问题
By "invalid" I mean a parameter that is not expected.
For example:
@Path("/")
public interface ExampleInterface {
@GET
@Path("/example")
public Response test(
@QueryParam("param1") String param1,
@QueryParam("param2") String param2
);
}
And then I call ".../example?param3=foo"
回答1:
You can check use a ContainerRequestFilter and compare the passed parameters with the defined parameters:
@Provider
public class RequestParamFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Context
private HttpServletRequest servletRequest;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Set<String> validParams = new HashSet<String>();
Method method = resourceInfo.getResourceMethod();
for (Annotation[] annos : method.getParameterAnnotations()) {
for (Annotation anno : annos) {
if (anno instanceof QueryParam) {
validParams.add(((QueryParam) anno).value());
}
}
}
for (String param : servletRequest.getParameterMap().keySet()) {
if (!validParams.contains(param)) {
requestContext.abortWith(Response.status(Status.BAD_REQUEST).build());
}
}
}
}
Don't forget that ServletRequest#getParameterMap returns a Map which contains both - query string parameters and parameters passed in the body of the request. So maybe you need to parse the query string yourself.
Note: This won't speed up your application.
回答2:
Thanks for the accepted answer. It is very helpful and I also use it. I'm providing a modified version, with the following changes:
- removed the servletRequest coming in via Context Annotation. This is not needed as the request is a parameter of the filter method itself.
- added the imports, as there can be a lot of consufsion about the diffrent classes with the same name (Method, Annotation, ContainerRequestContext, ...)
- also added the name of the missing parameter to the error message
-
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.Provider;
@Provider
public class UnexpectedParameterFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Set<String> validParams = new HashSet<String>();
Method method = resourceInfo.getResourceMethod();
for (Annotation[] annos : method.getParameterAnnotations()) {
for (Annotation anno : annos) {
if (anno instanceof QueryParam) {
validParams.add(((QueryParam) anno).value());
}
}
}
MultivaluedMap<String, String> queryParameters = requestContext.getUriInfo().getQueryParameters();
for (String param : queryParameters.keySet()) {
if (!validParams.contains(param)) {
requestContext.abortWith(Response.status(Status.BAD_REQUEST).entity("unexpected paramter: "+param).build());
}
}
}
}
来源:https://stackoverflow.com/questions/24368144/how-to-filter-a-request-that-has-an-invalid-parameter-in-jax-rs