Showing posts with label MVC. Show all posts
Showing posts with label MVC. Show all posts

Tuesday, 14 June 2016

Easily Test ATG REST API using HttpRequester

While implementing ATG REST WebServices, We need to test them. There are number of tools available to achieve this. Recently I have used HttpRequester, its a great tool.

Below are the key features of this tool.
  • Easy to install (Available as addon to firefox).
  • Simple User Interface.
  • Preserves the history of request So that user can review or re-execute the request.
Here I am going to explain login\logout using HttpRequester. Sometimes we need to test functionality for registered user, to validate login flows. Using below steps user can login into application and then perform activities finally logout from system

Step 1 : Obtain the session identifier.
Call /atg/rest/SessionConfirmationActor/getSessionConfirmationNumber actor chain. This will return the session identifier.
Session Confirmation Request

Session Confirmation Response

Step 2 : Pass this session identifier in further requests using _dynSessConf request parameter.

Login Request

Note : For logout call also you need to use the same identifier.

Logout Request

Below is the Request history window. Here double click on any request, pop up will appear to re-execute the request.
HttpRequester Request History Window

Saturday, 11 July 2015


Nowadays it is very common for enterprise applications to share data and business logic with other applications. This can be easily achieved using web services. This becomes very tricky when providing omni channel support in E-commerce (accessing site using android or any other native application).

ATG allows developers to create their own webservices along with pre-packages services.

These pre-packages services are available in below modules.
  1. DAS.WebServices
  2. DPS.WebServices
  3. DCS.WebServices 
ATG supports two types of REST webservices (webservices APIs).
  1. Legacy REST API

Here I am going to explain REST MVC.

Steps to create New REST MVC Call
  • Create Actor.
  • Define Actor chain(s) for that actor.
  • Register Actor with ActorChainRestRegistry.
  • Create Bean filter (optional).
Steps to create REST Actor
  1. Create Component of class.
  2. Define actor chains for this component (xml configuration).
  3. Point definitionFile property of the component to xml file created in step 2.
Below is the example of Hello World Actor


Actor Chain definition file (helloWorldActor.xml)
<?xml version="1.0" encoding="UTF-8"?>
<actor-template default-chain-id="sayHello" xsi:noNamespaceSchemaLocation=""
<actor-chain id="sayHello" transaction="TX_SUPPORTS">
       <component id="sayHello" name="/com/test/web/HelloWorld"

Registering this actor with ActorChainRestRegistry

To register this actor you need to add the actor path with chain id to registeredUrls property of /atg/rest/registry/ActorChainRestRegistry component.

One important thing to remember here is ,that you are registering actor chain not actor. In the case there are more then one chains defined for that actor you need to register each one here. In  other words you can say each chain ID should be registered separately.

By default, no actors are registered.

In below code snippet we are registering sayHello chain. 


 ATG REST MVC Supports below Actor Types.
  • Component Actor 
  • Droplet Actor
  • Form Actor
  • JSP Actor
  • Nested Actor
  • Variable Actor 

Filtering in MVC REST

Filtering is used in REST MVC to control the property in the response object. In other words filter is way to configure which properties will be available in the response object. This is to avoid unnecessary data in the response.
REST MVC support two types of filters.
  1. Java bean filtering.
  2. Repository item filtering.
Steps to configure filter
  • Layer /atg/dynamo/service/filter/bean/beanFilteringConfiguration.xml 
  • Configure filter in this file
  • Refer this filter in actor chain
  • ATG recommends 3 types of filters

Once filter is defined you can use filter in actor chain using filter-id attribute.

Filter definition example.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE bean-filtering SYSTEM "dynamosystemresource:/atg/dtds/beanfilter/beanFiltering_1.0.dtd">
<repository name="/atg/userprofiling/ProfileAdapterRepository">
   <item-descriptor name="user">
      <filter id="customDetail" default-include="false">
        <property hidden="false" name="firstName"/>     
        <property hidden="false" name="lastName"/>


Using filter in actor chain.  

 <?xml version="1.0" encoding="UTF-8"?>
<actor-template default-chain-id="summary" xsi:noNamespaceSchemaLocation="" xmlns:xsi="">
  <actor-chain id="customDetail" transaction="TX_SUPPORTS">
    <component id="profile" name="/atg/userprofiling/Profile" invoke-method-requires-session-confirmation="true" component-var="profile" set-property-requires-session-confirmation="true">
      <output id="profile" filter-id="customDetail" name="profile" value="${profile.dataSource}"/>

Note : It is best to define a filter for every object, so that you can control its output. Note that if an object has no filters defined, it will output all properties.

Configure Security in REST MVC 

Once REST call is implemented then It is time to secure it. Security is crucial to avoid unauthorized access. 

Follow below steps to secure rest webservice
  • Create the RuleSetService.
  • Create Access Controller.
  • Add mapping from actor chain to Access Controller in /atg/dynamo/servlet/dafpipeline/AccessControlServlet. 
CustomRuleService (Only logged in user can access).


# Use must have securityStatus 4 or higher (EXPLICIT-SIGNIN, SECURE-SIGNIN, CERTIFICATE)
ruleSet=<ruleset>\n  <accepts>\n    <rule op\=and tag\="Show">\n      <rule op\=and tag\="Content">\n      </rule>\n      <rule op\=and tag\="Environment">\n        <rule op\=gt>\n          <valueof target\="securityStatus">\n          <valueof constant\="3">\n        </rule>\n      </rule>\n    </rule>\n  </accepts>\n</ruleset>

# Rules used to determine whether access should be allowed
# URL to redirect to if access is denied
  • Get and Post are supported.
  • Access restriction  by AccessControllerService.
  • Also support implicit objects (session, request).
  • URL syntax http://host:port/rest/model/actor_component/tail.

ATG REST MVC Key Components
  • /atg/rest/Configuration/ 
  • /atg/rest/registry/ActorChainRestRegistry/
  • /atg/dynamo/service/filter/bean/XmlFilterService
  • /atg/dynamo/service/actor/ActorChainValidationService