1 year ago

#68294

test-img

User27854

Java Jersery: How to handle unwanted Query Parameters for a REST URL

I have written an implementation for the rest API. I have avoided using @QueryParam annotation as I currently need to handle 15 different parameter and the list is likely to grow on time. As an alternative I have decided to go with UriInfo.

The rest api creates a SQL query based on the type parameters. Now, if the user can manipulate this and be able to obtain more than necessary information. How do I restrict such behaviour. while using UriInfo?

@Path("list")
@GET
public List<Todo> getTodos(@Context UriInfo uriInfo){
  MultivaluedMap<String, String> queryParameters = uriInfo.getQueryParameters();
  .
  .
  .
}

The Rest URL's are

http://localhost:9090/hello-todo/api/v1/todo/list

http://localhost:9090/hello-todo/api/v1/todo/list?status=CRITICAL

http://localhost:9090/hello-todo/api/v1/todo/list?status=MAJOR

http://localhost:9090/hello-todo/api/v1/todo/list?status={criticality}&todo.completion.status=completed

http://localhost:9090/hello-todo/api/v1/todo/list?status={criticality}&todo.completion.status=completed&todo.title={title}

http://localhost:9090/hello-todo/api/v1/todo/list?status={criticality}&todo.completion.status=completed&todo.title={title}&todo.startDate={startDate}

Updates

I requirement is the parameters cannot be mixed and match. So, I am forced to create valid list of parameters a single request request can contain. There after for validation, I compare the obtained parameters from the UriInfo queryParamerts and compare it with the list of valid paramerterList.

Eg:

Valid url:

http://localhost:9090/hello-todo/api/v1/todo/list?status={criticality}&todo.completion.status=completed&todo.title={title}&todo.startDate={startDate}

Invalid URL

http://localhost:9090/hello-todo/api/v1/todo/list?status={criticality}&todo.startDate={startDate}

Though status and todo.startDate={startDate} are valid parameters. the combination of status and todo.startDate={startDate} is not valid. Creating a list of list of valid parameters.

public static List<List<String>>  getValidPArameterList(){
    List<List<String>> validParametersList =     new ArrayList<List<String>>();
    
    
    
    ArrayList<String> parameter1 = new ArrayList<String>();
    parameter1.add("status");
    
    
    ArrayList<String> parameter2 = new ArrayList<String>();
    parameter2.add("status");
    parameter2.add("todo.completion.status");
    
    ArrayList<String> parameter3 = new ArrayList<String>();
    parameter3.add("status");
    parameter3.add("todo.completion.status");
    parameter3.add("todo.title");
    
    ArrayList<String> parameter4 = new ArrayList<String>();
    parameter4.add("status");
    parameter4.add("todo.completion.status");
    parameter4.add("todo.title");
    parameter4.add("todo.startDate");
    
    validParametersList.add(parameter1);
    validParametersList.add(parameter2);
    validParametersList.add(parameter3);
    validParametersList.add(parameter4);
    
    
    
    return validParametersList;
            
}



@Path("list")
@GET
public List<Todo> getTodos(@Context UriInfo uriInfo){
  MultivaluedMap<String, String> queryParameters = uriInfo.getQueryParameters();
  boolean validPArameterList =false;
  List<String> queryParametersList = new ArrayList<String>();
  queryParametersList.addAll(queryParametersSet);
  List<List<String>> validParametersList =getValidPArameterList();
  for(List<String> paraList: validParametersList) {
      if(paraList.equals(queryParametersList)) {
        break;
      }
  }
  if(validPArameterList==false) {
      return ERROR.403;
  }

  .
  .
  .
 }

java

rest

web-services

jersey

jax-rs

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs