Overview
|
The Validate REST Request filter enables you to validate the following
aspects of a REST request:
-
The HTTP method used in the request.
-
Each of the query string parameters against a set of restrictive
conditions called a Request Parameter Restriction.
For example, a Request Parameter Restriction enables you to specify the expected data type
of a named parameter, a regular expression for the parameter value, the minimum and maximum
length of a string parameter, the minimum and maximum value of a numeric parameter, and so on.
This filter is found in the Content Filtering category in the Policy Studio.
For details on how to create a REST request, see the
Create REST Request filter.
|
General Configuration
|
Complete the following fields on the Validate REST Request screen:
Name:
Enter an appropriate name for the filter.
HTTP Method:
Enter or select the HTTP method of the incoming message (for example, POST ,
GET , DELETE , and so on). The HTTP method of the incoming request
must match the method specified here.
|
REST Request Parameter Restrictions
|
Click the Add button to configure restrictions on the values of query
string parameters. You can configure the following settings in the REST Request
Parameter Restrictions dialog:
REST Request Parameter Details
Complete the following fields:
Description
|
The description entered here is displayed in the REST Request
Parameter Restriction table on the main filter screen (for example,
Name parameter must be string no longer than 10 characters) .
This field is mandatory.
|
Request Parameter Name
|
The name of the query string parameter to validate (for example,
name ). This field is mandatory.
|
Request Parameter Type
|
The data type of the query string parameter (for example, string
or integer ). You can enter a value or select from the drop-down
list. This field is mandatory.
|
Fail if request parameter not found
|
Select this option if the specified request parameter must be present in the
request query string. The filter fails if the parameter is not found.
|
Request Parameter Restrictions
Complete the following fields:
Min Length
|
Specifies the minimum number of characters or list items allowed (for example,
0 ). The default value of -1 means that this restriction
is ignored.
|
Max Length
|
Specifies the exact number of characters or list items allowed (for example,
10 ). The default value of -1 means that this restriction
is ignored.
|
Regular Expression
|
Specifies the exact sequence of characters that are permitted using a
regular expression (for example, ^[a-zA-Z\s]*$ ).
|
Enumeration
|
Specifies a list of permitted values. Click Add to
enter an item in the list, and Click OK. Repeat as
necessary to add multiple values.
|
Advanced Restrictions
Complete the following fields:
Greater than
|
Specifies that the value entered in the Minimum Value field
represents an exclusive lower bound (the value must greater than this).
|
Greater than or Equal to
|
Specifies that the value entered in the Minimum Value field
represents an inclusive lower bound (the value must greater than or equal to this).
|
Minimum Value
|
Specifies the lower bounds for numeric values (for example, the value must
greater than 20).
|
Less than
|
Specifies that the value entered in the Maximum Value field
represents an exclusive lower bound (the value must less than this).
|
Less than or Equal to
|
Specifies that the value entered in the Maximum Value field
represents an inclusive lower bound (the value must less than or equal to this).
|
Maximum Value
|
Specifies the upper bounds for numeric values (for example, the value must
less than or equal to 30).
|
Max Total Digits for Number
|
Specifies the maximum number of digits allowed for a numeric data type.
The default value of -1 means that this restriction is
ignored.
|
Max Digits in Fraction Part of Number
|
Specifies the exact number of digits allowed in the fraction part of a
numeric type. For example, the number 1.23 has two fraction digits (two
numbers after the decimal point). The default value of -1
means that this restriction is ignored.
|
Whitespace
|
Specifies how white space is handled (for example, line feeds, tabs, spaces,
and carriage returns). You can enter one of the following values:
-
Preserve means the XML processor preserves (does not
remove) any white space characters.
-
Replace means the XML processor replaces any white space
characters (line feeds, tabs, and carriage returns) with spaces.
-
Remove means the XML processor removes any white space
characters (line feeds, tabs, spaces, carriage returns are replaced
with spaces, leading and trailing spaces are removed, and multiple
spaces are reduced to a single space).
|
Fail if unspecified request parameter found:
If a request parameter is found on the incoming query string that has not been
specified in the REST Request Parameter Restrictions table,
this filter fails. You can use this option to guard against processing a
query string containing a potentially malicious request parameter
(for example, /uri?number=2&badParam=System.exit(1); ).
|
|