I am writing CDI Intercepter for Jersey method. Can I receive URL without adding argument with #Context annotation into Jersey method?
In JFS there is static method in FaseContext that can help to get Request for for current Thread (and I can get URL from it):
FaseContext.getCurrentInstance().getExternalContext().getRequest()
Is there some thing similar in Jersey?
You could create a request listener and create a new thread local, or create a producer for it.
Related
We have a IOrderManager service which uses some other services registered in DI via AddScoped().
Now we need to use that service in the OnMessage handler for some queue which, obviously, is raised outside any request pipeline.
So when we try to get our service using something like
var orderManager = ServiceProvider.GetRequiredService<IOrderManager>();
we got "Can't access disposed object ..." exception.
Question: is it possible to "tell" DI that we are inside some "fake request" processing to avoid disposing services registered as "scoped"?
If your IOrderManager is outside request scope, you can create your custom scope per-message like this:
using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
{
var myService = serviceScope.ServiceProvider.GetRequiredService<MyService>();
}
If you're using scoped services within IOrderManager, IOrderManager needs to also be scoped.
If you don't do this, when the IOrderManager instance is first created, it will "capture" the scoped dependencies from the current request.
Any future usage of IOrderManager will continue to use the old scoped dependencies and not dependencies from the current request scope.
Next, the only reason you should use scoped dependencies is if they somehow maintain state across a single request and need to isolate that state from other requests.
If your IOrderManager doesn't actually need information that is scoped to a request, it shouldn't be scoped and shouldn't use dependencies that are also scoped.
Put another way, if you think it should be usable outside of an active request, it by definition is not scoped does not require scoped dependencies.
I am using Grails 2.3.3 and spring-security-core:2.0-RC4 plugin.
I am trying to protect a controller action by securing it depending on the result of a method call from a service that takes a parameter. This parameter should be something inside the request parameters.
I'd like to be able to do the following:
#Secured("#mySecurityService.myCustomCheck(params.id)")
def myAction(){
//do some things
}
I managed to be able to do the following:
#Secured("#mySecurityService.myCustomCheck()")
but now I have no idea how to access the request parameters that are sent to the controller.
Is it even architecturally possible to reference params variables inside the #Secured notation?
PS: I know you'll ask me to use spring-security-acl plugin. My problem is that it also adds a bunch of other things that I don't think I require.
In 2.0 you can use a closure as the annotation's check; there's a brief writeup and example in the docs: https://grails-plugins.github.io/grails-spring-security-core/v2/guide/newInV2.html
You'd express your example as this:
#Secured(closure={
ctx.mySecurityService.myCustomCheck(
request.getParameter('id'))
})
Return true to allow access.
Note that the ApplicationContext is available as the ctx variable, and the request as request; this is in addition to the other variables and methods that are available when using SpEL (see the Spring Security docs for details). params isn't available, but you can access values using request.getParameter
I'm trying to use the sbt in xpages with a custom endpoint i.e a new one defined in faces config using the class com.ibm.sbt.services.endpoints.OAuth2Endpoint
The authorisation url it generates is in the format of
&client_id=xx&callback_uri=xxx
however the api i'm trying to use expects a parameter of redirect_uri
Looking at the spec for OAuth2 it appears that the convention is to use redirect_uri rather than callback_uri.
Is there a different end point class I can use which would use redirect_uri instead for the auth handler?
NB: I've searched the source code and "OAUTH2_REDIRECT_URI" isn't used anywhere so I guess not, which makes me think I've misunderstood how to use it
Thanks!
I had a similar issue for our Basecamp demo application for IBM Connect 2014.
I have inherited a new endpoint and handler for this purpose.
In the handler class I had to rewrite getAuthorizationNetworkUrl() and getAccessTokenForAuthorizedUser() methods to change those url parameters.
Overriding these methods might not be safe for the future of course. Instead, you might get the original URL and do some string operations to change desired parameters.
#Override
public String getAuthorizationNetworkUrl() {
String newUrl=super();
// Do string operations
return newUrl;
}
Checking if anything changed for the new version of SBT would be needed. I hope it helps.
You can use the SmartCloudOAuth2Endpoint, instead of the plain oauth2 endpoint. This endpoint is a custom endpoint for SmartCloud which uses redirect_uri
https://github.com/OpenNTF/SocialSDK/blob/cd373c78971bb31e1902f177eddcb33d029ae474/sdk/com.ibm.sbt.core/src/main/java/com/ibm/sbt/services/endpoints/SmartCloudOAuth2Endpoint.java
I'm using Grails 2.1.5 and the Spring Security Core plugin.
I've overridden the WebSecurityExpressionRoot to add 2 signatures of a hasPermission method to the web expression paradigm.
This method delegates to classes by name in the applicationContext calling them with the request as an argument and an arbitrary string to provide further details if any are ever required.
In my delegate class I need to be able to access the parameters to assess whether or not the user may access the requested resource and this is fine but the request does not yet contain the variables defined from the UrlMappings.
I have tried acquiring the grailsUrlMappingsHolder from the applicationContext but when I call it's match method with a valid uri I get nothing.
I'm running out of time and may have to parse the request.getRequestURI() myself to try to infer the id if no request parameters are valid but this will not get urls mapped where the id is not last.
I really hate to re-invent the wheel here and I hate to miss out on using the UrlMappings to their fullest potential but the variables they define (in my circumstance) aren't available until I'm in the controller.
Take a look at what I do in AnnotationFilterInvocationDefinition - there's a bit of setup that you need to do: https://github.com/grails-plugins/grails-spring-security-core/blob/master/src/java/grails/plugin/springsecurity/web/access/intercept/AnnotationFilterInvocationDefinition.java
Is it possible to access the URL a service call will use before calling the service using any of the ServiceClientBase child classes?
I need to fully resolve the url before making the service call so that the URL can be included into the OAuth authorization signature.
Use the IReturn extension method ToUrl with appropriate HTTP method and format strings.
Example: request.ToUrl("POST", "json") where request implements IReturn.
Not currently, For reference here's the source code for ServiceClientBase. If it helps, you can add a pull-request to make GetUrl overridable and protected, that way it can be accessed by sub classes.