How to restrict REST API v2 to allow POST only?

Hello,

I am following this to expose a REST API v2 for my services:

5.8.2. Services Configuration

How can I restrict an endpoint to allow POST only?

Thank you.

Hi,
There is no specific configuration in Cuba to do that. However, you can always define a regular HttpFilter in your web.xml and forbid unwanted requests there.

Thank you Max, glad to know that CUBA also has that certain level of being configurable using standard means.

Hi,

Could you give any example how we can allow only one method like POST to the services by using HttpFilter.

I am using ContainerRequestFilter to give access control. But this class is not triggering in cuba platform.

//my code

@Provider
public class RoleBasedResource implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException{
System.out.println(“Test======>”);
}
}

While making a rest api service call. @Provider with ContainerRequestFilter is not triggering.Can you please help here.

Thanks!!

Hi,
you may create a regular Filter and register it in web.xml

package com.company.resttest1.web.sys;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class MyServletFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        if (isRestServiceUrl(httpRequest.getRequestURI()) && "GET".equals(httpRequest.getMethod())) {
            httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        } else {
            chain.doFilter(request, response);
        }
    }

    private boolean isRestServiceUrl(String uri) {
        return uri.contains("/rest/v2/services/");
    }

    @Override
    public void destroy() {}
}

web.xml

    <filter>
        <filter-name>restPermissionsFilter</filter-name>
        <filter-class>com.company.resttest1.web.sys.MyServletFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>restPermissionsFilter</filter-name>
        <url-pattern>/rest/*</url-pattern>
    </filter-mapping>