionContext);
}
}
}
When I add it globally over the WebApiConfig.cs like this:
config.Filters.Add(new LogApiRequestActionFilterAttribute());
But the logData method never gets called. Does anyone know why?
Did you decorate your controller (or any action method), with that filter ?
For e.g.
After creating a filter called LogApiRequestActionFilterAttribute, you need to register it (as you have done).
After registration, if the filter has to be applied at the controller level, then decorate your controller with that filter.
If the filter has to be applied only on certain action method, put the filter on that particular action method(s)
[LogApiRequestActionFilter]
public class YourController : ApiController
{ //--->controller level filter
[LogApiRequestActionFilter] //-->action level filter
public IHttpActionResult DoAction()
{
}
}
If neither of them works out, when the action method executes, put a breakpoint and analyse the http request. Check If your filter is registered or not
I just found my problem, thanks a lot to now he who must not be named.
My filter was properly registered and also perfectly loaded, just the method I was testing AND debugging with, wasn't called with a request. It was called from an razor helper and there the Request-property is null of course.
So the fix is to use an action which is called with an http request and not just as normal method call.
I commonly need to authorize a particular parameter to be evaluated in a service call within an action in MVC5. For instance, let's say that my action is public ActionResult Edit(string partnerName).
Today, I handle this by always evaluating if (!User.CanAccessPartnerModule(THIS_MODULE_ID, partnerName)) throw new UnauthorizedException();
However, I would like to be able to do something like this:
[Authorize(Roles = THIS_MODULE_ID)]
public ActionResult Edit([AuthorizePartnerModule(THIS_MODULE_ID)] string partnerName)
{
...
}
To be clear, 1) I don't think the AuthorizeAttribute would be necessary if this were implemented as I envision, and 2) the thing that doesn't exist is the AuthorizePartnerModuleAttribute.
Is there a ready-made attribute or tutorial that explains how this may be accomplished? And if not, is this not advisable to do?
You could extend authorization with a custom authorization filter by creating a subclass of AuthorizeAttribute
using System.Web;
using System.Web.Mvc;
namespace Filters
{
public class AuthorizePartnerModule : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// getting the parameter from the request
string partnerName = httpContext.Request.Params["groupId"].ToString();
// custom validation
return User.CanAccessPartnerModule(THIS_MODULE_ID, partnerName);
}
}
}
And then, you could validate your action method with:
[AuthorizePartnerModule(Roles = THIS_MODULE_ID)]
public ActionResult Edit(string partnerName)
{
...
}
Another option would be to create a custom ActionFilter (an implementation of IActionFilter). An ActionFilter implements two methods:
OnActionExecuting is executed right before the action method
OnActionExecuted is executed right after the action method execution.
So, you could make the necessary validation with something like:
using System.Web.Mvc;
namespace Filters {
public class AuthorizePartnerModule : FilterAttribute, IActionFilter
{
public void OnActionExecuting(ActionExecutingContext filterContext)
{
// getting the parameter from the request
string partnerName = filterContext.ActionParameters["partnerName"].ToString();
// custom validation
if (!User.CanAccessPartnerModule(THIS_MODULE_ID, partnerName))
{
filterContext.Result = new HttpNotFoundResult();
}
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
// do nothing
}
}
}
In this case, however ,you would have to validate like that:
[Authorize(Roles = THIS_MODULE_ID)]
[AuthorizePartnerModule]
public ActionResult Edit(string partnerName)
{
...
}
I am very new to breeze. I have downloaded the template for AngularBreeze and trying to create a sample application but i am stuck on Breeze WebApi Controller.
BreezeController]
public class ProductsBreezeController : ApiController
{
private readonly ProductRepository context;
public ProductsBreezeController()
{
context = new ProductRepository();
}
[HttpGet]
public string Metadata()
{
return context.Metadata();
}
//// GET api/productsbreeze
public IQueryable<Product> GetAllProducts()
{
return context.TodoLists;
}
}
public class ProductRepository : EFContextProvider<SampleEntities>
{
public DbQuery<Product> TodoLists
{
get { return Context.Products; }
}
}
Exception Message
Multiple actions were found that match the request: System.String Metadata() on type AngularWebApi.ApiControllers.ProductsBreezeController System.Linq.IQueryable`1[AngularWebApi.DataAccess.Model.Product] GetAllProducts() on type AngularWebApi.ApiControllers.ProductsBreezeController
ExceptionType: "System.InvalidOperationException"
You need to set your breezewebapiconfig.cs up to accept an action parameter as we'll. currently you have a controller only probably.
