I have a get request like below.
Https://localhost.com:8080/search?date=2021110
I get the result when I make a get request. But my requirement is to get multiple values with 2 status. Like status=2 and status=3
If I modify my url like this
Https://localhost.com:8080/search?status=2&status=3&date=2021110
Why not change the request method to POST. Or you can also use ',' between two values and handle it on server programming.
Related
My problem is when I'm trying to access a POST Variable with request.getParameter("name"), it works perfectly. But in some conditions, when a POST request arrives at my application, I also need to get GET Parameter from the Query String.
As far as I can see, with getParameter, you can only access current request's parameters, but, as in my condition, as I said, I also need to fetch GET Parameters inside doPost method.
Is there a way to fetch GET Parameters without parsing the Query String?
If you have parameters with the same name in the query string and in the posted form data, use getParameterValues().
Example:-
String fromQuery = request.getParameterValues("name")[0];
String fromForm = request.getParameterValues("name")[1];
The getParameter() method can return (if possible) both GET and POST parameters as it works transparently between GET and POST. You don't need to do any explicit work to get the GET parameters. you can use getParameter for both query parameters and POST parameters.
But should you do it? - It's considered a poor design practice especially if there is sensitive information to be sent.
Take a look at this answer:
HTTP POST with URL query parameters -- good idea or not?
I think you have a confusion here. You can retrieve all the request parameters (in both GET or POST or others) using the same getParameter(..) depending upon the type of request. If it's a GET request, you can retrieve all the GET parameters.
If it's a POST request, you can retrieve all the POST parameters. You get parameters using getParameter(...). And you make one request at a time. If you make a POST request in html or JSP file, you use doPost method receive all the parameters. At this point, there is nothing in GET request. Then after that, you make a GET request, you retrieve all the parameters in doGet method. At this moment, there is nothing in POST. Remember, HTTP requests are stateless.
To complete #Rei answer check out this code :
your form
<form action="?nom=nom1">
<input type="hidden" name="nom" value="nm2"/>
your doPost
System.out.println(request.getParameter("nom"));
String s = "";
for(String ss : request.getParameterValues("nom")) {
s += "|" + ss;
}
System.out.println(s);
System.out.println(request.getParameterMap().get("nom"));
what will be printed
nom1
|nom1|nm2
[Ljava.lang.String;#c7068db
ps : thanks to Julien for the code and testing
I am creating a REST service in Java ,and have a doubt with regards to params for the GET method .
I have to pass the below params in a GET request
Function
"GET" File status :
Params:
Time Range:(String)
FlowId:(String)
ID_A= or ID_B= or Both (String)
IS_ADD_A= or IS_ADD_B= or both (String)
Regex=(String)
Cookie=XXXXX
So as there are 6 params,so passing it as a query string would not be an efficient way and can't but the same in body(as it is against the HTTP GET specification)
Making this as a POST call would be against the REST principle as I want to get data from the server ,
What would be an efficient way of solving this ,would passing the params as query string is out of question,passing it in body which is against the HTTP spec ,making this as headers which may also be not good ,making this as POST request which will voilate the fielding's REST principle .
Passing data in the body of an HTTP GET call is not only against the spec but causes problems with various server-side technologies which assume you don't need access to the body in a GET call. (Some client side frameworks also have some issues with GET and a query in the body) If you have queried with long parameters I'd go with POST. It's then using POST for getting data but you'd not be the only one having to go this way to support potentially large queries.
If your parameters values aren't very long, using query string is your best option here. 6 params is not a lot, as long you don't exceed the IE limit of characters in the path - 2,048 (http://www.boutell.com/newfaq/misc/urllength.html). For example Google search engine uses many more params then 6. If there is a possibility that the URL path will exceed the limit above, you should use POST instead.
I have been working on an android application project that uses HTTP Get to send and receive data from MySQL through a PHP file using JSON from Java.
I have lately been running into some issues in theory behind best practices using HTTP Transport and passing Parameters via a URL.
First Question:
How should I be passing my data to my PHP Webservices ?
Currently I am just passing the data through single parameters using key value pairs like so:
myurl.com/retrieveinfo.php?user_id=453&password=sha1-hash-value
Should I be moving this type of request to append a JSON object onto the URL instead? like so:
myurl.com/retrieveinfo.php?{\"users\":{\"username\":\"User1Name\" ,\"user_id\":453 , \"password\":\"sha1-hash-value\"}}
Second Question:
*How should I be handling the JSON Response from the Server ? Do I need to push this work off to a handler and make sure the UI Thread is not the one doing this work? *
Currently I am just parsing the JSON using separate methods for each Object Type such as
User.Class
private void parseUserInfo(JSONObject response){
// Do all my Parsing for a User Object
try{
JSONArray users = response.getJSONArray("users");
JSONObject user = users.getJSONObject(0);
// Get the User info etc...
