How to intercept /xas requests

0
Hi all. We learn that the “xas/” processes CRUD actions and microflow execution calls issued by the web client from the following doc link. https://docs.mendix.com/refguide/monitoring-mendix-runtime#request-handlers So we wonder if we can intercept this requests and log all the CURD operations from the client, and improve our security. Can we? We have tried the following handler but it is not working with /xas requests, only the custom REST services. What can we do with /xas? Or is there other way to log all my CURD operations in Mendix app?   Thanks.
asked
2 answers
1

This is a well known issue, and we avoid this by forcing users to use microflows. Depending on the operation, this is easier or harder:

  • Creates: do not check the ‘create’ box in the entity access setting, instead create a microflow which creates the object.
  • Deletes: do not check the ‘delete' box in the entity access setting, instead create a microflow which deletes the object.
  • Update: you should probably not change this behavior, but if you really must I use the following trick: I set an event handler on the entity which always returns false. This stops commits through /xas requests. Then, all saving must be done through microflows, and in these microflows you must commit objects without events.
  • Read: you should really not change this behavior, but if you must I would use the following pattern: duplicate your domain model with a non-persistent version. When you want to display something, create a non-persistent object and copy the data from the persistent object to the non-persistent object. Be aware that this is a really annoying pattern to implement: it decreases development speed and many functionalities that you get out of the box just don't work anymore.
answered
0

Hi Andes,

Instead of trying to figure out how Mendix internals work (which will probably differ between Mx versions and will change in the future) you can look into specialized tools for Mendix.

To monitor all xas requests for the purposes of performance I recommend APD https://www.mansystems.com/smart-digital-factory/tooling/apd
To check the security of your app I recommend AMS https://www.mansystems.com/smart-digital-factory/tooling/ams

 

answered