Last updated by admin 3 years ago

HTTP Method ???? {excerpt:hidden=true}HTTP Method Restrictions {excerpt}

?? {excerpt:hidden=true}Introduction {excerpt}

{excerpt:hidden=true}Often a web application needs to impose restrictions on which (+) are allowed for specific actions in the application.  For example, initiating any action that destroys or modifies data using an (+) is generally considered to be a bad idea. {excerpt} ??, ? ??????? ??? HTTP Request Method? ???????? ??? Action?? ???? ???? ? ??? ????. ?? ??? HTTP-GET? ??? ???, ??? ??? ????? ?? ?? ??? ???? ?????.

Request Method ?? {excerpt:hidden=true}Inspecting The Request Method {excerpt}

{excerpt:hidden=true}The request method may be inspected inside of a (+) and the application may respond however is appropriate.  The code below is a way to prevent the delete action from being invoked using an HTTP-GET.   {excerpt} Request Method? Controller Action ??? ???? ?? ??? ???? ?? ??? ?? ???. ??? ??? ?? Action? HTTP-GET? ????? ?? ??? ?? ???? ?? Method???. {excerpt:hidden=true} Instead of redirecting to some other action the application may want to return a (+) error code like this: {excerpt} ?? Action?? Redirect?? ?? ??? 403(Forbidden Access) error? ?? ?? ?? ??? ????.: {excerpt:hidden=true} A problem with inspecting the request method inside of the controller action is that this code ends up being repeated in a lot of actions within a controller, in many controllers in an application and in many applications.  For specialized application specific handling of invalid requests this may make sense but for the general case the Grails framework provides a simple declarative syntax to help with this problem. {excerpt} Controller Action??? Request Method? ????, ? ??? ?? ? ?????? ?? Controller?? Action? ?? ???? ??? ???? ????.

??? ???? ??? ????????? ? ??? ??? ??? ??? ?? ?? ??? ????. ???? ??? ?? Grails? ??? ??? ???? ????.

Declarative Syntax For Method Restrictions {excerpt:hidden=true}Declarative Syntax For Method Restrictions {excerpt}

{excerpt:hidden=true}As of version 0.3 Grails provides a simple declarative syntax to help limit access to controller actions based on the HTTP request method.  The optional allowedMethods property may be added to a controller to let the framework know which HTTP methods are allowed for controller actions.  By default, all request methods are allowed for all controller actions.  The allowedMethods property only needs to be defined if the controller contains actions that need to be restricted to certain request methods. {excerpt} Grails 0.3? ??? ??? ???? Http Request Method? ??? ???? ??? ???? ????. ??? option? allowedMethods peoperty? Controller? ????, ?? Http Method? Action?? ???? ?????. ?????? , ?? Method? ?? Controller Action?? ?? ?????. {excerpt:hidden=true}

The allowedMethods property should be assigned a value that is a Map.  The keys in the map should be the names of actions that need to be restricted.  The value associated with each of those keys may be either a String or a List of Strings.  If the value is a String, that String represents the only request method that may be used to invoke that action.  If the value is a List of Strings the List represents all of the request methods that may be used to invoke that action.  If the specified restrictions are violated then a 403 will be returned in the response. {excerpt} allowedMethods property? ?? ????? Map?? ??????. Map? key?? ???? ?? Action??? ??? ? ???, String ?? String list? key? ????, ?? ???? String? ??? ??? ??? Request Method??? Action? ??? ?????. ?? ?? String list? ??? list? ?? ?? Request method? Action? ??? ?? ??? ??? ???? 403??? ???? ???.