Validate REST GET params

[victo...@gmail.com]

Hi, we are facing a new issue while trying to use membrane as REST API gateway. Our security team require every incoming request has its parameters validated against some rules. We know membrane validator tag can help against POST body, but we cannot find any documentation to validate the http parameters in GET requests.

Is there anyway we can extract an url param using groovy and validate it using the built-in json validator?

Thanks in advance!

[Thomas Bayer]

Hi Victor,
does your URLs look like this:

http://host:port/path?object={ 'color' : 'red' }&p1=3

and you want to validate

{ 'color' : 'red' }

against a json schema?

Cheers,
Thomas

Am 11.03.15 um 22:16 schrieb victo...@gmail.com:

[victo...@gmail.com]

Yes, that's exactly what we're looking for.

[Thomas Bayer]

Hi Victor,
Membrane can not validate a query parameter against JSON schema out of the box. But it can be accomplished easiliy:

1. Write a custom interceptor
2. Make that interceptor configureable with the location of a json schema file
3. Parse the URL and get the query string
4. Validate
5. In case of invalid:
- Create an error message and set the status code to 400
- Return ABORT from the interceptor

You can look at the custom interceptor example thats included in the distribution.

Cheers,
Thomas

Am 12.03.15 um 19:12 schrieb victo...@gmail.com:

--
You received this message because you are subscribed to the Google Groups "membrane-monitor" group.
To unsubscribe from this group and stop receiving emails from it, send an email to membrane-monit...@googlegroups.com.
To post to this group, send email to membrane...@googlegroups.com.
Visit this group at http://groups.google.com/group/membrane-monitor.
For more options, visit https://groups.google.com/d/optout.

[Victor Weng]

Thanks. But can we do it via groovy? If so, could you please give a brief example about how to extract the parameter and using the json validator in groovy? I found very limited doc on how to use the groovy tag and the httpservletrequest object doesn't seem to exist in groovy tag. 

I'm really new to membrane but it has already amazed us with its capabilities. Thanks again! 

You received this message because you are subscribed to a topic in the Google Groups "membrane-monitor" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/membrane-monitor/GszzLKDIHLQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to membrane-monit...@googlegroups.com.

[Thomas Bayer]

Hi Victor,
have a look at the groovy sample in the example folder. exc.request is not an object of httpservletrequest but of :

com.predic8.membrane.core.http.Request

see:

http://www.membrane-soa.org/monitor/documentation/api/

The path must be parsed to extract the query param.  Then you can invoke the JSON validator.

If you want we can offer you to implement the interceptor also.

Cheers,
Thomas

Am 13.03.15 um 13:50 schrieb Victor Weng:

[Victor Weng]

Thanks. I can implement the interceptor myself and contribute to the project. 

I'm intending to extend the ValidatorInterceptor to introduce  a new property "againstURI" so that when it's true, the jsonSchema Validator will be used against the "json=" param in the url instead of against body. 

Is it an acceptable practice? Thanks. 

[Thomas Bayer]

Hi Victor,

Am 13.03.15 um 22:43 schrieb Victor Weng:

Thanks. I can implement the interceptor myself and contribute to the project.

Just clone the projekt on github and make your modifications. If the solution is interessting for others too you can create a pull request.

I'm intending to extend the ValidatorInterceptor to introduce  a new property "againstURI" so that when it's true, the jsonSchema Validator will be used against the "json=" param in the url instead of against body.

That would be a possible solution.

Cheers,
Thomas