I'm creating a REST Client in Java with RestTemplate from Spring Framework.
Everything is fine until i have to do a post with postForLocation.
The webservice i'm having access return a json with informations about the POST ACTION.
In PHP it's fine but i really don't understand how to do in Java with RestTemplate.
public String doLogin()
{
Map<String, String> args = new HashMap<String, String>();
args.put("email", AUTH_USER);
args.put("token", AUTH_PASS);
String result = restTemplate.postForLocation(API_URL + "account/authenticate/?email={email}&token={token}", String.class, args);
return result;
}
This returns NULL.
With same code but using getForObject (and of course, changing the URL to something right) I have a full response, i.e. this works:
String result = restTemplate.getForObject(url, String.class);
So... how get the RESPONSE from a postForLocation?
Obs.: Sorry if this question is dumb. I'm beginner in Java
The postForLocation method returns the value for the Location header. You should use postForObject with the String class, which returns the server's response.
So like this:
String result = restTemplate.postForObject(API_URL + "account/authenticate/?email={email}&token={token}", String.class, args);
This will return the response as a string.
Thanks to one of answers i've figured out how get the response from a POST with Spring by using the postForObject
String result = restTemplate.postForObject(API_URL + "account/authenticate/?email="+ AUTH_USER +"&token="+ AUTH_PASS, null, String.class);
For some reason i can't use arguments with MAP and have to put them inline in URL. But that's fine for me.
Related
We're calling an external API that return a simple List, not DTO/Json, like ResponseEntity<List<String>>
In my tests I'm trying to mock the response using mockServer but failed to return the result as List (just String as it not helped me):
mockServer.when(restTemplate.getForObject(any(), any()))
.respond(HttpResponse.response("{\"40\", \"50\"}")
.withStatusCode(200)
.withDelay(TimeUnit.SECONDS, 1));
String user = "user";
String password = "password";
RestTemplate restTemplate = new RestTemplate();
restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor(user, password));
List<String> retList = restTemplate.getForObject(URI, List.class);
I tried with [, ], {, }, none of them, double parenthesis but failed to return the response as List..
Will be glad to know to do that correctly, thanks!
P.s. in the code all works well with the real API, response came as list as well. The issue is only in the tests, the error is:
"Could not extract response: no suitable HttpMessageConverter found
for response type [interface java.util.List] and content type
[application/octet-stream]"
Checkmarx is giving XSS vulnerability for following method in my Controller class.
Specifically: This element’s value (ResultsVO) then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method:
#RequestMapping(value = "/getresults", method = RequestMethod.POST, produces = "application/json")
#ResponseBody
public ResultsVO getConfigResults(#RequestBody ResultsVO resultsVO, HttpServletRequest request)
throws OverrideApplicationException {
String loggedUserId = request.getHeader("USER");
return resultsService.getConfigResults(resultsVO, loggedUserId);
}
The ResultsVO object has a lot of String attributes and I'm just wondering is there an elegant way to encode them to prevent this vulnerabilty.
Try this -- It worked for me :)
resultsVO = SecurityUtil.sanitizeObject(resultsVO, ResultsVO.class);
public static <T> T sanitizeObject(Object object, Class<T> classOfT){
Gson gson = new Gson();
String json = Jsoup.clean(StringEscapeUtils.escapeHtml4(gson.toJson(object)), Whitelist.basic());
return gson.fromJson(json, classOfT);
}
Checkmarx will pass your reported issue. :)
Hope it will help - Upvote if worked
You to need to remove escape characters like Html/Js scripts from it.
You need to use Jsoup and apache-commons library to escape Html/Javascript code.
