I have a Spring controller that validates incoming requests with hibernate validator.
When the request is invalid, MethodArgumentNotValidException is thrown by the validator. Would it be possible to add additional class as an argument to handler method for the exception?
This is what i have:
#RequestMapping(value = "/...", method = RequestMethod.POST)
#ResponseBody
public Response handleCustomObject(#Valid #RequestBody CustomObject obj) {
//..
}
#ExceptionHandler(MethodArgumentNotValidException.class)
#ResponseBody
public Response handleInvalidRequest(MethodArgumentNotValidException e) {
return getMissingMandatoryParametersResponse(e);
}
}
And i would need something like example bellow, however this doesn't work:
#ExceptionHandler(MethodArgumentNotValidException.class)
#ResponseBody
public Response handleInvalidRequest(MethodArgumentNotValidException e, CustomObject obj) {
// do something with CustomObject
}
If you want to do something with the object which failed the validation in the exception handler, you can retrieve it from BindingResult like so:
#ExceptionHandler(MethodArgumentNotValidException.class)
#ResponseBody
public Response handleInvalidRequest(MethodArgumentNotValidException e) {
CustomObject ce = (CustomObject) e.getBindingResult().getTarget();
// do something with CustomObject
}
You can also take a look at Spring JavaDoc for #ExceptionHandler annotation to see the list of supported exception handler method argument types:
Handler methods which are annotated with this annotation are allowed
to have very flexible signatures. They may have arguments of the
following types, in arbitrary order:
An exception argument: declared as a general Exception or as a more specific exception. This also serves as a mapping hint if the
annotation itself does not narrow the exception types through its
value().
Request and/or response objects (Servlet API or Portlet API). You may choose any specific request/response type, e.g. ServletRequest /
HttpServletRequest or PortletRequest / ActionRequest / RenderRequest.
Note that in the Portlet case, an explicitly declared action/render
argument is also used for mapping specific request types onto a
handler method (in case of no other information given that
differentiates between action and render requests).
Session object (Servlet API or Portlet API): either HttpSession or PortletSession. An argument of this type will enforce the presence of
a corresponding session. As a consequence, such an argument will never
be null. Note that session access may not be thread-safe, in
particular in a Servlet environment: Consider switching the
"synchronizeOnSession" flag to "true" if multiple requests are allowed
to access a session concurrently.
WebRequest or NativeWebRequest. Allows for generic request parameter access as well as request/session attribute access, without
ties to the native Servlet/Portlet API.
Locale for the current request locale (determined by the most specific locale resolver available, i.e. the configured LocaleResolver
in a Servlet environment and the portal locale in a Portlet
environment).
InputStream / Reader for access to the request's content. This will be the raw InputStream/Reader as exposed by the Servlet/Portlet
API.
OutputStream / Writer for generating the response's content. This will be the raw OutputStream/Writer as exposed by the Servlet/Portlet
API.
Related
In my organisation, when I want to expose an API, I have to declare it with a swagger contract, same for any update, and it can take multiple weeks before the creation or change is taken into account.
That's why we've come with the idea to declare only one contract for all the APIs we need to expose, and manage the routing in an applicative reverse proxy (the request would include the necessary metadata to allow to route to the appropriate endpoint) :
{
"genericHttpRequest" : base64encodedByteArrayOfAnyHttpRequest
}
Now the question is :
how to manage this request without reimplementing HTTP ? Is it possible to put back the array of byte into a structured HttpServletRequest ?
/**
* Manage a generic request
*/
#RequestMapping(value = "/genericRequest", method = RequestMethod.POST)
public #ResponseBody void manageGenericRequest(#RequestBody GenericHttpRequestDto body) {
byte[] genericHttpRequest = body.getGenericHttpRequest();
//(...)
}
Spring will inject a HttpServletRequest if it is set as a method parameter. Furthermore, wildcard path mappings will enable the methods to be matched to every request:
#RestController
#RequestMapping("/generic-endpoint/**")
public class DemoController {
#RequestMapping
public ResponseEntity<Object> genericGetRequest(HttpServletRequest httpServletRequest) {
return ResponseEntity.ok().body(httpServletRequest.getMethod());
}
}
Optionally, you could return a ResponseEntity to gain more control over your HTTP response.
I was able to internationalize a controller web page request with
#RequestMapping(value="/image")
public String image(#RequestHeader(name=HEADER_CONSTANTS.ACCEPT_LANGUAGE, required=false) String al) {
In the parameter list. However I tried to put it in a ResponseEntityExceptionHandler and it didn't work.
