Validate REST Request

Contents

Overview
General Configuration
REST Request Parameter Restrictions

Overview

The Validate REST Request filter enables you to validate the following aspects of a REST request:

  • The HTTP method used in the request.

  • Each of the query string parameters against a set of restrictive conditions called a Request Parameter Restriction.

For example, a Request Parameter Restriction enables you to specify the expected data type of a named parameter, a regular expression for the parameter value, the minimum and maximum length of a string parameter, the minimum and maximum value of a numeric parameter, and so on.

This filter is found in the Content Filtering category in the Policy Studio. For details on how to create a REST request, see the Create REST Request filter.

General Configuration

Complete the following fields on the Validate REST Request screen:

Name:

Enter an appropriate name for the filter.

HTTP Method:

Enter or select the HTTP method of the incoming message (for example, POST, GET, DELETE, and so on). The HTTP method of the incoming request must match the method specified here.

REST Request Parameter Restrictions

Click the Add button to configure restrictions on the values of query string parameters. You can configure the following settings in the REST Request Parameter Restrictions dialog:

REST Request Parameter Details

Complete the following fields:

Description The description entered here is displayed in the REST Request Parameter Restriction table on the main filter screen (for example, Name parameter must be string no longer than 10 characters). This field is mandatory.
Request Parameter Name The name of the query string parameter to validate (for example, name). This field is mandatory.
Request Parameter Type The data type of the query string parameter (for example, string or integer). You can enter a value or select from the drop-down list. This field is mandatory.
Fail if request parameter not found Select this option if the specified request parameter must be present in the request query string. The filter fails if the parameter is not found.


Request Parameter Restrictions

Complete the following fields:

Min Length Specifies the minimum number of characters or list items allowed (for example, 0). The default value of -1 means that this restriction is ignored.
Max Length Specifies the exact number of characters or list items allowed (for example, 10). The default value of -1 means that this restriction is ignored.
Regular Expression Specifies the exact sequence of characters that are permitted using a regular expression (for example, [a-zA-Z\s]*).
[Note] Note

Do not enter the ^ character at the beginning of the expression and the $ character at the end of the expression. This filter uses the XML Schema Pattern Facet regular expression language, which implicitly anchors all regular expressions at the head and tail.

Enumeration Specifies a list of permitted values. Click Add to enter an item in the list, and Click OK. Repeat as necessary to add multiple values.


Advanced Restrictions

Complete the following fields:

Greater than Specifies that the value entered in the Minimum Value field represents an exclusive lower bound (the value must greater than this).
Greater than or Equal to Specifies that the value entered in the Minimum Value field represents an inclusive lower bound (the value must greater than or equal to this).
Minimum Value Specifies the lower bounds for numeric values (for example, the value must greater than 20).
Less than Specifies that the value entered in the Maximum Value field represents an exclusive lower bound (the value must less than this).
Less than or Equal to Specifies that the value entered in the Maximum Value field represents an inclusive lower bound (the value must less than or equal to this).
Maximum Value Specifies the upper bounds for numeric values (for example, the value must less than or equal to 30).
Max Total Digits for Number Specifies the maximum number of digits allowed for a numeric data type. The default value of -1 means that this restriction is ignored.
Max Digits in Fraction Part of Number Specifies the exact number of digits allowed in the fraction part of a numeric type. For example, the number 1.23 has two fraction digits (two numbers after the decimal point). The default value of -1 means that this restriction is ignored.
Whitespace Specifies how white space is handled (for example, line feeds, tabs, spaces, and carriage returns). You can enter one of the following values:

  • Preserve means the XML processor preserves (does not remove) any white space characters.

  • Replace means the XML processor replaces any white space characters (line feeds, tabs, and carriage returns) with spaces.

  • Remove means the XML processor removes any white space characters (line feeds, tabs, spaces, carriage returns are replaced with spaces, leading and trailing spaces are removed, and multiple spaces are reduced to a single space).


Fail if unspecified request parameter found:

If a request parameter is found on the incoming query string that has not been specified in the REST Request Parameter Restrictions table, this filter fails. You can use this option to guard against processing a query string containing a potentially malicious request parameter (for example, /uri?number=2&badParam=System.exit(1);).

Prev  Up  Next
  Home