Example:
String loggedUserId = Jsoup.clean(
org.apache.commons.lang.StringEscapeUtils.escapeHtml(
org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(
request.getHeader("USER")
)));
So I have in my code POST method :
#POST
#Path("/send/{userPost}")
#Consumes(MediaType.APPLICATION_JSON)
#Produces("application/json")
public Response sendUser(#PathParam("userPost") String userPost ) {
List<Post>userPosts = new ArrayList();
Post post = new Post(99,userPost,"Bartek Szlapa");
userPosts.add(post);
User user = new User(99,"Bartek","Szlapa",userPosts);
String output = user.toString();
return Response.status(200).entity(output).build();
}
unfortunately its not working. I'm getting 404 error. Server is configured correctly because other methods work perfectly. Funny thing is that when I remove {userPost} , parameter : #PathParam("userPost") String userPost and send empty request : http://localhost:8080/JavaAPI/rest/api/send it works - I'm getting new User object with null at some fields. Do you know why I cannot send parameter ? Thanks in advance for help! :)
What you are sending is not a path parameter to send your value as a path parameter based on your api , let us say you are trying to send "test"
http://localhost:8080/JavaAPI/rest/api/send/test
if you want to use query params
#POST
#Path("/send")
#Consumes(MediaType.APPLICATION_JSON)
#Produces("application/json")
public Response sendUser(#QueryParam("userPost") String userPost ) {
and your request should be
http://localhost:8080/JavaAPI/rest/api/send?userPost=test
Your "userPost" parameter is not in the Path : localhost:8080/JavaAPI/rest/api/send?=test
You defined this path :
#Path("/send/{userPost}")
So, your URI should be :
localhost:8080/JavaAPI/rest/api/send/test
I'm trying to send a array / list of String to my REST server through Spring RestTemplate.
This is on my android side:
private List<String> articleids = new ArrayList<>();
articleids.add("563e5aeb0eab252dd4368ab7");
articleids.add("563f2dbd9bb0152bb0ea058e");
final String url = "https://10.0.3.2:5000/getsubscribedarticles";
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url)
.queryParam("articleids", articleids);
java.net.URI builtUrl = builder.build().encode().toUri();
Log.e("builtUrl", builtUrl.toString());
The builtUrl is: https://10.0.3.2:5000/getsubscribedarticles?articleids=%5B563e5aeb0eab252dd4368ab7,%20563f2dbd9bb0152bb0ea058e%5D
On the server side:
#RequestMapping(value = "/getsubscribedarticles", method = RequestMethod.GET)
public List<Posts> getSubscribedPostFeed(#RequestParam("articleids") List<String> articleids){
for (String articleid : articleids {
logger.info(" articleid : " + articleid);
}
}
The server logs:
.13:11:35.370 [http-nio-8443-exec-5] INFO c.f.s.i.ServiceGatewayImpl
- articleid : [563e5aeb0eab252dd4368ab7
.13:11:35.370 [http-nio-8443-exec-5] INFO c.f.s.i.ServiceGatewayImpl
- articleid : 563f2dbd9bb0152bb0ea058e]
Which I can see is wrong as the list should not have a '[' on the first item and a ']' on the last item.
I have read this thread How to pass List or String array to getForObject with Spring RestTemplate but it does not actually answer the question.
The selected answer issues out a POST request, but I want to do a GET request , also it requires an additional object to work to hold the list and I would prefer to not create extra objects if I can do it with Spring RestTemplate natively.
Using Java 8, this worked for me :
UriComponentsBuilder builder = fromHttpUrl(url);
builder.queryParam("articleids", String.join(",", articleids));
URI uri = builder.build().encode().toUri();
It forms the URL like:
https://10.0.3.2:5000/getsubscribedarticles?articleids=123,456,789
I would expect that the correct working url is something like:
https://10.0.3.2:5000/getsubscribedarticles?articleids[]=123&articleids[]=456&articleids[]=789
After a quick look at the code of public UriComponentsBuilder queryParam(String name, Object... values), I would solve it by using UriComponentsBuilder this way:
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url)
.queryParam("articleids[]", articleids.toArray(new String[0]));
It is important that, the second parameter is an array but not an Object/Collection!
You did everything correct. You just need to call it without the [].
Just invoke it with .../getsubscribedarticles/articleids=foo,bar,42
I tested this with Spring Boot 1.2.6 and it works like this.