#ControllerAdvice(basePackages="com.example.apis")
public class RestExceptionHandler extends ResponseEntityExceptionHandler {
#ExceptionHandler(ApiException.class)
protected ResponseEntity<Object> handleApiException(ApiException ex, #RequestHeader(name=HEADER_CONSTANTS.ACCEPT_LANGUAGE, required=false) String al) {
2019-05-13 21:59:59.193 WARN 16052 --- [nio-8080-exec-1] .m.m.a.ExceptionHandlerExceptionResolver : Failed to invoke #ExceptionHandler method: protected org.springframework.http.ResponseEntity com.example.apis.RestExceptionHandler.handleApiException(com.example.apis.ApiException,java.lang.String)
java.lang.IllegalStateException: Could not resolve method parameter at index 1 in protected org.springframework.http.ResponseEntity com.example.apis.RestExceptionHandler.handleApiException(com.example.apis.ApiException,java.lang.String): No suitable resolver for argument 1 of type 'java.lang.String'
It works without the #RequestHeader parameter. How can I get the client's Accept-Language HTTP header in the exception handler for JSON API requests?
Spring Boot 1.5.20
If what you need is the locale of the current user, you should register a LocaleResolver and then get the locale from LocaleContextHolder.
#Bean
public LocaleResolver localeResolver() {
// Registering accept-header Locale Resolver with default Locale.US
AcceptHeaderLocaleResolver localeResolver = new AcceptHeaderLocaleResolver();
localeResolver.setDefaultLocale(Locale.US);
return localeResolver;
}
Then you can get the locale in your exception handler by calling LocaleContextHolder.getLocale().
Documentation for #ExceptionHandler
It is invalid syntax, look at the rules of method signatures. You can use WebRequest to get the Header
#ExceptionHandler(ApiException.class)
protected ResponseEntity<Object> handleApiException(ApiException ex, WebRequest request) {
request.getHeader(HttpHeaders.ACCEPT_LANGUAGE);
}
Annotation for handling exceptions in specific handler classes and/or handler methods.
Handler methods which are annotated with this annotation are allowed to have very flexible signatures. They may have parameters of the following types, in arbitrary order:
An exception argument: declared as a general Exception or as a more specific exception. This also serves as a mapping hint if the annotation itself does not narrow the exception types through its value().
Request and/or response objects (typically from the Servlet API). You may choose any specific request/response type, e.g. ServletRequest / HttpServletRequest.
Session object: typically HttpSession. An argument of this type will enforce the presence of a corresponding session. As a consequence, such an argument will never be null. Note that session access may not be thread-safe, in particular in a Servlet environment: Consider switching the "synchronizeOnSession" flag to "true" if multiple requests are allowed to access a session concurrently.
WebRequest or NativeWebRequest. Allows for generic request parameter access as well as request/session attribute access, without ties to the native Servlet API.
Locale for the current request locale (determined by the most specific locale resolver available, i.e. the configured LocaleResolver in a Servlet environment).
InputStream / Reader for access to the request's content. This will be the raw InputStream/Reader as exposed by the Servlet API.
OutputStream / Writer for generating the response's content. This will be the raw OutputStream/Writer as exposed by the Servlet API.
Model as an alternative to returning a model map from the handler method. Note that the provided model is not pre-populated with regular model attributes and therefore always empty, as a convenience for preparing the model for an exception-specific view
I used the following based on Deadpool's answer. I got exceptions (org.springframework.context.NoSuchMessageException) if the language bundle did not contain the translation for a given message key. I wish it was possible to default to English if the .properties file does not contain the translation, in one line.
#ExceptionHandler(ApiException.class)
protected ResponseEntity<Object> handleApiException(ApiException ex, Locale locale) {
String defaultMessage = messages.getMessage(ex.errorMessage, ex.errorArgument, Locale.ENGLISH);
String localErrorMessage = messages.getMessage(ex.errorMessage, ex.errorArgument, defaultMessage, locale);
Background:
I am developing an web application with Spring MVC.
I want to make an aspect that is executed on POST requests and not executed on GET requests, because I want to inject the logic that prevent POST requests which are sent before completion of HTML rendering.
#RequestMapping(value = "/aaa", method = RequestMethod.POST)
public String methodForPost(AnDto dto, Model model) {
// the aspect should be executed on this method
}
#RequestMapping(value = "/bbb", method = RequestMethod.GET)
public String methodForGET(AnDto dto, Model model) {
// the aspect shouldn't be executed on this method
}
Question:
How can I specify method with an parameterized annotation and its value with #Pointcut ?
How can I specify method with an parameterized annotation and its value in <aop:pointcut> in Spring applicationContext.xml?
#Around(value="#annotation(RequestMapping)")
public Object display(ProceedingJoinPoint joinPoint, RequestMapping requestMapping ) throws Throwable {
// You have access to requestMapping. From which you can get whether its get or post and decide to proceed or not.
