I have an endpoint in Google Cloud Endpoints Frameworks for App Engine (Java). The endpoint is restricted to require an API key like this:
我在App Cloud(Google)的Google Cloud Endpoints框架中有一个端点。端点被限制为需要这样的API密钥:
@ApiMethod(name = "echo", path = "echo", apiKeyRequired = AnnotationBoolean.TRUE, httpMethod = ApiMethod.HttpMethod.GET)
Which is working. However if I add a trailing slash when making the call, the endpoint returns data without an api key requirement.
这是有效的。但是,如果在进行调用时添加尾部斜杠,则端点将返回没有api密钥要求的数据。
I have tried to restrict api access globally in the api definition, like this:
我试图在api定义中全局限制api访问,如下所示:
@Api(
name = "myapi",
version = "v1",
apiKeyRequired = AnnotationBoolean.TRUE,
This however does not seem to work. I have regenerated the openapi.json and redeployed both the openapi.js and the app engine app, and the endpoint is still accessible if it has a trailing slash, but not without.
然而,这似乎不起作用。我重新生成了openapi.json并重新部署了openapi.js和app引擎应用程序,如果端点有一个尾部斜杠,端点仍然可以访问,但不是没有。
Does anyone know how I can prevent this? Any insight is much appreciated.
有谁知道我怎么能阻止这个?非常感谢任何见解。
1 个解决方案
#1
0
I was unable to solve this within Google Endpoints, so I utilized tuckey's urlrewrite to remove the trailing slashes in a filter
我无法在Google端点中解决这个问题,因此我使用了tuckey的urlrewrite来删除过滤器中的尾部斜杠
web.xml
web.xml中
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>confPath</param-name>
<param-value>/WEB-INF/urlrewrite.xml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/_ah/api/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
urlrewrite.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.1//EN" "http://www.tuckey.org/res/dtds/urlrewrite3.1.dtd">
<urlrewrite>
<rule match-type="regex">
<note>Remove trailing slash</note>
<from>^(.*)/$</from>
<to type="redirect">$1</to>
</rule>
</urlrewrite>
more info:
更多信息:
http://www.tuckey.org/urlrewrite/manual/4.0/index.html
http://www.tuckey.org/urlrewrite/manual/4.0/index.html
Note: as of yet, it is not redirecting properly. I'm continuing to work on that, and will post updates, but now at least I'm getting a 404 for the version with the trailing slash, rather than the response data without api key, which satisfies my security needs at the moment
注意:到目前为止,它还没有正确重定向。我将继续努力,并将发布更新,但现在至少我得到的是带有斜杠的版本的404,而不是没有api密钥的响应数据,这满足了我目前的安全需求
#1
0
I was unable to solve this within Google Endpoints, so I utilized tuckey's urlrewrite to remove the trailing slashes in a filter
我无法在Google端点中解决这个问题,因此我使用了tuckey的urlrewrite来删除过滤器中的尾部斜杠
web.xml
web.xml中
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>confPath</param-name>
<param-value>/WEB-INF/urlrewrite.xml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/_ah/api/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
urlrewrite.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.1//EN" "http://www.tuckey.org/res/dtds/urlrewrite3.1.dtd">
<urlrewrite>
<rule match-type="regex">
<note>Remove trailing slash</note>
<from>^(.*)/$</from>
<to type="redirect">$1</to>
</rule>
</urlrewrite>
more info:
更多信息:
http://www.tuckey.org/urlrewrite/manual/4.0/index.html
http://www.tuckey.org/urlrewrite/manual/4.0/index.html
Note: as of yet, it is not redirecting properly. I'm continuing to work on that, and will post updates, but now at least I'm getting a 404 for the version with the trailing slash, rather than the response data without api key, which satisfies my security needs at the moment
注意:到目前为止,它还没有正确重定向。我将继续努力,并将发布更新,但现在至少我得到的是带有斜杠的版本的404,而不是没有api密钥的响应数据,这满足了我目前的安全需求