Java 如何检查SpringRestController的未知查询参数?
我有一个基本的rest控制器获取参数 如果查询字符串包含未定义的参数,如何拒绝连接Java 如何检查SpringRestController的未知查询参数?,java,spring,web-services,rest,spring-mvc,Java,Spring,Web Services,Rest,Spring Mvc,我有一个基本的rest控制器获取参数 如果查询字符串包含未定义的参数,如何拒绝连接 @RestController @RequestMapping("/") public class MyRest { @RequestMapping(value = "/{id}", method = RequestMethod.GET) @ResponseBody public String content(@PathVariable id, @RequestParam(value = "pag
@RestController
@RequestMapping("/")
public class MyRest {
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseBody
public String content(@PathVariable id, @RequestParam(value = "page", required = false) int page) {
return id;
}
}
localhost:8080/myapp/123?paggge=1当前调用此url时,只使用id执行该方法,忽略未知的
paggeHttpServletRequest请求String query = request.getQueryString()
在方法体中输入并验证。您可以获得所有传入参数,并以您想要的方式进行处理。 引用spring文档: 在映射或多值映射参数上使用@RequestParam注释时,映射将填充所有请求参数
在控制器方法中,可以包含
@RequestParam Map@RestController
@ExposesResourceFor(Widget.class)
@RequestMapping("/widgets")
public class WidgetController {
@Autowired
ArgsChecker<Widget> widgetArgsChecker;
@RequestMapping(value = "", method = RequestMethod.GET, produces = {"application/hal+json"})
public HttpEntity<PagedResources<WidgetResource>> findAll(@RequestParam @ApiIgnore Map<String, String> allRequestParams, Pageable pageable, PagedResourcesAssembler pageAssembler) {
Set<String> invalidArgs = widgetArgsChecker.getInvalidArgs(allRequestParams.keySet());
if (invalidArgs.size() > 0) {
throw new QueryParameterNotSupportedException("The user supplied query parameter(s) that are not supported: " + invalidArgs + " . See below for a list of query paramters that are supported by the widget endpoint.", invalidArgs, widgetArgsChecker.getValidArgs());
}
package com.widgetstore.api.annotation;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@Retention(RetentionPolicy.RUNTIME)
public @interface Queryable {
}
@Getter
@Setter
public class Widget {
@Queryable
private String productGuid;
@Queryable
private String serialNumber;
private String manufacturer;
@SpringBootApplication
public class StartWidgetApi{
public static void main(String[] args){
SpringApplication.run(StartWidgetApi.class);
}
@Bean(name="widgetArgsChecker")
public ArgsChecker<Widget> widgetArgsChecker(){
return new ArgsChecker<Widget>(Widget.class);
}
//Other ArgsCheckers of different types may be used by other controllers.
@Bean(name="fooArgsChecker")
public ArgsChecker<Foo> fooArgsChecker(){
return new ArgsChecker<Foo>(Foo.class);
}
}
我想分享一种不同的方式,因为我发现ametiste的答案过于手工,mancini0的答案过于冗长 假设您使用Spring框架验证API将请求参数绑定到对象
APIRESQUEST@InitBinder
public void initBinder(WebDataBinder binder, WebRequest request) {
binder.setAllowedFields(ApiRequest.getAllowedRequestParameters());
}
@RequestMapping("/api")
public String content(@Valid ApiRequest request, BindingResult bindingResult) {
return request.getId();
}
public class ApiRequest {
private String id;
public static String[] getAllowedRequestParameters() {
return new String[]{
"id"
};
}
BindingResult String[] suppressedFields = bindingResult.getSuppressedFields();
if (suppressedFields.length > 0) {
// your code here
}
不幸的是,这不起作用,因为只有当查询路径包含
..?query=testvalueHttpServletRequestString query=request.getQueryString()bindingResult {"timestamp": 2017-01-10'T'blahblah, "errorMessage": "The user supplied query parameter(s) that are not supported: ["someUnknownField","someOtherField"]. See below for a list of allowed query parameters." ,
"allowableParameters": ["productGuid","serialNumber"]
}
@InitBinder
public void initBinder(WebDataBinder binder, WebRequest request) {
binder.setAllowedFields(ApiRequest.getAllowedRequestParameters());
}
@RequestMapping("/api")
public String content(@Valid ApiRequest request, BindingResult bindingResult) {
return request.getId();
}
public class ApiRequest {
private String id;
public static String[] getAllowedRequestParameters() {
return new String[]{
"id"
};
}
String[] suppressedFields = bindingResult.getSuppressedFields();
if (suppressedFields.length > 0) {
// your code here
}