How can I get the fragment (value hash '#') from a URL using Jersey #PathParameter?
#Path("Step2")
public class AdResource {
#GET
#Produces(MediaType.APPLICATION_JSON)
#Path("/{password:.+}/")
public String doResc(#PathParam("password") String pwd){
System.out.println(pwd);
}
My URL is http://localhost:8080/Sample/webapi/Step2/Password#12#
but the password will be display "Password#12" only the hash(#) is missing..
Try to encode/decode the url.
for javascript:
encodeURI(uri)
then decode it in java using URLDecoder
Since you seem to have a hash in your actual value, and it's not meant to be a fragment, it needs to be encoded before sending. URL encoding is the proper way to do it (like the other answer suggests).
Note also that there are other issues sending password in the url, such as it will be stored in different access logs, it will be part of browser url history etc. Usually you should not send it that way. Prefer POST body.
Related
I have this quarkus rest api:
#ApplicationScoped
#RegisterRestClient(configKey = "s-api")
#RegisterProvider(LoggingFilter.class)
public interface MyClientAdapter {
#GET
#Produces(MediaType.TEXT_PLAIN)
String search(#QueryParam("lodis") double lodis,
#QueryParam("secTcn") String secTcn);
the api works well, but in case I pass this value to the method ussu%os, the rest client encodes it to 'ussu%25os':
restClient.search(28322.2, "ussu%os")
As a result of that the endpoint returns nothing.
So my question is how can I disable that encoding for the queryparam secTcn?
The behaviour of your client is correct - % sign is a reserved character in URIs -see RFC3986. Therefore any client, that wants to pass % in the URI must encode it, resulting in %25 being sent to the server.
It is up to the provider of that API endpoint, to correctly decode the query params to their string literal values. If the provider is Jax-rs, then check the #Encoded annotation, whether the values are passed decode or raw.
I am a little bit frustrated. I do not know how I can validate the http header. So let me give you a little bit of background:
I have an android app. The android app is calling my web service and the web service is handling the connection with the database.
I am sending a token in the header of my app to the web service. In addition to that I am sending the data in a JSON format. So for instance my app will send something like that
Header
token: xyz
{"username":"abc","postMessage":"hello world"}
In the webservice I want to validate the token. So I created this method `
public String headerInfo(#Context HttpHeaders httpHeaders){
String token = httpHeaders.getRequestHeader("token").get(0);
return cacheControl.toString(); }
In my other method I am calling this method, but of I am not able to add the right parameters here, so I am receiving NULL as a response.
My method looks (for testing purpose) like that:
#GET
#Path("/validate")
public Response validation(String json){
//... get username and post from the json object, for testing I added the key token as well...//
String token = jsonObj.getString("token");
String headerToken = headerInfo();
//...compare token and headerToken...//
return Response... }
Thanks,
Jan
it was pretty easy in the end. Maybe it will help someone.
I just needed to add the HeaderParam in my method and I could access it.
#HeaderParam("content-type") String ct
I've made a function in java which sends a HTML e-mail with a link to the user.
It works perfectly in all e-mail clients except for GMail.
When clicked, GMail redirects the link via Google and reformats the link parameters like so:
Orignal Link
https://www.mylink.com/page.html?id=0&role=admin
To
Formatted Link
https://www.google.com/url?q=https://www.mylink.com/page.html?id%3D0%26role%3Dadmin
As you can see, the url parameters are in a weird format so I can't get these parameters out of the url with my javascript function.
Is there any way to prevent this?
Thanks for your help in advance.
The url you're seeing is encoded, in Java you can get the unencoded URL with URLDecoder.decode:
String url = "https://www.google.com/url?q=https://www.mylink.com/page.html?id%3D0%26role%3Dadmin";
System.out.println(URLDecoder.decode(url, "UTF-8"));
This prints:
https://www.google.com/url?q=https://www.mylink.com/page.html?id=0&role=admin
Javascript also has the function to do this, it's called decodeURI().
I have created a GET/POST API using Spring boot which has a http url parameter say refid. Now this parameter is already encoded before invoking GET/POST request
e.g. http://localhost:8080/users/TESTFNkJXiQAH%2FJBKxigBx
But, when I deploy this through Spring Boot, the encoded refid is encoded again and the refid changes. i.e. it becomes:
http://localhost:8080/users/TESTFNkJXiQAH%252FJBKxigBx
I want to suppress this 2nd encoding by Spring boot. Can anyone advise here?
Don't know if you are still having this problem or you found out why it's happening, but because I was trying to explain to someone the phenomenon, I looked if there is already a good explanation. But since you also ask and I didn't find any, here is my answer.
So you encode your refid
TESTFNkJXiQAH%2FJBKxigBx
before you send it through the url, which then you give into a browser. Now this is only the encoded refid. When you call it through a URL directly you have to encode it again, according to the HTML URL encoding standards. That’s why the double escape. Also read this. E.g. so if your refid looks like this
test%123
and you encode it you turn it into
test%25123
now if you also want to pass it through a url on the browser you'd have to encode it again.
test%2525123
But if a service A is using this service and service A encodes this refid properly then you wont have this problem. It's happening only because you are trying to call this api endpoint through the browser.
Of course I take for granted that you are doing this:
String decoded = URLDecoder.decode(refid, "UTF-8");
in your controller
Pass the decoded URL in first place instead of doing inconvenient things to stop double encoding.
You get already decoded field in rest controller.
Example if you pass www.xyz.com?name=nilesh%20salpe
you will get value of param name as "nilesh salpe" and not "nilesh%20salpe"
This is a basic example of URLDecoder:
#RequestMapping(value = "/users/{refId}", method = GET)
public void yourMethod(#PathVariable("refId") String refId) {
// This is what you get in Spring Boot
String encoded = refId; //"TESTFNkJXiQAH%252FJBKxigBx"
String decoded = URLDecoder.decode(encoded, "UTF-8");
System.out.println(decoded);
// Result TESTFNkJXiQAH%2FJBKxigBx
}
I am planning a URL rewriter/encoder (maybe rewriter is a better term). The main purpose is to hide the exact URL from the client, since if he is smart enough, he can figure out how to mess up the application.
The URL encoder would be an injective function f(x) = y. The decoder would be the inverse function of f, say g such that g(y) = x. This way I can encode and decode my URLs.
A URL like:
http://www.myapp.com/servlet/myapp/template/MyScreen.vm/action/MyAction
would be encoded to something like:
http://www.myapp.com/uyatsd6787asv6dyuasgbdxuasydgb876876v
It does not matter what is in the encoded URL as far as it is not understandable.
The problem is that I do not know how to manipulate the URL that the browser displays. I am using JBoss as a servlet container and Turbine servlet as the web application framework.
I would need a module that receives the encoded URL, decodes it, passes it to Turbine, then it modifies the response's URL to show the encoded URL again.
Previous attempts to solve the problem:
I have created a servlet filter, but I can not access the URL since the filter receives a ServletRequest that is a JBoss implementation. As far as I have read it seems that a servlet filter is not a good choice for manipulating the URL.
Maybe you could do something like write a servlet that accepts the initial request, decodes the URL, and then internally forwards to your existing servlet.
For example, have a servlet that will accept:
www.myapp.com/enc/uyatsd6787asv6dyuasgbdxuasydgb876876v
This servlet could be set to handle requests that begin with /enc/ or some other marker to indicate that the URL needs to go to the decoder servlet. It would decode to the URL to:
/servlet/myapp/template/MyScreen.vm/action/MyAction
and then internally forward to this URL on your existing servlet using something like:
getServletContext().getRequestDispatcher(decoded_url).forward(req, res);