如何在JAX-RS中过滤具有无效参数的请求?
[英]How to filter a request that has an invalid parameter in JAX-RS?
问题描述
By "invalid" I mean a parameter that is not expected. 
“无效”是指不期望的参数。
For example: 例如:
@Path("/")
public interface ExampleInterface {
@GET
@Path("/example")
public Response test(
@QueryParam("param1") String param1,
@QueryParam("param2") String param2
);
}
And then I call ".../example?param3=foo" 然后我称之为".../example?param3=foo"
2 个解决方案
解决方案1
10 已采纳 2014-06-25 10:48:54
You can check use a ContainerRequestFilter and compare the passed parameters with the defined parameters: 您可以检查使用ContainerRequestFilter并将传递的参数与定义的参数进行比较:
@Provider
public class RequestParamFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Context
private HttpServletRequest servletRequest;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Set<String> validParams = new HashSet<String>();
Method method = resourceInfo.getResourceMethod();
for (Annotation[] annos : method.getParameterAnnotations()) {
for (Annotation anno : annos) {
if (anno instanceof QueryParam) {
validParams.add(((QueryParam) anno).value());
}
}
}
for (String param : servletRequest.getParameterMap().keySet()) {
if (!validParams.contains(param)) {
requestContext.abortWith(Response.status(Status.BAD_REQUEST).build());
}
}
}
}
Don't forget that ServletRequest#getParameterMap returns a Map which contains both - query string parameters and parameters passed in the body of the request. 不要忘记ServletRequest#getParameterMap返回一个Map,它包含 - 查询字符串参数和在请求正文中传递的参数。 So maybe you need to parse the query string yourself. 所以也许你需要自己解析查询字符串。
Note: This won't speed up your application. 注意:这不会加快您的申请。
解决方案2
4 2015-08-27 03:00:21
Thanks for the accepted answer. 谢谢你接受的答案。 It is very helpful and I also use it. 它非常有用,我也使用它。 I'm providing a modified version, with the following changes: 我正在提供修改后的版本,其中包含以下更改:
- removed the servletRequest coming in via Context Annotation. 删除了通过Context Annotation进入的servletRequest。 This is not needed as the request is a parameter of the filter method itself. 这不是必需的,因为请求是过滤方法本身的参数。
- added the imports, as there can be a lot of consufsion about the diffrent classes with the same name (Method, Annotation, ContainerRequestContext, ...) 添加了导入,因为可以有很多关于具有相同名称的不同类的使用(Method,Annotation,ContainerRequestContext,...)
- also added the name of the missing parameter to the error message 还将错误参数的名称添加到错误消息中
- -
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.Provider;
@Provider
public class UnexpectedParameterFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Set<String> validParams = new HashSet<String>();
Method method = resourceInfo.getResourceMethod();
for (Annotation[] annos : method.getParameterAnnotations()) {
for (Annotation anno : annos) {
if (anno instanceof QueryParam) {
validParams.add(((QueryParam) anno).value());
}
}
}
MultivaluedMap<String, String> queryParameters = requestContext.getUriInfo().getQueryParameters();
for (String param : queryParameters.keySet()) {
if (!validParams.contains(param)) {
requestContext.abortWith(Response.status(Status.BAD_REQUEST).entity("unexpected paramter: "+param).build());
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.