[Coldbox 3.5.2] Finding parameters for REST enabled URL's

Hey All,

We’ve been working on using Coldbox to create rest style handlers.
Now everything is straight forward enough to get up and running but securing calls is not so easy.

I need to find a way to get a hold of the information being posted before it gets injected into the rc or some way of knowing where the rc got the values.
This way we can do something similar to oauth without needing oauth. Similar to what is posted here http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ we intend on expecting a hash which we can verify.

The problem stands that within an interceptor there is no way to know what within the RC must be used as part of the hash construction.
Given a simple route:

addRoute(pattern = “/user/:userid/:username”,
handler = “UserHandler”,
action = {PUT = “update”},
ssl = false);

The only way for an interceptor of “preProcess” to know that userid and username are parameters is by either having access to the invoked route config or by some other form of meta data.
Now while the validation could also lie in the handler and do secure checks before calling a service, we would like to avoid the boilerplate.

Considering all the possible ways that the parameters are able to be passed in; Is there any way to get the routes at runtime or intercept at the point where the RC is populated?

Thanks in advance,
Gerhard Davids

Use the onRequestCapture interception point


Luis F. Majano
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

Social: twitter.com/lmajano facebook.com/lmajano

Hey Luis,

Thanks for that.

We found that we could simply things by reading the meta data of the target action.
By ensuring that the handler remains very slim and that the naming matches between the handler and service we were able to use meta data from the service to determine which parameters to expect, their order and their type.

This ended up being a best fit scenario for us.