Class UiConfigHandler
GET /api/v2/ui/config.
Returns the SPA bootstrap payload: site name, login requirement, supported locales, the active theme descriptor, feature flags, paging defaults, and a freshly-issued CSRF token. The endpoint is GET-only and CSRF-exempt because it is the canonical way for an unauthenticated client to obtain a token in the first place.
The handler is defensive: a missing ThemeRegistry or any unexpected
exception during payload assembly is caught and emitted as a structured
envelope (status:9, error.code:"internal_error") so the SPA always
sees a parseable response — never a leaked stack trace.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidhandle(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) Processes one/api/v2/ui/configGET request.
-
Constructor Details
-
UiConfigHandler
public UiConfigHandler()Default constructor. The handler is stateless and intended to be instantiated once by the API manager and shared across concurrent requests.
-
-
Method Details
-
handle
public void handle(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) throws IOException Processes one/api/v2/ui/configGET request.Rejects non-
GETmethods withV2ErrorCode.METHOD_NOT_ALLOWED. Otherwise assembles the SPA bootstrap payload — site name, login requirement, supported locales, active theme descriptor, feature flags, paging defaults, and a freshly-issued CSRF token bound to the session (always required now) — and writes it via the standard v2 envelope. Any unexpected exception is caught and emitted as a structuredinternal_errorenvelope.- Parameters:
req- the incoming HTTP requestres- the HTTP response to write to- Throws:
IOException- if writing the envelope fails
-