Poco::OSP::Web

class WebServerExtensionPoint

Library: OSP/Web
Package: Web
Header: Poco/OSP/Web/WebServerExtensionPoint.h

Description

WebServerExtension handles two extensions points. To register a directory in the Webserver:

<extension point="osp.web.server.directory"
           path="URI"
           resource="dir inside bundle"
           allowSpecialization="none|owner|all"
           index="index.html"/>

To register a RequestHandlerFactory for a given server uri/set of uris:

<extension point="osp.web.server.requesthandler"
           path="URI"
           class="MyRequestHandlerFactory"
           library="MyLib"/>

Note that the extension points are automatically removed if a bundle is stopped.

The following attributes can be specified for both extension points:

  • path: The URI on the server to which the resource or handler is mapped.
  • description: User-readable description of resource or handler.
  • secure: If "true", require a secure (HTTPS) connection to access the resource.
  • realm: Specify authentication realm (together with permission).
  • permission: Specify the necessary access permission for this resource. Unless a session name is specified, HTTP Basic Authentication is used to obtain the user's user name and password, which are then checked against the specified permission using the authorization service. If the permission string is an asterisk ("*"), only the validity of the credentials is verified.
  • authMethods: Specifies a comma-separated list of allowed authentication methods ("basic", "session", "bearer"). If not specified the globally enabled authentication methods will be used.
  • session: Specify the name of the session used for session-based authentication instead of HTTP Basic Authentication. If specified together with a permission, the session with the specified name is obtained from the WebSessionService, and the current users's name is obtained from the session's "username" attribute, which must be a std::string.
  • csrfProtection: If "true", enable CSRF/XSRF protection for session-based authentication. Requests must contain a header (default name "X-XSRF-TOKEN", but can be set with csrfToken attribute) containing the session's CSRF token.
  • csrfTokenHeader: For CSRF/XSRF protection, specify the name of the header containing the CSRF/XSRF token. Defaults to "X-XSRF-TOKEN".
  • hidden: If "true", path is not included by WebServerDispatcher::listVirtualPaths().

The following attributes can be specified for "osp.web.server.directory":

  • resource: Specify a directory within the bundle where the HTML, image and other files are located.
  • index: Specify the name of the default document (defaults to "index.html").
  • cache: If "true", files in this directory can be cached. Defaults to "true". Set to "false" to disable caching.
  • allowSpecialization: Using the allowSpecialization attribute, a bundle can specify whether other bundles can register themselves for subdirectories of the directory specified in path. The following values are supported: none: it is impossible to map resources or request handlers to subdirectories; owner: only this bundle can map resources or request handlers to subdirectories; all: any bundle can map resources or request handlers to subdirectories.

The following attributes can be specified for "osp.web.server.requesthandler":

  • pattern: A regular expression for matching requests to the handler. If specified, no path attribute should be specified. If both the pattern and path attributes are given, path is ignored. Paths containing a pattern are not included by WebServerDispatcher::listVirtualPaths().
  • methods: A comma-separated list of HTTP request methods ("GET", "POST", etc.") supported by the handler. If not specified, all methods are passed to the handler.
  • class: The class name of the request handler factory.
  • library: The name of the shared library containing the request handler factory.

Inheritance

Direct Base Classes: Poco::OSP::ExtensionPoint

All Base Classes: Poco::OSP::ExtensionPoint, Poco::RefCountedObject

Member Summary

Member Functions: handleCommon, handleDirectory, handleExtension, handleRequestHandler, onBundleStopped

Inherited Functions: duplicate, handleExtension, referenceCount, release, removeExtension

Constructors

WebServerExtensionPoint

WebServerExtensionPoint(
    BundleContext::Ptr pContext,
    WebServerDispatcher * pDispatcher
);

Creates the WebServerExtension. Expects a not null pointer to the Web which must be valid during the whole life-time of the extension object

Destructor

~WebServerExtensionPoint virtual

~WebServerExtensionPoint();

Destroys the WebServerExtension.

Member Functions

handleExtension virtual

void handleExtension(
    Bundle::ConstPtr pBundle,
    Poco::XML::Element * pExtensionElem
);

handleCommon protected

void handleCommon(
    Bundle::ConstPtr pBundle,
    Poco::XML::Element * pExtensionElem,
    WebServerDispatcher::VirtualPath & vPath
);

handleDirectory protected

void handleDirectory(
    Bundle::ConstPtr pBundle,
    Poco::XML::Element * pExtensionElem
);

handleRequestHandler protected

void handleRequestHandler(
    Bundle::ConstPtr pBundle,
    Poco::XML::Element * pExtensionElem
);

onBundleStopped protected

void onBundleStopped(
    const void * pSender,
    BundleEvent & ev
);

When a bundle is stopped, all of its request handlers and mappings are automatically disabled.

Variables

EXTPOINT_DIRECTORY static

static const std::string EXTPOINT_DIRECTORY;

EXTPOINT_HANDLER static

static const std::string EXTPOINT_HANDLER;

ATTR_ALLOWSPECIALIZATION protected static

static const std::string ATTR_ALLOWSPECIALIZATION;

ATTR_AUTHMETHODS protected static

static const std::string ATTR_AUTHMETHODS;

ATTR_CACHE protected static

static const std::string ATTR_CACHE;

ATTR_CLASS protected static

static const std::string ATTR_CLASS;

ATTR_CSRFPROTECTION protected static

static const std::string ATTR_CSRFPROTECTION;

ATTR_CSRFTOKENHEADER protected static

static const std::string ATTR_CSRFTOKENHEADER;

ATTR_DESCRIPTION protected static

static const std::string ATTR_DESCRIPTION;

ATTR_HIDDEN protected static

static const std::string ATTR_HIDDEN;

ATTR_INDEX protected static

static const std::string ATTR_INDEX;

ATTR_LIBRARY protected static

static const std::string ATTR_LIBRARY;

ATTR_METHODS protected static

static const std::string ATTR_METHODS;

ATTR_PATH protected static

static const std::string ATTR_PATH;

ATTR_PATTERN protected static

static const std::string ATTR_PATTERN;

ATTR_PERMISSION protected static

static const std::string ATTR_PERMISSION;

ATTR_REALM protected static

static const std::string ATTR_REALM;

ATTR_RESOURCE protected static

static const std::string ATTR_RESOURCE;

ATTR_SECURE protected static

static const std::string ATTR_SECURE;

ATTR_SESSION protected static

static const std::string ATTR_SESSION;

MANIFEST_NAME protected static

static const std::string MANIFEST_NAME;