URL injection via @PathParam, @FormParam, @QueryParam

JAX-RS lets you pull information from the http request and use it in the service processing. We will take a look at below annotations and understand that process better

@PathParam
Take a look at the @path annotation for the service method  below. The values
 for the method parameters first and last come from the url path if it matches. JAX-RS inspects the matching url and injects the values to the method parameters for you.


1
2
3
4
5
6
7
8
9
@Path("/")
public class CustomerResource {
 @GET
 @Path("customers/{firstname}-{lastname}")
 public String getCustomer(@PathParam("firstname") String first,
 @PathParam("lastname") String last) {
 ...
 }

@QueryParam
The @javax.ws.rs.QueryParam annotation allows you to inject individual URI query parameters into your Java parameters. For example, let’s say we wanted to query a customer database and retrieve a subset of all customers in the database. Our URI mightlook like this:
GET /customers?start=0&size=10

The start query parameter represents the customer index we want to start with and the size query parameter represents how many customers we want returned. The JAX-RS service that implemented this might look like this:
1
2
3
4
5
6
7
8
9
@Path("/customers")
public class CustomerResource {
@GET
@Produces("application/xml")
public String getCustomers(@QueryParam("start") int start,
@QueryParam("size") int size) {
...
}
}

@FormParam
The @javax.ws.rs.FormParam annotation is used to access application/x-www-formurlencoded request bodies. In other words, it’s used to access individual entries posted by an HTML form document. For example, let’s say we set up a form on our website to register new customers:


1
2
3
4
5
6
7
<FORM action="http://example.com/customers" method="post">
<P>
First name: <INPUT type="text" name="firstname"><BR>
Last name: <INPUT type="text" name="lastname"><BR>
<INPUT type="submit" value="Send">
</P>
</FORM>
We could post this form directly to a JAX-RS backend service described as follows:


1
2
3
4
5
@POST
public void createCustomer(@FormParam("firstname") String first,
@FormParam("lastname") String last) {
...
}
Here, we are injecting firstname and lastname from the HTML form into the Java parameters first and last. Form data is URL-encoded when it goes across the wire. When using @FormParam, JAX-RS will automatically decode the form entry’s value before injecting it.

@HeaderParam
The @javax.ws.rs.HeaderParam annotation is used to inject HTTP request header values. For example, what if your application was interested in the web page that referred to or linked to your web service? You could access the HTTP Referer header using the @HeaderParam annotation:

1
2
3
4
5
6
7
8
@Path("/myservice")
public class MyService {
@GET
@Produces("text/html")
public String get(@HeaderParam("Referer") String referer) {
...
}
}

The @HeaderParam annotation is pulling the Referer header directly from the HTTP request and injecting it into the referer method parameter.












No comments:

Post a Comment