I have a WebService API which needs 2 of its parameters to be optional in the WSDL
public wsProxy[] Insert(wsProxy[] proxies, string loginname, string password, bool returnNewData)
{
//code here
}
I need to a way to show loginname and password as optional in the WSDL.
Is there any way to do this in C#. Can I maybe add an tag in front of the parameters like this [optional]loginname?
I have been looking around but haven't been able to find anything so far.
They will, by default, appear as optional in the WSDL generated by WCF (let me know if you know of a way to disable this horrid behavior).
Related
In my project I use Spring-Data, Spring-Data-Rest and Spring-Security.
What I need to accomplish is to implement domain object security (ACL) over these repositories. Specificaly #PostFilter over Pageable.findAll() method.
Method level security is easily implemented as outlined here.
There is also a section in docs about using security expression with #Query here.
But although I can use hasPermission(..) method inside #Query too, there is no way to include the object (SQL row) in this method - to be specific do this:
#Query("select u from #{#entityName} u where 1 = ?#{security.hasPermission(u, 'read') ? 1 : 0}")
Now I understand that this is way different than modifying the query pre-execution like this:
#Query("select m from Message m where m.to.id = ?#{ principal?.id }")
I also found the following jira issue:
https://jira.spring.io/browse/DATACMNS-293
Which I suspect that once it gets resolved there will be a solution to this, but it doesn't seem like it's going to be anytime soon.
I still need to implement this functionality and for that I would like to get your input and pointers on possible solutions.
Right now I am thinking about creating my custom annotation that will mimmick the #PostFilter one and use the same syntax but will get invoked manually inside my own BaseRepositoryImplementation. There I will get the repository interface from type and Repositories#getRepositoryInformationFor(type)#getRepositoryInterface(), find the annotation on respective method and manually invoke the security check.
Do you maybe have a different solution, or some notes about my proposed solution?
Also do you happen to know if there is any timetable on the mentioned jira issue?
One lightweight way is to do it is using the hasPermission() method and implementing your own "Permission Evaluator" at the Controller level, if that's an option for you.
#PreAuthorize("hasPermission(#employee, 'edit')")
public void editEmployee(Employee employee) {
...
}
#Component
public class PermissionEvaluatorImpl implements PermissionEvaluator {
#Override
public boolean hasPermission(Authentication auth,
Object targetDomainObject, Object permission) {
// return true if "auth" has "permission" permission for the user.
// Current-user can be obtained from auth.
}
...
}
This is described in more detail here: http://www.naturalprogrammer.com/spring-domain-object-security-logged-in-user/
i have some input components that should be validated only when a specific action is executed under all other circumstances they should accept every input.
This way i can't use a normal validator but have a commandButton that evaluates the data in it's action Method and creates some FacesMessages related to specific clientIds if something is missing.
Now i normaly use the OmniFaces o:highlight component to point to fields that require further action but in this case the input-components are valid and thus the highlight component does not take them into account.
Now i wonder if it would be possible to have this behavior depended on the List of Ids with Messages.
Something like this:
for (Iterator<String> it = FacesContext.getCurrentInstance()
.getClientIdsWithMessages(); it.hasNext();) {
String clientId = it.next();
List<FacesMessage> messageList = FacesContext
.getCurrentInstance().getMessageList(clientId);
if (messageList != null) {
for (FacesMessage msg : messageList) {
... // build json with clientIds (maybe check for UIInput
}
}
}
If needed this way one could possibly introduce new Style classes for info, warn and error messages. Maybe it's even a bit faster cause not the whole component tree has to be visited, but that s just a guess.
So what s your opinion? This is a rather hard change on the current behavior so i m not sure if this guess will make it into omnifaces or must be implemented individualy.
Now i wonder if it would be possible to have this behavior depended on the List of Ids with Messages.
From the javadoc of the very same method as you linked there:
Note that the FacesContext#getClientIdsWithMessages() could also be consulted, but it does not indicate whether the components associated with those client IDs are actually UIInput components which are not UIInput#isValid().
So, you would for every single client ID still need to use UIViewRoot#findComponent() in order to find the component, figure its type and verify the validity. This is much more expensive than a single tree visit.
If you really need to perform validation in action method, your best bet is to mark the context and inputs as invalid yourself.
FacesContext context = FacesContext.getCurrentInstance();
context.validationFailed();
((UIInput) context.getViewRoot().findComponent(clientId)).setValid(false);
Alternatively, to satisfy the concrete functional requirement,
i have some input components that should be validated only when a specific action is executed under all other circumstances they should accept every input.
just use a normal validator wherein you check the invoked action:
public void validate(FacesContext context, UIComponent component, Object value) {
if (!context.getExternalContext().getRequestParameterMap().containsKey("formId:buttonId")) {
return;
}
// ...
