enkan-core package has middlewares as follows:
AuthenticationMiddleware enables to authenticate a request using some backends.
| Name | Description |
|---|---|
| backends | The list of authentication backends. |
app.use(new AuthenticateMiddleware(backends));
app.use(new ServiceUnavailableMiddleware(serviceUnavailableEndpoint));
| Name | Type | Description |
|---|---|---|
| endpoint | Endpoint | Returns the response when service is unavailable. |
enkan-web package has middlewares as follows:
AbsoluteRedirectsMiddleware rewrites the URL contains Location http response header to the absolute URL.
Location: /abc/123
↓
Location: http://myhost/abc/123
app.use(new AbsoluteRedirectsMiddleware());
AbsoluteRedirectsMiddleware has no properties.
AntiForgeryMiddleware appends the token check for protecting from the CSRF attack.
When the request method isn’t GET/HEAD/OPTIONS, AntiForgeryMiddleware validates the given token.
If the token is invalid, it returns the forbidden response.
Because AntiForgeryMiddleware requires Session, We recommend using Conversation instead of this.
app.use(new AntiForgeryMiddleware());
AntiForgeryMiddleware has no properties.
Parses the Accept header and sets the value to a request.
app.use(new ContentNegotiationMiddleware());
Adds the Content-Type header if the response does not contains a Content-Type header yet.
app.use(new ContentTypeMiddleware());
Adds the X-Content-Type-Options for protecting a XSS attack.
app.use(new ContentTypeOptionsMiddleware());
Creates a conversation and save states related with its conversation to the conversation store.
app.use(new ConversationMiddleware());
Parses Cookie header and sets the Set-Cookie header to the response.
app.use(new CookiesMiddleware());
Adds the default charset to the response.
app.use(new DefaultCharsetMiddleware());
Serializes and deserializes a flash value.
app.use(new FlashMiddleware());
Adds the X-Frame-Options header to a response for a click jacking attack.
app.use(new FrameOptionsMiddleware());
Enkan Session has no expires in default. This middleware append the feature of timeout to the session.
app.use(new IdleSessionTimeoutMiddleware());
Override a request method.
app.use(new MethodOverrideMiddleware());
Parses the multipart request.
app.use(new MultipartParamsMiddleware());
NestedParamsMiddleware enables to parse nested parameters like foo[][bar]. It requires ParamMiddleware.
app.use(new NestedParamsMiddleware());
Normalize the parameter values. It’s for trimming spaces or converting letter case.
app.use(new NormalizationMiddleware());
ParamMiddleware enables to parse urlencoded query string and post body and set to a request object.
app.use(new ParamsMiddleware());
Returns the asset file that is searched from classpath.
app.use(new ResourceMiddleware());
| Name | Description |
|---|---|
| rootPath | The path prefix. Default value is public |
SessionMiddleware enables to store/load session objects to/from in-memory or JCache.
app.use(new SessionMiddleware());
| Name | Description |
|---|---|
| cookieName | A name of cookie for session id. Default value is enkan-session |
| store | A storage for session. |
Adds the response header for tracing using middlewares.
app.use(new TraceMiddleware());
Adds X-XSS-Protection header to the response.
app.use(new XssProtectionMiddleware());
Invoke a controller method.
app.use(new ControllerInvokerMiddleware());
Populate the request body to a Java bean object.
app.use(new FormMiddleware());
FormMiddleware has no properties.
Render HTML using a template. When a controller returns TemplatedHttpResponse, it has yet to be rendered.
app.use(new RenderTemplateMiddleware());
RenderTemplateMiddleware has no properties.
Routes the request to a controller method.
app.use(new RoutingMiddleware(routes));
| Name | Description |
|---|---|
| routes | Defined routes |
Deserialize the request body and serializes the response body.
app.use(new SerDesMiddleware());
| Name | Description |
|---|---|
| bodyReaders | |
| bodyWriters | |
TBD
Validates the body object. If body object is implemented the Validatable interface, the error messages is set to it.
app.use(new ValidateFormMiddleware());
ValidateFormMiddleware has no properties.