Spring webflow prevent GET method in transition

311 Views Asked by Hossein At 30 May 2019 at 16:54

I am using spring webflow 2.3.1.RELEASE in my project.

The customer's security team raised and issue witch is "It is possible to change the http method from POST to GET and the application accepts the change and continues working."

So I need to prevent this change and make my transitions accept only POST method. Or throw exception if I get any request parameter other than execution in the url.

How can I do this?

Original Q&A

There are 2 best solutions below

Hossein On 31 May 2019 at 09:46 BEST ANSWER

I solved the problem using interceptors of the FlowHandlerMapping.

I've created a class and named it MethodInterceptor, implementend org.springframework.web.context.request.WebRequestInterceptor.

in the "public void preHandle(WebRequest request) throws Exception" method, I checked the request method, if it was get, I checked the request parameters to be either empty or contain only the execution parameter. If the condition didn't meet, I threw an exception.

rptmat57 On 31 May 2019 at 04:10

You could create your own FlowExecutionListener and throw an exception when the request method is different than POST and/or when request parameters are present.

see the documentation here and API here

Spring webflow prevent GET method in transition

There are 2 best solutions below

Related Questions in SPRING

Related Questions in SPRING-WEBFLOW

Related Questions in SPRING-WEBFLOW-2

Trending Questions

Popular # Hahtags

Popular Questions