Thanks to dOx for his suggestion - I managed to solve this with the PathVariable - i set the list in my url for android:
final String url = "https://10.0.3.2:5000/getsubscribedarticles/"+new ArrayList<>(articleids);
For my rest server:
#RequestMapping(value = "/getsubscribedarticles/[{articleids}]", method = RequestMethod.GET)
public List<Posts> getSubscribedPostFeed(#PathVariable String[] articleids){
}
I'm trying to create a small Java client that can call a GET webservice with a query. Imagine a gas/fuel webservice like this:
http://mywebservice.com/search.xml?lat=50.5&lng=30.33&fuels=Diesel&radius=2
Ideally I'd have a website where the user can enter information like location, fuel, radius in km and so on.
What technology could I best use to make the webservice calls simpler?
At the moment I'm constructing the query manually like this:
stringbuilder.append("http://mywebservice.com/search.xml?lat=")
.append(latField.getText())
.append("&lng=")
.append(lngField.getText())
.append("&fuels=")
.append(fuelsField.getText())
.append("&radius=")
.append(radiusField.getText());
You get the idea.
I'm questioning: is there anything smarter to call webservice queries? How are you doing this? How could this be improved?
You can use JAX-RS to build/deploy/invoke this REST endpoint easily.
The client may look like:
Client client = ClientBuilder.newClient();
WebTarget target = client.target(".../gas");
MultivaluedHashMap<String, String> map = new MultivaluedHashMap<>();
map.add("lat", "50.5");
map.add("lng", "30.33");
map.add("fuels", "Diesel");
map.add("radius", "2");
target.request().post(Entity.form(map));
A similar client code is at:
https://github.com/arun-gupta/javaee7-samples/blob/master/jaxrs/jaxrs-client/src/main/java/org/javaee7/jaxrs/client/TestJAXRS2Client.java
The endpoint may look like:
#Path("/gas")
public class GasService {
#POST
public String post(#FormParam("lat")String lat, #FormParam("lng")String lng) {
// search based upon lat, lng, etc
}
}
A complete endpoint definition is at:
https://github.com/arun-gupta/javaee7-samples/blob/master/jaxrs/jaxrs-client/src/main/java/org/javaee7/jaxrs/client/MyResource.java
A well known library is:
http://hc.apache.org/httpcomponents-client-4.3.x
It is very simple and flexible.
For your usecase you could do something like:
URI uri = new URIBuilder()
.setScheme("http")
.setHost("www.google.com")
.setPath("/search")
.setParameter("q", "httpclient")
.setParameter("btnG", "Google Search")
.setParameter("aq", "f")
.setParameter("oq", "")
.build();
HttpGet httpget = new HttpGet(uri);
System.out.println(httpget.getURI());
For the full example and more:
http://hc.apache.org/httpcomponents-client-4.3.x/tutorial/html/fundamentals.html#d5e49
I like spring a lot, so I could recommend you rest template :
http://spring.io/blog/2009/03/27/rest-in-spring-3-resttemplate
The example given is :
Map<String, String> vars = new HashMap<String, String>();
vars.put("hotel", "42");
vars.put("booking", "21");
String result = restTemplate.getForObject("http://example.com/hotels/{hotel}/bookings/{booking}", String.class, vars);
To match your question, that could become :
Map<String, String> vars = new HashMap<String, String>();
vars.put("lat", latField.getText());
vars.put("lng", lngField.getText());
vars.put("fuels", fuelsField.getText());
vars.put("radius", radiusField.getText());
String result = restTemplate.getForObject("http://mywebservice.com/search.xml?lat={lat}&lng={lng}&fuels={fuels}&radius={radius}", String.class, vars);
You can write a webservice client using standard frameworks, depending on the type of webservice. For example, Axis2 for SOAP based or Jersey for REST based.
Finally I ended up using org.apache.cxf.jaxrs.client.WebClient as follows:
WebClient.create("http://mywebservice.com/search.xml")
.query("lat", 50.5)
.query("lng", 30.33)
.query("fuels", "Diesel")
.query("radius", 2)
.get(Search.class);