[英]How to filter a request that has an invalid parameter in JAX-RS?
By "invalid" I mean a parameter that is not expected. “无效”是指不期望的参数。
For example: 例如:
@Path("/")
public interface ExampleInterface {
@GET
@Path("/example")
public Response test(
@QueryParam("param1") String param1,
@QueryParam("param2") String param2
);
}
And then I call ".../example?param3=foo"
然后我称之为".../example?param3=foo"
You can check use a ContainerRequestFilter and compare the passed parameters with the defined parameters: 您可以检查使用ContainerRequestFilter并将传递的参数与定义的参数进行比较:
@Provider
public class RequestParamFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Context
private HttpServletRequest servletRequest;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Set<String> validParams = new HashSet<String>();
Method method = resourceInfo.getResourceMethod();
for (Annotation[] annos : method.getParameterAnnotations()) {
for (Annotation anno : annos) {
if (anno instanceof QueryParam) {
validParams.add(((QueryParam) anno).value());
}
}
}
for (String param : servletRequest.getParameterMap().keySet()) {
if (!validParams.contains(param)) {
requestContext.abortWith(Response.status(Status.BAD_REQUEST).build());
}
}
}
}
Don't forget that ServletRequest#getParameterMap returns a Map which contains both - query string parameters and parameters passed in the body of the request. 不要忘记ServletRequest#getParameterMap返回一个Map,它包含 - 查询字符串参数和在请求正文中传递的参数。 So maybe you need to parse the query string yourself. 所以也许你需要自己解析查询字符串。
Note: This won't speed up your application. 注意:这不会加快您的申请。
Thanks for the accepted answer. 谢谢你接受的答案。 It is very helpful and I also use it. 它非常有用,我也使用它。 I'm providing a modified version, with the following changes: 我正在提供修改后的版本,其中包含以下更改:
- -
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.Provider;
@Provider
public class UnexpectedParameterFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Set<String> validParams = new HashSet<String>();
Method method = resourceInfo.getResourceMethod();
for (Annotation[] annos : method.getParameterAnnotations()) {
for (Annotation anno : annos) {
if (anno instanceof QueryParam) {
validParams.add(((QueryParam) anno).value());
}
}
}
MultivaluedMap<String, String> queryParameters = requestContext.getUriInfo().getQueryParameters();
for (String param : queryParameters.keySet()) {
if (!validParams.contains(param)) {
requestContext.abortWith(Response.status(Status.BAD_REQUEST).entity("unexpected paramter: "+param).build());
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.