java


how to hide params in $http POST method


how to hide params in $http post method . If i use data instead params as in given example , I have change nearly 400 server side request getters from request.getParameter("key") to request.getReader() ;
I have a situation here . We are about to migrate from request.getParameter to request.getReader .
Reason : To remove form parameters from requet URL .
from this : http://localhost:8080/myApp/test.do?test1=abc&test2=def
to this :http://localhost:8080/myApp/test.do
here is what i have achieved .
sample request (old) :
$scope.myJson = {
'abc' : '123',
'def' : '456',
};
$http({
method : 'POST',
url : 'test.do',
param : {
'test1' : $scope.myJson,
},
headers : {
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
}
}). success(function(data, status, headers, config) {
}).
error(function(data, status, headers, config) {
});
sample request new
$scope.myJson = {
'abc' : '123',
'def' : '456',
};
$http({
method : 'POST',
url : 'test.do',
data: {
'test1' : $scope.myJson,
},
headers : {
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
}
}). success(function(data, status, headers, config) {
}).
error(function(data, status, headers, config) {
});
As You can see i have changed param to data .
Server Side (old);
final String myJson= request.getParameter("test1");
Server Side (new) :
StringBuffer jb = new StringBuffer();
String line = null;
try {
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null)
jb.append(line);
} catch (Exception e) {
e.printStackTrace();/*report an error*/ }
try {
JSONObject jsonObj = new JSONObject(jb.toString());
JSONObject jsonObj1 =jsonObj.getJSONObject("test1");
String test1= jsonObj1.toString();
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Is this the way to handle this scenerio ?We Have around 400+ services in application . Any Quick Workaround ?
EDIT 1 :
public class myController extends AjaxBaseController {
#Override
public ModelAndView executeAjaxCall(final HttpServletRequest request, final HttpServletResponse response) {
final String test1= request.getParameter("test1");
final InputParam loginParam = JsonUtil.convertPojo(test1,InputParam .class); // POJO class
//other logics
};
}
I don't think there is any (good) way around changing your controllers (and why on earth are you processing parameters by hand, this is what Spring is for).
In Spring params are parsed into separate method arguments with #RequestParam like this:
public String doWork(#RequestParam("name") String value, .......)
You want to change this so the backend instead receives JSON data, which is Spring are handled using #RequestBody supported by HttpMessageConverter which is chosen based on the posted Context-Type header. And looks like this
public String doWork(#RequestBody MyDto object)
I know the Spring web stack pretty well, and I could probably find a way around this, but it is such a bad idea, and would only give you problems in the future (when some one wants to post a list from JSON), that I will not even try to come up with a solution.
One thing that may make the conversion go faster if you have 400 controller methods, so to skip the DTO step and use a Map like this
public String doRequest(#RequestBody Map<String, String> map) {
String abc = map.get("abc");
String def = map.get("def");
}
First of all, this "hiding" that you are doing is not going to make your API any more secure. If someone can see the HTTP requests, it is not significantly more difficult to see params sent in the body versus those sent in the request URL.
(If you want to hide the params from third parties, use HTTPS. If you want to hide them from the user .... sorry, but that is not possible.)
Assuming that what you are doing is worthwhile, AND you want to keep the recoding effort in changing the server side to a minimum, then I would suggest that you design a utility / helper method that does the equivalent of your "new" server side code. Here is a starting point ...
public JSONObject getRequestParams(Request request) {
StringBuffer jb = new StringBuffer();
String line = null;
try {
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null) {
jb.append(line);
}
} catch (IOException e) {
/*report / handle error*/
}
try {
return = new JSONObject(jb.toString());
} catch (JSONException e) {
/* report / handle error */
}
}
Then your particular example can be coded as:
final JSONObject myJson =
getRequestParams(request).getJSONObject("test1");
Depending on the range of parameters you need to deal with, you could have different helper methods to fetch a single parameter, multiple parameters, handle "optional" and "mandatory" parameters, generate consistent status codes and error reports for the response, and so on.
The general principle is to examine a representative sample of your 400 or so REST API calls, and take the time to design your helper methods so that you can extract parameters concisely and efficiently.
UPDATE - I didn't notice that this was a Spring MVC project. That changes thing considerably. If you use Spring MVC's request mapping infrastructure (properly), that will handle parameters passed in the URL and the body transparently; see Klaus Groenbaek's answer.
You must change queryParameters to FormParam

Related Links

Invalid HTML in jsp page
What i am doing wrong ? (writing dummy activity and call it via c#)
Spring Boot : Describe Applicaiton Context Graphically or Text Listing
What is the proper way to specify a xsd within a spring bean.xml
Passing an interface implementation as a Spring #RequestBody argument
Struggling to find point of intersection using two lines in y = mx + b form
AppCompatImageView cannot be cast to my class
Spring MVC HTTP Status 400 - Bad Request
CXF log4j doesn't work since migrating from cxf 2.2.3 to 2.7.17
Use session bean to hold datasource connection [duplicate]
Encrypt of an audio stream in AES from android-client to java-server
Can't create Spring Data Event Listener in Kotlin
Exception arose when storing the arraylist into the array
Spring Integration WS Gateway with Empty Response
Using both PropertyPlaceholderConfigurer and PropertySource
integrate push notifications for android with localytics

Categories

HOME
image
date
vbscript
ngrx
comparison
office365api
spagobi
v8
angular-ui-bootstrap
ravendb
android-youtube-api
facebook-messenger-bot
python-unittest
dynamics-crm-online
django-simple-history
serilog
pugjs
textfield
scichart
nodatime
jprofiler
opencover
accessor
wkwebview
claims-based-identity
emgucv
one-to-many
qhull
underflow
fluentvalidation
bpel
iframe-resizer
key-value-observing
google-cloud-endpoints-v2
semantic-versioning
titanium-mobile
contact-form
fog
mapbox-gl
sequential
picasso
catalog
fusionpbx
jquery-bootgrid
space-complexity
libraries
elasticsearch-plugin
g-code
glew
mime
modelmapper
eclipse-gef
businessworks
hendrix
pnotify
blogengine.net
dotnetzip
rdfs
aurelia-validation
windows-mobile-6.5
gcsfuse
grails-tomcat-plugin
vmware-tools
bonobo
url-masking
qpid
gridview-sorting
independentsoft
two-factor-authentication
associative-array
ios8-today-widget
teamcity-8.0
muse
ibaction
appfabric-cache
python-green
website-monitoring
tween
fpml
device-manager
titanium-modules
bitcoinj
p4java
ccss
inbox
browser-detection
cascalog
hosts-file
reddot
coredump
sql-server-profiler
createwindow
simpletest
text-coloring

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App