}catch(JSONException ex){
ex.printStackTrace();
}
}
Notes.Class
private void parseNotes(JSONObject response){
// Do all my Parsing for a Note Object
try{
JSONArray notes = response.getJSONArray("notes");
for (int index = 0; index < notes.length() ; index++)
{
JSONObject note = notes.getJSONObject(index);
// Get all the note info etc...
}
}catch(JSONException ex){
ex.printStackTrace();
}
}
Third Question:
I would like my PHP server files to only work for my Application. So what is the best way to secure my PHP files on my server so a request to my files wont go through if its run in a browser ?
Should I be sending some temp key that only my application knows about ?
Thanks
First Question:
You don't really want to put a JSON object on the url as a query parameter. The real two debates that I see is that you either 1) use the key value pairs you were using, or 2) make this a POST and send the JSON as a payload.
Since you are not planning on exposing the API to anyone, I don't really find it important for you to follow standard nomenclatures. Do whatever you want to do. However, from a REST standpoint, anything that retrieves info should be a GET call, and the data should be key-value pairs on the query string. However, it looks like you are passing in a username and password (ok, the sha of the pass). It is considered best practice to always pass user info as the payload. So almost all login type protocols use a POST for user data. User-id's or session id's are common in the query string but usernames and passwords should almost always be in a payload.
Note: sometimes in TLS (SSL) it is considered ok to include these things in the query string.
Second Question:
Honestly, I would just use Jackson. https://github.com/FasterXML/jackson
But otherwise, it is normal to have a seperate layer for parsing. In otherwords, one class handles all the parsing. You do not want to put this code inside your models if you can avoid it. The new layer would handle parsing and would pass the Java Model objects down to the next layer.
Third Question:
The easiest way to do this would simply be to check the user-agent header on the request. Make sure that the user-agent is your application, and not a browser.
However, it would still be possible for people to "spoof" this. Using a temp key wouldn't really help either, because once people sniff the traffic they can figure out the temp key.
The standard thing here is to do some type of session based key, where the application sends some type of MAC in order to prove it is a valid client.
You could also consider using OAUTH2 to protect your api's.
I am using JMeter to do some testing.
I have to do a HTTP GET on a URL like www.acme.com/documents/next.
This shall return me a document ID, then i need to do a POST based on that document ID like
www.acme.com/document/{document_id}. This document ID shall be the one returned by the previous GET request.
I will need to run this in many threads, so if there needs to be a variable used to store the result of the GET, it should be stored in something like a ThreadLocal because each one will get a unique id when it called the GET method.
You should use postprocessor to extract variable. Your test plan will look like this:
Thread Group
- GET request to /documents/next
--- Regular Expression Extractor (with reference name=variable)
- POST request to /document/${variable}
We have already shipped a client (.NET WinForms) application which sends customer data to Java server. While most of the data sent by client are accepted at server side, some records are truncated because of the presence of & character in it, as client sends raw & and do not URL encode it, we have fixed it by using the below code:
string dataBefore="A & B";
string dataBefore = System.Web.HttpUtility.UrlEncode(dataBefore);
It is impossible for us to update all the client applications(which are already shipped) and we are thinking of a server side fix.
With the help of Fiddler, we have made sure the data has left client in full, but when server reads as below:
//in java
String dataReceied=request.getParameter("data");
it gets truncated if data contains &
Could someone help us suggesting a server side(java) fix for this? Is it possible to access the request stream in java(instead of request.getParameter())?
You can get access to the raw query string using HttpServletRequest.getQueryString() (javadoc), which:
returns a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.
You can them perform manual decoding on that string, instead of using getParameter().
#Wesley's idea of using getParameterMap() may not be useful, because you don't know which order the parameters were supplied in.
I'd suggest implementing this logic as a servlet filter, to decouple the fixing of the broken parameters from your actual servlet logic. This would involve writing a custom subclass of HttpServletRequestWrapper which overrides getParameter() and manuyally decodes the query string. Your servlet would then be able to use the HttpServletrequest API as though everything was tickety boo.
It is cut off because & signifies a new URL parameter in a request like this:
google.com?query=java&page=2. Java converts all these parameters to a Map, so that's where it goes wrong.
Have you tried iterating through request.getParameterMap()? The remaining data is most likely in the name of the next parameter. If that does not work, check out the API of HTTPServletRequest to see if there is another way to get your data.
Good luck!
PS How angry are you guys at the intern that wrote & shipped that client? That sounds messed up!