In my HQL i'm using
queryListBuilder.append(" and f.nom like '%"+ nomFil +"%' ");
nomFil is a string that may contain white spaces between words.
when i send
http://localhost:8080/list?nom=First Last
I got empty result.
Ps: in my DB the value exists in my target table.
is there any way to handel white spaces in request parameters?
You need to encode and decode the query params.
Ref : https://www.baeldung.com/java-url-encoding-decoding
You should encode nomFil if using inside URL,as:
URLEncoder.encode(nomFil, "UTF-8");
See Percent encoding
Percent-encoding, also known as URL encoding, is a mechanism for encoding information in a Uniform Resource Identifier (URI) under certain circumstances. Although it is known as URL encoding it is, in fact, used more generally within the main Uniform Resource Identifier (URI) set, which includes both Uniform Resource Locator (URL) and Uniform Resource Name (URN). As such, it is also used in the preparation of data of the application/x-www-form-urlencoded media type, as is often used in the submission of HTML form data in HTTP requests.
Related
I'm trying to pass some XML into a URL for a service I'm calling, but when I run this, it's giving me an IllegalArgumentException
response = Unirest.post(appSettings.getURL() + "&service=test&xml=<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><test><cid>blah</cid><pw>blah</pw></test>")
Here's the error:
java.lang.IllegalArgumentException: Illegal character in query at index 108: http://test&service=test&xml=%3C?xml version="1.0" encoding="UTF-8" standalone="no"?><test><cid>blah</cid><pw>blah</pw></test>
I think it has something to do with how the XML is getting read in, but I'm having trouble figuring out exactly what.
Spaces are escaped in the URL as %20 and other non alphanumeric characters can be problematic. Try to use UrlEncoder http://docs.oracle.com/javase/8/docs/api/java/net/URLEncoder.html to encode URL parameters:
Unirest.post(appSettings.getURL() + "&service=test&xml=" + URLEncoder.encode("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><test><cid>blah</cid><pw>blah</pw></test>", "UTF-8"))
You can also try URIBuilder https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/utils/URIBuilder.html or other methods Java URL encoding of query string parameters
The XML has slash characters and question mark which are natural part of the URL parameter syntax, but supposedly that's not a problem. Since we are talking about REST, couldn't you pass the XML information along as part of the JSON payload for the request (or response)?
For generic (even binary) URL parameters one hack I can image is to Base64 encode the payload you want to pass (in this case XML), put that in the URL, and on the other end you can Base64 decode it.
Also keep in mind that for security reasons (to block possible web related exploits which often manipulate with huge URLs) browsers, HTTP servers, and frameworks enforce maximum length for the URL. It's in the ballpark of 1-2 kilobytes, so you don't have too much space for XML data.
I am trying to use java.net.HttpURLConnection in order to make a request to a URL like this:
https://example.com/app/?#/something=else&someting2=else2
In order to do this, I need to construct a java.net.url, but the constructor strips away the question mark "?":
java.net.URL url = new URL("https://example.com/app/?#/something=else&someting2=else2");
String string = url.toString();
// String is https://example.com/app/#/something=else&someting2=else2
And when I create the connection with url.openConnection(), I just get a 404.
I get why it does this. It righfully recognizes everything after and including the hash # as a url fragment, which means that the actual url becomes https://example.com/app/?. And then, it just strips the trailing question mark. But I need the URL to be rendered as is.
This is for an Android app.
How can I force HTTPUrlConnection to make the GET request with the question mark in the URL?
In a URL, the part after ? is a query string, and the part after # is a fragment identifier, as you already noted.
While the query string is sent to the server, the fragment identifier is not, so trying to send one does not make sense.
2 possibilities:
if it is a fragment identifier, you don't need to send it and Android's behavior (normalizing the URL) is correct. Stripping the trailing ? (empty query string) should not be a problem as it makes no sense alone (for both server and client). If you want to preserve the fragment in your client code, what you want is to create a URI, use that to display wherever you want, then convert to URL with toURL() when you need to speak with server.
if it is not actually a fragment identifier, it's supposed to be part of the query string, so you need to send a hash sign as part of the URL: in that case, you need to url-encode it to %23, the part after the ? won't be stripped, and the server will know what to do with the encoded %23.
I saw the following comment in Spring JSON messageConverter:
/**
* Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false.
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the
* string, the prefix would need to be ignored.
*/
How does string prefixing work to prevent JSON hijacks?