Open appstart folder and BreezeWebApiConfig.cs and add it there (should see something like ) -
Breeze/{controller}/{action}/{id}
And you need to add the action part in there
Edit
In your question it clearly shows the route for that controller action is api/productsbreeze. If that is the route you are hitting then you need to adjust that route to accept an action as well. If it is the Breeze route you are trying to hit then add an HttpGet controller attribute on the action
//// GET api/productsbreeze
[HttpGet]
public IQueryable<Product> GetAllProducts()
{
return context.TodoLists;
}
You need to make sure that your BreezeWebApiConfig is also registered in the Global.asax, of course.
Requesting URL should be matched with Breeze Api Configuration.
Server Side Configuration
GlobalConfiguration.Configuration.Routes.MapHttpRoute("BreezeApi", "breeze/{controller}/{action}");
Client Side
var manager = new breeze.EntityManager("/breeze/ProductsBreeze");
My WebApi filter method OnActionExecuted is being called twice.
My filter (I make it as simple as possible):
public class NHibernateActionFilter : ActionFilterAttribute
{
// [Inject]
// public ISessionFactoryProvider sessionFactoryProvider { get; set; }
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
var a = 5;
var b = a;
//new BaseSessionProvider(sessionFactoryProvider).EndContextSession();
}
}
My setup:
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
//http://stackoverflow.com/questions/9521040/how-to-add-global-asp-net-web-api-filters
FilterConfig.RegisterWebApiFilters(GlobalConfiguration.Configuration.Filters);
}
public class FilterConfig
{
public static void RegisterWebApiFilters(System.Web.Http.Filters.HttpFilterCollection filters)
{
filters.Add(new NHibernateActionFilter());
}
}
In debugger I catch OnActionExecuted twice with the same actionExecutedContext. Why?
UPD
Controller
public class BankSmsController : ApiController
{
[AcceptVerbs(HttpVerbs.Get)]
public int GetTest()
{
return 1;
}
}
I have a suspicion, that this strange behavior can be fixed by either overriding AllowMultiple property of filter and returning false, or applying AttributeUsage attribute with AllowMultiple set to false too (this influences on default implementation of AllowMultiple property of filter.
At least in our project this helped (we have filters injected via Autofac).
This might be caused due to a registration of a custom filter provider. When you do this, you need to unregister the default one. Otherwise, if you are getting the usual filters in your custom one, they will be registered twice and consequently, executed twice.
Code should be something like this:
// remove default action filter provider
var defaultFilterProvider = config.Services.GetFilterProviders().Single(provider => provider is ActionDescriptorFilterProvider);
config.Services.Remove(typeof(IFilterProvider), defaultFilterProvider);
// add custom filter provider
config.Services.Add(typeof(IFilterProvider), new CustomFilterProvider(container));
As have been said, AllowMultiple to false is a hack since .net is clever enough to only execute once a filter even if it has been registered several times. Also, there are scenarios where you do need this to be true.
For me, I had specified the filter twice. In my IOC config file I had
builder.Register(c => new SelectListFilter(c.Resolve<ClientManager>()))
.AsActionFilterFor<Controller>()
.InstancePerRequest();
.RegisterFilterProvider();
And then in filterConfig I had
filters.Add(DependencyResolver.Current.GetService<IActionFilter>());
I removed the line from filterConfig and everything was better.
I have a number of Controllers in my project that all inherit from a controller I've named BaseController. I wrote a custom attribute that I applied to the entire BaseController class, so that each time an action runs in any of my controllers, that attribute will run first.
The problem is that I have a couple of controller actions that I'd like to ignore that attribute, but I don't know how to do it.
Can anyone help? I'm using MVC 1.
Thanks.