}
More info http://docs.spring.io/spring/docs/current/spring-framework-reference/html/aop.html#aop-ataspectj-advice-params-passing
You might have to extend this to intercept only for Requestmapping's in your package. Because this intercepts every RequestMappig you might have in your project including one used by the libraries which you might be using, which is a burden.
The source code for Spring OAuth2's AuthorizationEndpoint contains two redundant #RequestMapping annotations for the same /oauth/authorize endpoint. One of them specifies the POST method, while the other does not specify a method.
How are the two #RequestMapping annotations interpreted? Does the one that specifies POST exclusively handle all POST /oauth/authorize requests, and does the one that does not specify a method exclusively handle any non-POST requests to /oauth/authorize? Or do both methods overlap, with both methods being called for certain requests?
This is probably a Spring MVC question, though the source code on GitHub uses Spring MVC to define what is Spring OAuth2.
Though the complete source code is available on GitHub at the link that the top of this OP, the headers for the two relevant methods are summarized here as follows:
#RequestMapping(value = "/oauth/authorize")
public ModelAndView authorize(Map<String, Object> model, #RequestParam Map<String, String> parameters,
SessionStatus sessionStatus, Principal principal) {
//other stuff
}
#RequestMapping(value = "/oauth/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
public View approveOrDeny(#RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
SessionStatus sessionStatus, Principal principal) {
//other stuff
}
This is already explained in the official documentation: if you provide the values for the method field, they'll be used to narrow down the mapping. In other words: Spring MVC will use these hints to find the most precise match for each request.
It's also easy to build a simple proof-of-concept application that demonstrates it in practice:
#RequestMapping("/foo")
#ResponseBody
public String hello() {
return "hello, default";
}
#RequestMapping(value="/foo", method = RequestMethod.GET)
#ResponseBody
public String helloGet() {
return "hello, GET";
}
Hitting /foo with a GET request, for instance using Postman, will return "hello, GET". All other supported HTTP methods (POST, PUT, DELETE, etc.) will result in "hello, default".
The default method used by Spring request mapping is GET, so if you specify a request mapping with only #RequestMapping annotation, Spring will route all GET requests for the value of the annotation to this method.
To use any other method you basically need to say the method in the annotation. like #RequestMapping(method = RequestMethod.POST)
So for your example the first method will only handle the GET requests, while the other will handle the POST requests exclusively.
Usually GET in OAuth is used for normal interpretations, while the POST is used to authenticate un-authenticated users using the param passed to the method, which in this case is OAuth2Utils.USER_OAUTH_APPROVAL.
How are the two #RequestMapping annotations interpreted?
First of, from http://javatechig.com/java/spring/how-spring-controller-request-mapping-works-in-spring-mvc the default is interpreted as a GET. This is the first distinction. Second the paramaters of both methods are slightly different where method 1 requests a Map<String, String> and the other method Map<String, ?>. So even if both methods were GET, it would still make the distinction on parameter level.
Does the one that specifies POST exclusively handle all POST
/oauth/authorize requests, and does the one that does not specify a
method exclusively handle any non-POST requests to /oauth/authorize?
Or do both methods overlap, with both methods being called for certain
requests?
The POST exclusively handles post and nothing else. The other method only handles GET requests. They never overlap. As is java's law and Spring is still bound by the rules of the java overlords =)
I am trying to understand how to sending HttpSession as a parameter in the spring controller works.
I have a jsp which does a post request on clicking the submit button. In the controller, reading the sessions as follows
In the controller:
public ModelAndView viewEditFundClass(HttpServletRequest request,HttpServletResponse response,Model model){
HttpSession session = (HttpSession)request.getSession();
java.util.Date startDate = sesseion.getAttribute("startDate");
However, when I just change the controller to the following, I am still able to access the session
public ModelAndView viewEditFundClass(HttpServletRequest request,HttpServletResponse response, HttpSession session,Model model)
I would like to know how this is done in Spring, ie how did the post request pass the HttpSession as a parameter? will this session be valid?
Assuming you're using Spring 3+ #Controller and #RequestMapping handler methods, Spring defines a default set of supported argument types for your handlers
Session object (Servlet API): of type HttpSession. An argument of
this type enforces the presence of a corresponding session. As a
consequence, such an argument is never null.
Spring uses the strategy pattern to accomplish this, using the interface HandlerMethodArgumentResolver. It checks the parameter types of your handler methods and, for each type, tries to find a HandlerMethodArgumentResolver that will be able to resolve an argument for it.
For HttpSession, that implementation is ServletRequestMethodArgumentResolver.