JAX-RS 和未知查询参数
我有一个调用 RESTEasy (JAX-RS) Java 服务器的 Java 客户端。我的某些用户可能拥有比服务器版本更新的客户端版本。
该客户端可能会调用服务器上包含服务器不知道的查询参数的资源。是否可以在服务器端检测到这一点并返回错误?
我知道如果客户端调用服务器上尚未实现的 URL,客户端会收到 404 错误,但是如果客户端传入未实现的查询参数(例如: ?sort_by =姓氏)?
I have a Java client that calls a RESTEasy (JAX-RS) Java server. It is possible that some of my users may have a newer version of the client than the server.
That client may call a resource on the server that contains query parameters that the server does not know about. Is it possible to detect this on the server side and return an error?
I understand that if the client calls a URL that has not been implemented yet on the server, the client will get a 404 error, but what happens if the client passes in a query parameter that is not implemented (e.g.: ?sort_by=last_name)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
是的,你可以做到。我认为最简单的方法是使用@Context UriInfo。您可以通过调用
getQueryParameters()方法获取所有查询参数。这样您就知道是否有任何未知参数并且可以返回错误。如果您没有实现处理“未知”参数的特殊支持,则将调用资源并且该参数将被默默地忽略。
我个人认为忽略未知参数更好。如果您忽略它们,可能有助于使 API 向后兼容。
Yes, you can do it. I think the easiest way is to use
@Context UriInfo. You can obtain all query parameters by callinggetQueryParameters()method. So you know if there are any unknown parameters and you can return error.If you implement no special support of handling "unknown" parameters, the resource will be called and the parameter will be silently ignored.
Personally I think that it's better to ignore the unknown parameters. If you just ignore them, it may help to make the API backward compatible.
您绝对应该检查 JAX-RS 过滤器 (org.apache.cxf.jaxrs.ext.RequestHandler) 来拦截、验证、操作请求,例如用于安全性或验证查询参数。
如果您使用注释声明了所有参数,您可以解析 web.xml 文件中的资源类名称(请参阅下面可能的正则表达式),并使用完全限定的类名称来访问方法的声明注释(例如 javax.ws.rs.GET )和方法参数(如 javax.ws.rs.QueryParam)来扫描所有可用的 Web 服务资源 - 这样您就不必手动将所有资源类添加到过滤器中。
将此信息存储在静态变量中,因此您只需在第一次点击过滤器时解析这些内容即可。
在过滤器中,您可以访问传入请求的 org.apache.cxf.message.Message。查询字符串很容易访问 - 如果您还想验证表单参数和多部分名称,则必须重新读取消息内容并将其写回到消息中(这有点令人讨厌,因为您必须处理多部分边界等) 。
为了“索引”资源,我只需采用 HTTP 方法并附加路径(然后将其用作访问声明的参数的键。
您可以使用 ServletContext 读取 web.xml 文件。为了提取资源类,此正则表达式可能会乐于助人
You should definitely check out the JAX-RS filters (org.apache.cxf.jaxrs.ext.RequestHandler) to intercept, validate, manipulate request, e.g. for security or validatng query parameters.
If you declared all your parameters using annotations you can parse the web.xml file for the resource class names (see possible regex below) and use the full qualified class names to access the declared annotations for methods (like javax.ws.rs.GET) and method parameters (like javax.ws.rs.QueryParam) to scan all available web service resources - this way you don't have to manually add all resource classes to your filter.
Store this information in static variables so you just have to parse this stuff the first time you hit your filter.
In your filter you can access the org.apache.cxf.message.Message for the incoming request. The query string is easy to access - if you also want to validate form parameters and multipart names, you have to reas the message content and write it back to the message (this gets a bit nasty since you have to deal with multipart boundaries etc).
To 'index' the resources I just take the HTTP method and append the path (which is then used as key to access the declared parameters.
You can use the ServletContext to read the web.xml file. For extracting the resource classes this regex might be helpful