In your custom attribute, you can add this ShouldRun() check like this:
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (ShouldRun(filterContext))
{
// proceed with your code
}
}
private bool ShouldRun(ActionExecutingContext filterContext)
{
var ignoreAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(IgnoreMyCustomAttribute), false);
if (ignoreAttributes.Length > 0)
return false;
return true;
}
ShouldRun() simply checks whether there's a "IgnoreMyCustomAttribute" on your action. If it's there, then your custom attribute won't do anything.
You'll now want to create a simple IgnoreMyCustomAttribute, which doesn't do anything:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class IgnoreMyCustomAttribute: ActionFilterAttribute
{
}
Whenever you decorate your controller action with [IgnoreMyCustom], then MyCustomAttribute won't do anything. e.g.:
[IgnoreMyCustom]
public ViewResult MyAction() {
}
I had a similar need for something like this and found that by creating an authorization filter (implementing/deriving from FilterAttribute, IAuthorizationFilter) rather than a regular action filter (deriving from ActionFilterAttribute), and setting Inherited=true and AllowMultiple=false on the attribute, that it would only run once at the appropriate spot.
This means I am able to "cascade" my filter down from a base controller (the site-wide default), to a derived controller (for example the AdminController or whatever), or even further down to an individual action method.
For example,
[AttributeUsage(AttributeTargets.Class|AttributeTargets.Method, Inherited=true, AllowMultiple=false)]
public class MyCustomAttribute : FilterAttribute, IAuthorizationFilter
{
private MyCustomMode _Mode;
public MyCustomAttribute(MyCustomMode mode)
{
_Mode = mode;
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
// run my own logic here.
// set the filterContext.Result to anything non-null (such as
// a RedirectResult?) to skip the action method's execution.
//
//
}
}
public enum MyCustomMode
{
Enforce,
Ignore
}
And then to use it, I can apply it to my super-controller,
[MyCustomAttribute(Ignore)]
public class BaseController : Controller
{
}
And I can change/override it for specific controllers, or even for specific actions!
[MyCustomAttribute(Enforce)]
public class AdministrationController : BaseController
{
public ActionResult Index()
{
}
[MyCustomAttribute(Ignore)]
public ActionResult SomeBasicPageSuchAsAHelpDocument()
{
}
}
This allowed me to "turn off" the filter for specific cases, while still being able to apply it as a default on either the whole controller or whole application.
Good luck!
I'm not sure there is an easy way to remove attributes in this situation. But I have done something similar for a project and what I did, as it was only in a few instances I didn't want my attribute to run, was to create two attributes.
My first attribute was applied to my base controller as you've done but it was aware of the existance of a second attribute and by implementing that second attribute I could disable the attribute on the base class from running.
Not sure if it was the best solution but it worked for me.
This was applied to the base controller:
/// <summary>
/// This is used to force the schema to HTTP is it is HTTPS.
/// RequireHttpsAttribute or OptionalHttpsAttribute takes precedence if used.
/// </summary>
public class RequireHttpAttribute : FilterAttribute, IAuthorizationFilter
{
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
throw new ArgumentNullException("filterContext");
if (filterContext.HttpContext.Request.IsSecureConnection)
{
object[] attributes = filterContext.ActionDescriptor.GetCustomAttributes(true);
if (!attributes.Any(a => a is RequireHttpsAttribute || a is OptionalHttpsAttribute))
{
HandleHttpsRequest(filterContext);
}
}
}
protected virtual void HandleHttpsRequest(AuthorizationContext filterContext)
{
// only redirect for GET method, otherwise browser may not propogate the verb and request body correctly
if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
throw new InvalidOperationException(MvcResources.RequireHttpAttribute_MustNotUseSsl);
// redirect to HTTP version
string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
Like so:
[RequireHttp]
public abstract class Controller : System.Web.Mvc.Controller
{
}
I could then use what is effectively a dummy attribute to disable it.
/// <summary>
/// This attribute allows the action to be server on HTTP and HTTPS but neither is enforce.
/// RequireHttpsAttribute takes precedence if used.
/// </summary>
public class OptionalHttpsAttribute : FilterAttribute
{
// This is deliberately empty, the attribute is used by RequireHttpAttribute to stop it changing schema to HTTP
}
Like so:
[OptionalHttps]
public ActionResult OptionalHttps()
{
return View();
}