java


how to hide params in $http POST method


how to hide params in $http post method . If i use data instead params as in given example , I have change nearly 400 server side request getters from request.getParameter("key") to request.getReader() ;
I have a situation here . We are about to migrate from request.getParameter to request.getReader .
Reason : To remove form parameters from requet URL .
from this : http://localhost:8080/myApp/test.do?test1=abc&test2=def
to this :http://localhost:8080/myApp/test.do
here is what i have achieved .
sample request (old) :
$scope.myJson = {
'abc' : '123',
'def' : '456',
};
$http({
method : 'POST',
url : 'test.do',
param : {
'test1' : $scope.myJson,
},
headers : {
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
}
}). success(function(data, status, headers, config) {
}).
error(function(data, status, headers, config) {
});
sample request new
$scope.myJson = {
'abc' : '123',
'def' : '456',
};
$http({
method : 'POST',
url : 'test.do',
data: {
'test1' : $scope.myJson,
},
headers : {
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
}
}). success(function(data, status, headers, config) {
}).
error(function(data, status, headers, config) {
});
As You can see i have changed param to data .
Server Side (old);
final String myJson= request.getParameter("test1");
Server Side (new) :
StringBuffer jb = new StringBuffer();
String line = null;
try {
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null)
jb.append(line);
} catch (Exception e) {
e.printStackTrace();/*report an error*/ }
try {
JSONObject jsonObj = new JSONObject(jb.toString());
JSONObject jsonObj1 =jsonObj.getJSONObject("test1");
String test1= jsonObj1.toString();
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Is this the way to handle this scenerio ?We Have around 400+ services in application . Any Quick Workaround ?
EDIT 1 :
public class myController extends AjaxBaseController {
#Override
public ModelAndView executeAjaxCall(final HttpServletRequest request, final HttpServletResponse response) {
final String test1= request.getParameter("test1");
final InputParam loginParam = JsonUtil.convertPojo(test1,InputParam .class); // POJO class
//other logics
};
}
I don't think there is any (good) way around changing your controllers (and why on earth are you processing parameters by hand, this is what Spring is for).
In Spring params are parsed into separate method arguments with #RequestParam like this:
public String doWork(#RequestParam("name") String value, .......)
You want to change this so the backend instead receives JSON data, which is Spring are handled using #RequestBody supported by HttpMessageConverter which is chosen based on the posted Context-Type header. And looks like this
public String doWork(#RequestBody MyDto object)
I know the Spring web stack pretty well, and I could probably find a way around this, but it is such a bad idea, and would only give you problems in the future (when some one wants to post a list from JSON), that I will not even try to come up with a solution.
One thing that may make the conversion go faster if you have 400 controller methods, so to skip the DTO step and use a Map like this
public String doRequest(#RequestBody Map<String, String> map) {
String abc = map.get("abc");
String def = map.get("def");
}
First of all, this "hiding" that you are doing is not going to make your API any more secure. If someone can see the HTTP requests, it is not significantly more difficult to see params sent in the body versus those sent in the request URL.
(If you want to hide the params from third parties, use HTTPS. If you want to hide them from the user .... sorry, but that is not possible.)
Assuming that what you are doing is worthwhile, AND you want to keep the recoding effort in changing the server side to a minimum, then I would suggest that you design a utility / helper method that does the equivalent of your "new" server side code. Here is a starting point ...
public JSONObject getRequestParams(Request request) {
StringBuffer jb = new StringBuffer();
String line = null;
try {
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null) {
jb.append(line);
}
} catch (IOException e) {
/*report / handle error*/
}
try {
return = new JSONObject(jb.toString());
} catch (JSONException e) {
/* report / handle error */
}
}
Then your particular example can be coded as:
final JSONObject myJson =
getRequestParams(request).getJSONObject("test1");
Depending on the range of parameters you need to deal with, you could have different helper methods to fetch a single parameter, multiple parameters, handle "optional" and "mandatory" parameters, generate consistent status codes and error reports for the response, and so on.
The general principle is to examine a representative sample of your 400 or so REST API calls, and take the time to design your helper methods so that you can extract parameters concisely and efficiently.
UPDATE - I didn't notice that this was a Spring MVC project. That changes thing considerably. If you use Spring MVC's request mapping infrastructure (properly), that will handle parameters passed in the URL and the body transparently; see Klaus Groenbaek's answer.
You must change queryParameters to FormParam

Related Links

DynamicJasper: how to control text wrapping in column
A wired thing in collide of HashMap in Java
Webriver opening new tab and opening website in new tab - Firefox 50.1.0 and Seleneum 3.0.1
Not able to switch to iframe using Selenium webdriver
Sharing Variables with Concurrency
For loop not looping through list of strings?
Connection class stereotypes
Exception happening randomly on WebSphere 9
new Date() is giving time in UTC in ec2 Instance which is configured as IST
Selenium chromedriver 2.27.440174 don't run the Google Chrome 55.0.2883.87 m
how can I use an adapter to get a specific element of an object if the listview is populated using data coming from server side
Inlcude a file from a specific source folder in Gradle
HSSFRichTextString styling disappear in print preview
#Cache in EclipseLink
Tomcat 8 throws error : 'A child container failed during start'
Get RGB in Java and PHP have different result

Categories

HOME
client
hive
blogger
cookies
homebrew
syntax
bpmn
read-eval-print-loop
c#-2.0
fingerprint
echarts
swagger-ui
autotools
amazon-cloudformation
facebook-php-sdk
node-pdfkit
wheelnav.js
floating-action-button
export-to-csv
static-libraries
visual-studio-2005
fortumo
event-handling
ibm-odm
msp430
django-simple-history
jsdoc
reactive-cocoa
scriptcs
jasonette
cloudhub
cultureinfo
icloud-api
rundeck
tdd
subdomains
c++-amp
gsoap
nouislider
binary-data
scorm2004
grails-3.1
catalog
revolution-slider
automake
withings
jna
gulp-sourcemaps
ibpy
mime
checkboxlist
babel-core
angular-resource
avconv
scrollable
chain-builder
apache-fop
theming
dropbox-php
mu
elgg
imanage
cubes
nested-sets
time-and-attendance
google-feed-api
lttng
hill-climbing
oauth2client
browser-link
kendonumerictextbox
r-tree
reactive-banana
eclipse-clp
django-unittest
createprocessasuser
inmobi
nsmutabledictionary
facebook-graph-api-v2.4
dd
gadt
google-style-guide
titanium-modules
starcluster
expected-exception
picturefill
android-2.2-froyo
app42
prettify
page-layout
quantlib-swig
soundtouch
padarn
wsdl-2.0
simba
quickdialog
coderush
google-email-migration
runas
reddot
subscript
hirefire
gdlib
xfbml
radcombobox
dentrix
jquery-ui-droppable
xsdobjectgen
bespin
procedural-music
private-members
defensive-programming
ugc
.net-1.0

Resources

Database Users
RDBMS discuss
Database Dev&Adm
javascript
java
csharp
php
android
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App