I am using CXF - Rest service.
#GET
#Produces({"application/xml", "application/json"})
#Path("/search/")
R findUser(#QueryParam("email") String email);
I am invoking the GET call from Postman or cURL, something like this
http://localhost:8080/rest-service/search/?email=test+1#gmail.com
But when I debug the email field, I am getting the data field as test 1#gmail.com. I guess somewhere URL decoding is happening and because of that + is getting disappeared? How do I configure CXF/service to not to alter the URL parameters
Add the #Encoded annotation to your method which will disable the automatic decoding of parameters. See here
Disables automatic decoding of parameter values bound using
QueryParam, PathParam, FormParam or MatrixParam. Using this annotation
on a method will disable decoding for all parameters. Using this
annotation on a class will disable decoding for all parameters of all
methods.
Related
I use org.springframework.security.web.csrf.CookieCsrfTokenRepository to secure my spring based web application from CSRF attacks. This enables all the Controller methods to be called only by passing a X-XSRF-TOKEN header or a _csrf request parameter.
So in order for me get the response of a GET URL in browser, I will have to write something like the below in browser address bar.
http://localhost:8080/api/someresource?_csrf=99e3b824-d0c9-409d-91ee-c7ccbdce313f&filter1=value1&filter2=value2&so=on
However, Some of these urls have filter mechanism based on the request parameters and unfortunately this extra _csrf parameter breaks that logic.
As I see it, this request parameter should be needed if the request had passed the csrf validation. But I couldn't do anything in the documentation to remove the _csrf request parameter on the application level.
At the moment, I do something like below.
#ResponseStatus(OK)
#RequestMapping(method = RequestMethod.GET, value = "/search/advanced")
#ResponseBody
public ResponseVO advancedSearch( #RequestParam MultiValueMap<String, String> queryParameters, Pageable pageable) {
queryParameters.remove(MyApplicatonConstants.CSRF_PARAM_NAME); //this line is the hack that I wrote
return doStuffAndGetFilteredData(queryParameters);
}
This implementation has its drawbacks.
I will have to change all 143 controller methods to have this one line on the top.
I have to remember to add this for new methods in future.
it's a cheap hack and there should be some better and cleaner way of doing it.
Is there a way I can acheive this without rewriting that one line again and again?
Note:
I fully understand that I can use CURL or Postman so I can pass X-XSRF-TOKEN in header. But it's not as quick as opening the URL in a new tab.
Trying to allow forward slashes using JAX-RS #PathParam. What happens is that it takes the backend of the value and not the whole value. Example below
METHOD CODE
#PUT
#POST
#Path("/temp/{keyValue:.+}")
#Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public void setValues(#PathParam("keyValue") PathSegment myvalue) {
for (String key : myvalue.getMatrixParameters().keySet()) {
System.out.println(batch)
}
TEST URL
https://localhost:8443/*path*/temp/keyValue;key1=THIS/SUCKS
RESULT
batch = SUCKS
DESIRED RESULT
batch = key1=THIS/SUCKS
I have tried changing the regex in the method signature and I can not make this work. If things are url encoded, I am able to get it pass through with the %2F. However, if I change my Apache httpd to AllowEncodedSlashes On, it would break the rest of my site. Any ideas on what it could be?
I am running httpd -> tomcat -> restService (JAX-RS)
I couldn't get this to work correctly, so I rewrote it so that it accepts a string that is converted to a JSON object. Sending parameters in a URL string is a bad idea because URLs have a character limit. I am now sending it as data in an AJAX call.
In RESTful web services written using Jersey, I know I can access path parameters and query string parameters using #PathParam and #QueryParam annotaions. But in a web service written by someone else I saw a method like below.
#POST
#Path("/sms/receive")
#Consumes("application/json")
#Produces("application/json")
public Response smsReceive(String jsonBody) {
//Code here...
}
There is no #PathParam or #QueryParamannotation before the argument jsonBody.
Can anybody explaing what this argument means and how to set value for it when calling this service.
Can I use multiple parameters without annotations?
Thanks.
The service above does not handle query or path parameters at all.
It #Consumes JSON input. That's what the method's parameter jsonBody is referring to.
If someone would want to instruct this service he would add a json payload to the http request which the service (in this case) receives as a simple String. The String then needs to be parsed.
Of course you can combine Path/Query Parameters with JSON Payloads.
I've REST-based service on resygwt with API like this:
#Path("/search")
#GET
List<User> search(#QueryParam("login") String loginMask) throws RemoteException;
And I receive "malformed URI sequence" for this request:
http://devsys23:8080/rest/search?login=%25spa%20ce%25
This is rather strange, since in JavaDoc mentioned, that such requests should be supported by default:
Binds the value(s) of a HTTP query parameter to a resource method parameter,
resource class field, or resource class bean property.
Values are URL decoded unless this is disabled using the {#link Encoded}
annotation. A default value can be specified using the {#link DefaultValue}
annotation.
I've try to edit tomcat connector in server.xml with useBodyEncodingForURI and URIEncoding="UTF-8". Also org.springframework.web.filter.CharacterEncodingFilter was included and forceEncoding set, but it still doesn't work =(
What should I do to specify that login param should be decoded?
Thank you for your advice if any.
If you want to decode the value, you can create a ContainerResponseFilter, register it in your ResourceConfig and do something like
String loginValue= queryParams.get("login");
loginValue= URLDecoder.decode(loginValue, "UTF-8");
Maybe RestyGWT is encoding all the params by default.
Need to ask on the restyGWT google discussion : https://groups.google.com/forum/#!forum/restygwt
I am currently working on a project which was maintained by some other team and now i need to maintain it. While i was going through the project i found some thing below:
In jax-rs controller it was annotated by #Consumes(MediaType.APPLICATION_JSON) but the method takes request body as String rather than JSON. Then what is the use of the annotation? Does it help in content negotiation anyway?
#Consumes(MediaType.APPLICATION_JSON)
#Produces(MediaType.APPLICATION_JSON)
public Response createCake(final String requestBody){.......}
How it is converting a JSON body to string?
My technology stack if it anyway helps to answer:
JAX-RS
Spring 3.2
Jersey 2.4
The #Consumes serves the following purpose. It restricts the mapping for your handlers. For example, you may have two handlers for the path /resource, one mapped to consume XML and the other mapped to consume json. The dispatcher will choose the right one based on the request's content-type.
The parameter type can be anything as long as there is an appropriate converter for the specified media type to the parameter type itself. In this case, there's very likely a converter from any media type to String.