}
I.e. when <h:form id="formId"><h:commandButton id="buttonId"> is invoked, then validation will be performed. That's always better than performing validation at the wrong place.
I have some service that I can query:
http://localhost/myservice/data?key=value
Is there a way I can restrict the query parameters? E.g. I want to report an error if someone calls the service with unsupported parameter, e.g. I want following to fail:
http://localhost/myservice/data?key=value&anyotherparam=1
I am not sure if this is the right thing to do. However I was asked if the above scenario can be implemented so I want to give a reasonable answer.
If your service ignores the anotherparam, honestly who cares?
And for those who care:
public ActionResult Data(string key)
{
if (string.IsNullOrEmpty(key) || Request.QueryString.Count > 1)
{
return HttpNotFound();
}
...
}
And obviously if you have to write this if over and over again across multiple actions you are better of refactoring it into a custom action filter.
I have came across an issue where i am unable to find a solution.I am working on a web-application and have to impliment Oauth, things are working fine for me except one issue,in my redirect back URL from Yahoo i am getting several parametersand i need to access few of them in my action class.
Now i can easily create a property in my action class with its getter and setter methods but the name of the property is
openid.response_nonce
and my Eclipse editor will not allow me to name a variable like this.Though one solution is add RequestAware interceptor in my action class and access the parameter.
my Question is can i access it without using RequestAware inteceptor?
There isn't a RequestAware interceptor... There is a Servlet-Config interceptor which will check if your action has one of the following interfaces: ServletContextAware, ServletRequestAware, ServletResponseAware, ParameterAware, RequestAware, SessionAware, ApplicationAware, PrincipalAware.
The Servlet-Config interceptor is part of the default-stack, which you are probably already using. So there is no additional cost or configuration required to use one of the aware interfaces.
That aside, if you have a parameter called "openid.response_nonce" which contains a string, you should be able to refer to it with:
//following not tested, and not checked for syntax errors
private Map openid = new HashMap();
//In Constructor{
oauth.put("response_nonce","");
}
//create BOTH a getter and setter for openid
public getOpenid(){
return openid;
}
public setOpenid(Map openid){
this.openid = openid;
}
Now struts2 should be able to figure out how to set the value... I think, sorry didn't test it. You could always create a class called Openid with a response_nonce property(along with the appropriate getters and setters for that Class)... but I think in this case it might be best to just use RequestAware if you only need that single property.
I think that you maybe looking for the Alias interceptor. http://struts.apache.org/2.0.14/docs/alias-interceptor.html
Regards
I'm trying to validate user input, in particular user passwords. I have some jQuery validation, but of course I also need to validate on the server side. Now my request comes in to the controller, which will hand it off to a UserService. Everything is loosely coupled, so the controller really doesn't know too much about the inner UserService. Now suppose the user entered a weak password so I need to tell him "hey, that is insufficient."
Question is: What is the best way to do this?
Somehow, I need to be able to call
ModelState.AddModelError(field, exception);
in order to indicate what went wrong, where and why - in the simple example I already know it's the password because it is really the only field on the form, but in general this is not so easy. Now I was close to writing my own Exception type to do something like
ModelState.AddModelError(ex.Field, ex.Message);, where I might need some additional mapping - which is essentiale the path taken in NerdDinner where they have RuleViolations.
However, in NerdDinner, the business object is self-validating. This doesn't seem to be the best way in this case, because the 'business object' here is really just a store for email and password that implements IIdentity. It shouldn't know anything about password lengths and should be reusable across different applications.
Moreover, ArgumentException and ValidationException don't seem to fit either because the first is made for contract violations and the latter is to be used by DataAnnotations.
All this is just the tip of an iceberg of course, because there are so many subtleties lurking around. Perhaps someone can point me in the right direction?
You can use xVal.
If I understand correctly you want to validate whether the user password is sufficient or insufficient. If you aren't using self validation on the object itself then can I suggest you put a validation method on your user service.
...
var result = userService.Validate(newUser);
if (!result.IsValid) {
result.Errors.ForEach( m => ModelState.AddModelError(m.field, m.message));
}
...
How about that?
The only issue with this approach is that to access any validation around the User object you'd have to pass it into the userService, which may or may not be what you want to do.
Answer to comment below:
Well you would have to create a ValidationResult, something like.
public class ValidationResult
{
public string Field {get;set;}
public string Message {get;set;}
}
So if I'm reading correctly, your Controller has a UserService, the UserService has a Validator, and the Validator validate the User.
As you pass this validation up from your Validator to UserService to Controller, just intercept it and use it, then pass it along.
If you don't want to role your own validation library (and you shouldn't) there are some great tools like Enterprise Library and FluentValidation. They can separately define your validation logic external of your objects if that is what you are concerned about.