Inject cookies into controller - asp.net-mvc-3

Is there any way to inject the cookie dependecy to a controller? Or do i have to write my own interface and wrapper class around the Cookie collection class?

I think you're asking about whether you can get a Cookie as a parameter to an Action. I don't believe you can do this, so you'll have to hit the Cookie class directly.
What we do in this case (when cookie based data is required by most of the actions in an application) is put a utility method in a Controller base class and then have all our controllers descend from that. Makes it very easy to use the Cookie in an Action, and centralizes the code for extracting it.

Since no better answered surfaced I just implemented a interface and injected that for concrete scenario and Mocked it for test

Related

Restcontroller method naming convention spring boot

Are there conventions for naming methods in the Restful spring boot conrtoller layer ?
I am in dilemma choosing the two name - getSomeData vs fetchSomeData.
Is it OK to use HTTP Verbs (get,post,put) inside controller method names?
I think the most important thing is to be consistent in all your Controllers and to be explicit about what the method is supposed to be doing. It is completely ok to use HTTP verbs in the method names, especially in regards to GET. But when you have POSTs for example, that is usually a creation of a resource, so a method called createWhateverResource instead of postWhateverResource. The important thing is to be clear and let the name of the method be self-explanatory.
I checked a bit on the net. My conclusions:
There are no official naming rules
Official Spring Boot documentation uses short names: all(), one(), etc.
Names for the URLs are most important, method names are secondary
You never call these methods directly in code, they are only called by Spring framework.
A related note - for methods returning HTML (using Thymeleaf templates) I would probably call the methods by the page that they return: home(), orderDetails(), etc. Again for the same reason - we never call the methods directly. At the same time, it is very clear that #Controller and #RestController classes contain only methods returning HTTP responses to specific endpoints. Therefore, the verbs are probably not necessary.

Securing and permitting access to spring rest controller with ant matcher and method level security side-by-side?

First of all my application is build with spring boot and security.
So I have several rest controllers (resources). One controller provides multiple methods to get/post different kind of data. But I have cases where some methods should be public and others needs authentication.
For example:
GET /api/object/method1 <-- Needs authentication
GET /api/object/method2 <-- Public
POST /api/object/method3 <-- Needs authentication
POST /api/object/method4 <-- Public
What is best practice to secure this resource? I can't secure url with antMatcher with following pattern /api/object/**. Because then the public methods would be secured as well. Also I can't secure by request type (GET, POST).
One option I thought about was using only method level security (eg #Secured etc). This would mean that I need to annotate a lot of methods.
Another thought that comes to mind is dividing resource to 2 parts.
For example creating
ObjectResource.java
ObjectResourcePublic.java
One controller base URL would be /api/public/ and second simply /api/
Then I could use antMatcher for these URLS.
Is my only option to secure every path separtely or every method separetly?
What other options do I have to do this kind of partial securing one resource?
You may use below methods apart from above mentioned methods.
1. Write Interceptor/filter
2. Use Aspect and define advise

how many way to access the scope variables in spring-mvc

Some one please me to find out the spring mvc examples,
Because usually, once we log in into the application we will create a session and put some objects into session . we will access later point of time , request scope as well. but spring MVC3 is difficult to understand even documentation also confusing, but every one giving example is basic examples only.
You can access these objects in a JSP/JSTL:
applicationScope
cookie
header
headerValues
initParam
pageContext
pageScope
param
paramValues
requestScope
sessionScope
As well as any request attributes that you add, including model attributes (who's default name is command).
More info here: http://www.informit.com/articles/article.aspx?p=30946&seqNum=7
If you want to access HttpRequest, HttpResponse, HttpSession, add them as arguments to a Spring Controller Handler Method . Spring will pass them in for you.

ASP.NET Web API Help Pages Omit Controllers That Inherit From A Base Controller

I have a controller that I want to generate documentation for using ASP.NET Web API Help Pages.
When I directly inherit from ApiController the documentation appears:
public class ExampleController : ApiController
But when I inherit from a base controller, it is omitted:
public class ExampleController : ApiBaseController
...
public class ApiBaseController: ApiController
I have switched to delegation rather than inheritance, but I wanted to know how to make it work with inheritance.
Here is a tip I picked up in my experimentation.
The documentation leans heavily on the routes in your API config. If your controller isn't covered by a route, it won't show up. Additionally, the order of the routes in your API config is the order of the operations in your documentation.
To cover both of these points I have created named routes for each controller. This has the added benefit of making each route specific, rather than a single route with lots of optional bits. This ensures all my operations appear in the documentation, in a good order.
I have also added the API tester so the API can be called directly from the documentation.
Check the permissions in your base class. I had the same issue and is was a result of methods that should have been set as internal being protected.
Make sure that all your methods that need to be accessed by the parent item are set to internal and any methods that override the ApiController are set to protected.
Post your code if it still doesn't work.
Works like Gravy :)

Proper usage of #SessionAttribute Annotation

I have difficult understand the proper usage of #SessionAttribute annotation.
I wonder does the #SessionAttribute is used to store user authentication object or use to store the form object that exist within the session only.
I want to check whether a use has been login before invoke the handler.
I really confuse between these three class object.
Session scope bean
#SessionAttribute
HttpSession
Please give a proper example of #SessionAttribute usage and pron/cons of each of this
Thanks.
#SessionAttribute is for temporarily storing model objects in the session. Examples include storing a set of search criteria or storing data for a multi-page wizard.
If you're after checking for authentication status, while in theory you could probably hack something together with #SessionAttribute, you're much better off using Spring Security. There are many other authentication and authorization concerns that you aren't addressing if you don't have a security solution in place.

Resources