Class BaseResource
java.lang.Object
com.onenetwork.platform.integ.rest.BaseResource
public abstract class BaseResource
extends java.lang.Object
Base class for a JAX-RS based RESTful web services. The BaseResource class contains
many methods which are useful in building web services including access to the PlatformUserContext.
The JAX-RS standard defines a mechanism called a Provider which maps an http request parameter to a method parameter and a method return value to a http response message body. Platform contains providers for a few common types including:
The JAX-RS standard defines a mechanism called a Provider which maps an http request parameter to a method parameter and a method return value to a http response message body. Platform contains providers for a few common types including:
- JSONObject and JSONArray
- Table
- SqlResult
public Table getResults(JSONObject params){ ... }By default, all REST resources are authenticated. Authentication can happen in one of two ways:
- Session Cookie - any REST request coming from the browser (through the Command Center User Interface, for example) will typically work in this fashion. The same session cookie which is given to the client on login is used to identify the incoming request and execute the given Resource with a proper PlatformUserContext.
- Basic Authentication - one can also authenticate using HTTP headers (this is typically how command-line and other clients call REST resources). To authenticate this way, you should Base64-encode the string "user=username:password" (replacing username with your username, password with your password), then supply this as the "Authorization" header with a prefix of "Basic". For example: "Authorization: Basic ZW50PSx1c2VyPUluc3RhbmNlQWRtaW5Vc2VyOnBhc3N3b3Jk"
@Component @Scope("request") @Path("/txnsample") public class TransactionalResource extends BaseResource { @POST @Produces({ "application/json" }) @Transactional public JSONObject txnsample() { // all logic within this method will occur in a single database transaction; // if any RuntimeExceptions are thrown, the transaction will be rolled back. // if you want to rollback on checked exceptions, you must add rollbackFor attributes, for example: // @Transactional(rollbackFor = {MyException1.class, MyException2.class}) } }Please note that if you want to rollback the transaction while still returning a 200 with an explicit error message, you can throw
ResourceException
.
In some cases, you may want to have an "anonymously" accessible REST resource, i.e. one which the user need not
be authenticated to access. To achieve this, you should put "/anon" somewhere in your REST resource's path.
For example:
@Path("/anon/test") public class AnonResource extends BaseResource { @POST @Path("/example") @Produces({ "application/json" }) public JSONObject anonTestPost() { return new JSONObject("{key:'successful anonymous access'}"); } }This can be accessed with an HTTP client, for example the linux "curl" utility:
curl -X POST http://localhost/oms/rest/ZBKS/anon/test/example?VcId=9123Please note that you must provide the value chain id as a request parameter "VcId". This is used to lookup the Anonymous user in the database to be used when authenticating. Anonymous access can be enabled/disabled by a value chain admin by activating/deactivating this user.
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
JSON_SUCCESS_MSG
protected javax.servlet.http.HttpServletRequest
request
protected javax.servlet.http.HttpServletResponse
response
protected static java.util.regex.Pattern
SAFE_CALLBACK_PATTERN
-
Constructor Summary
Constructors Constructor Description BaseResource()
-
Method Summary
Modifier and Type Method Description PlatformUserContext
getPlatformUserContext()
Returns aPlatformUserContext
for the user which initiated the request.PlatformUserProfile
getPlatformUserProfile()
Returns aPlatformUserProfile
for the user which initiated the request.javax.servlet.http.HttpServletRequest
getRequest()
Returns the request which called this REST resourcejavax.servlet.http.HttpServletResponse
getResponse()
Returns the response which will be produced by this REST resourcejava.lang.String
getSanitizedPathInfo()
protected java.lang.String
jsonp(org.json.JSONObject json, java.lang.String callback)
JSONP or "JSON with padding" is a complement to the base JSON data format, a usage pattern that allows a page to request and more meaningfully use JSON from a server other than the primary server.org.json.JSONObject
successJson()
Returns a new JSONObject with one property {success: true}.static void
validateWebSafeJsonp(java.lang.String str)
This method is used to validate strings which will may be emitted into a web page as a jsonp (callback) parameter It allows a very restrictive set of characters, including alphanumeric, whitespace, and a few others which are not interpreted by HTML, such as _ and .
-
Field Details
-
JSON_SUCCESS_MSG
public static final java.lang.String JSON_SUCCESS_MSG- See Also:
- Constant Field Values
-
SAFE_CALLBACK_PATTERN
protected static final java.util.regex.Pattern SAFE_CALLBACK_PATTERN -
request
@Context protected javax.servlet.http.HttpServletRequest request -
response
@Context protected javax.servlet.http.HttpServletResponse response
-
-
Constructor Details
-
BaseResource
public BaseResource()
-
-
Method Details
-
successJson
public org.json.JSONObject successJson()Returns a new JSONObject with one property {success: true}. Useful when returning success results to extjs-based user interface. -
getRequest
public javax.servlet.http.HttpServletRequest getRequest()Returns the request which called this REST resource -
getResponse
public javax.servlet.http.HttpServletResponse getResponse()Returns the response which will be produced by this REST resource -
getPlatformUserContext
Returns aPlatformUserContext
for the user which initiated the request. Available from both browser & non-browser clients. -
getPlatformUserProfile
Returns aPlatformUserProfile
for the user which initiated the request. Available from both browser & non-browser clients. -
jsonp
protected java.lang.String jsonp(org.json.JSONObject json, java.lang.String callback)JSONP or "JSON with padding" is a complement to the base JSON data format, a usage pattern that allows a page to request and more meaningfully use JSON from a server other than the primary server. http://en.wikipedia.org/wiki/JSON#JSONP Given a JSON object which is to be returned to a client, this method will wrap the JSON with a callback function iff the request parameter "jsonp" is present. Thus given a JSON { key: "val" } it will return ...- { key: "val" } (if no jsonp param is present)
- myFunction('{ key: "val" }') (if jsonp=myFunction is present in the request)
function myFunction(val) { var json = eval(val); }
- Parameters:
json
- JSON Object which is to be wrapped with a callback function and returned- Returns:
- JSON wrapped with jsonp callback
-
validateWebSafeJsonp
public static void validateWebSafeJsonp(java.lang.String str)This method is used to validate strings which will may be emitted into a web page as a jsonp (callback) parameter It allows a very restrictive set of characters, including alphanumeric, whitespace, and a few others which are not interpreted by HTML, such as _ and . This helps ensure the string has not html elements like < or > which could allow a user to inject scripts/etc into a page if their input is reflected back as markup in the response. -
getSanitizedPathInfo
public java.lang.String getSanitizedPathInfo()
-