Contrived example: say Google has a URL like mail.google.com/json?action=inbox which returns the first 50 messages of your inbox in JSON format. Evil websites on other domains can't make AJAX requests to get this data due to the same-origin policy, but they can include the URL via a tag. The URL is visited with your cookies, and by overriding the global array constructor or accessor methods they can have a method called whenever an object (array or hash) attribute is set, allowing them to read the JSON content.
The {} && prevents this: an AJAX request at mail.google.com will have full access to the text content, and can strip it away. But a tag insertion blindly executes the JavaScript without any processing. Since {} is a falsey value the actual response would never be parsed
Other frameworks add different content to the response, like while(1); (example from Google) which causes an infinite loop for a hacker, but we can strip it out on our own site
The addition of the prefix will invalidate the string.
I think you may want to check this Stackoverflow question and comments to it:
Difference between ")]}',\n" and "{} &&" in avoiding json hijacking
The request parameter is like decrypt?param=5FHjiSJ6NOTmi7/+2tnnkQ==.
In the servlet, when I try to print the parameter by String param = request.getParameter("param"); I get 5FHjiSJ6NOTmi7/ 2tnnkQ==. It turns the character + into a space. How can I keep the orginal paramter or how can I properly handle the character +.
Besides, what else characters should I handle?
You have two choices
URL encode the parameter
If you have control over the generation of the URL you should choose this. If not...
Manually retrieve the parameter
If you can't change how the URL is generated (above) then you can manually retrieve the raw URL. Certain methods decode parameters for you. getParameter is one of them. On the other hand, getQueryString does not decode the String. If you have only a few parameters it shouldn't be difficult to parse the value yourself.
request.getQueryString();
//?param=5FHjiSJ6NOTmi7/+2tnnkQ==
If you want to use the '+' character in a URL you need to encode it when it is generated. For '+' the correct encoding is %2b
Use URLEncoder,URLDecoder's static methods for encoding and decoding URLs.
For example : -
Encode the URL param using
URLEncoder.encode(url,"UTF-8")
Back in the server side , decode this parameter using
URLDecoder.decode(url,"UTF-8")
decode method returns a String type of the decoded URL.
Allthough the question is some years old, I'd like to write down how I fixed the problem in my case: the download link to a file is created in a GWT page where
com.google.gwt.http.client.URL.encode(finalurl)
is used to encode the URL.
The problem was that the "+" sign a customer of us had in the filename wasn't encoded/escaped. So I had to remove the URL.encode(finalurl) and encode each parameter in the url with
URL.encodePathSegment(fileName)
I know my question is bound to GWT but it seems, URLEncoder.encode(string, encoding) should be applied to the parameter only aswell.
How can I encode URL query parameter values? I need to replace spaces with %20, accents, non-ASCII characters etc.
I tried to use URLEncoder but it also encodes / character and if I give a string encoded with URLEncoder to the URL constructor I get a MalformedURLException (no protocol).
URLEncoder has a very misleading name. It is according to the Javadocs used encode form parameters using MIME type application/x-www-form-urlencoded.
With this said it can be used to encode e.g., query parameters. For instance if a parameter looks like &/?# its encoded equivalent can be used as:
String url = "http://host.com/?key=" + URLEncoder.encode("&/?#");
Unless you have those special needs the URL javadocs suggests using new URI(..).toURL which performs URI encoding according to RFC2396.
The recommended way to manage the encoding and decoding of URLs is to use URI
The following sample
new URI("http", "host.com", "/path/", "key=| ?/#ä", "fragment").toURL();
produces the result http://host.com/path/?key=%7C%20?/%23ä#fragment. Note how characters such as ?&/ are not encoded.
For further information, see the posts HTTP URL Address Encoding in Java or how to encode URL to avoid special characters in java.
EDIT
Since your input is a string URL, using one of the parameterized constructor of URI will not help you. Neither can you use new URI(strUrl) directly since it doesn't quote URL parameters.
So at this stage we must use a trick to get what you want:
public URL parseUrl(String s) throws Exception {
URL u = new URL(s);
return new URI(
u.getProtocol(),
u.getAuthority(),
u.getPath(),
u.getQuery(),
u.getRef()).
toURL();
}
Before you can use this routine you have to sanitize your string to ensure it represents an absolute URL. I see two approaches to this:
Guessing. Prepend http:// to the string unless it's already present.
Construct the URI from a context using new URL(URL context, String spec)
So what you're saying is that you want to encode part of your URL but not the whole thing. Sounds to me like you'll have to break it up into parts, pass the ones that you want encoded through the encoder, and re-assemble it to get your whole URL.