I am a front-end web developer trying to learn more about the back-end. Currently I just want to read in a local JSON file and expose it in a REST service to be parsed by AngularJS (does that make sense?). I believe I have the servlet set up correctly, but am not sure about how I am approaching this from a Java perspective. It's worth noting that I'm a JavaScript programmer. There are two methods that I am trying to decide between.
The following methods are contained in the class
#Path("/")
public class JsonRESTService {
.....
}
First method
#GET
#Path("/jsonService")
#Consumes("application/json")
#Produces("application/json")
public Response jsonREST(InputStream incomingData) {
StringBuilder jsonBuilder = new StringBuilder();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(incomingData));
String line = null;
while((line = in.readLine()) != null) {
jsonBuilder.append(line);
}
} catch(Exception e) {
System.out.println("Error Parsing: - ");
}
System.out.println("Data Received: " + jsonBuilder.toString());
return Response.status(200).entity(jsonBuilder.toString()).build();
}
Second Method: not sure what to return.
#GET
#Path("/jsonService")
#Consumes("application/json")
#Produces("application/json")
public Response jsonREST(InputStream incomingData) {
JSONParser parser = new JSONParser();
try {
Object obj = parser.parse(new FileReader("C:/files/flat.json"));
JSONObject jsonObject = (JSONObject) obj;
} catch(Exception e) {
e.printStackTrace();
}
}
web.xml servlet mapping
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
So this should be exposed to http://localhost:8080/myapp/rest/jsonService. I got some of this code from a tutorial, but it seems like I want to have a method that returns a JSONObject instead of a Response. Is that correct? Am I on the right track, or is there a really good example of what I am trying to do that I haven't found yet?
There are multiple ways of doing it. You can try this way in the second method
Change the return type to String and return the value of JSONObject as a String using
return jsonObject.toString();
In the client side, Angular JS services - you can convert the String into JSON object through
var obj = JSON.parse(text);
So, now obj is a JSON object which you can use it for further processing.
if you are a JavaScript developer and getting started quickly is the goal, then I would recommend you checkout
http://www.dropwizard.io/getting-started.html
There are a few advantages here
a) much of the server infrastructure stuff is hidden away
b) you can focus on your implementation details
c) no need to figure out how to deploy this etc, it comes with a server built in.
To answer your question about the return type - the server will return javax.ws.rs.core.Response - or some other variation of a Response object. This encapsulates things like HTTP Status codes http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html .
Therefore in order to send a simple response back you may use something like :
return Response.accepted().entity(String.format("{\"JSON\" : \"%s\"}",value)).build();
Replace the string with a JSON string read from file system or generate the JSON from object - what ever your pick of poison is.
Related
I am using the below code for sanitizing the JSON but still, I am getting the JSON injection while scanning from Fortify can you please help me out what is the problem or this is not an issue, maybe suppress. I have also looked out for the same question but those don't solve my problem . my problem is that I am sanitizing my JSON before converting it to java object but still I am getting JSON injection error in fortify
public String handleEventMessage(String jsonRequest) {
MonerisPaymentDetailsObject paymentObject = null;
if(null!=jsonRequest && jsonRequest.length()>0){
try{
paymentObject = mapper.readValue(JsonSanitizer.sanitize(jsonRequest), MonerisPaymentDetailsObject.class);
}catch(Exception ex){
logger.error("Error occured while converting MonerisPaymentDetailsObject json to Object :" , ex);
}
return "abc";
}
Fortify giving below description for this error
1. Data enters a program from an untrusted source.
In this case the data enters at readLine() in EPWFPaymentServicesServlet.java at line 49.
2. The data is written to a JSON stream.
In this case the JSON is written by readValue() in EPWFMonerisPaymentsServiceHandler.java at line 46.
EPWFPaymentServicesServlet.java code where data is entered
#Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
CodeTimer timer = new CodeTimer("EPWFPaymentServicesServlet.doPost()", true);
response.setContentType("text/xml");
BufferedReader reader = new BufferedReader(new InputStreamReader(request.getInputStream()));
StringBuffer requestBuffer = new StringBuffer(request.getContentLength());
String line = null;
while ((line = reader.readLine()) != null) {
requestBuffer.append(line).append('\n');
}
// read the POST request contents
String requestString = requestBuffer.toString();
if (logger.isDebugEnabled()) {
logger.debug("EPWF Payment Service POST Request: \n" + ((requestString == null) ? "Null" : requestString.substring(0, 9)));
}
PaymentServiceHandlerComposit paySvcHandler = new PaymentServiceHandlerComposit();
String responseString =paySvcHandler.handleEventMessage(requestString);//line no 49 where fortify is giving description for class where i am sanitizing the data
if (logger.isDebugEnabled()) {
logger.debug("EPWF Payment Service POST Response: \n" + ((responseString == null) ? "Null" : requestString));
}
response.getOutputStream().print(responseString);
timer.stopAndLogTiming("");
}
Given that you are using a new up-to-date version of jackson, there should be no need to pre-sanitise or alter your data at all before handing it off to jackson.
Jackson will only accept and parse valid JSON, as new exploits and vulnerabilities are discovered, the maintainers of Jackson fix and release new versions. and the best you can do is to keep up to date with these versions.
If the above conditions are met, you can safely suppress this error from fortify, the chance that there is a bug in your custom sanitizer is way higher than the chance of there being one in Jackson
I am using Rest Assured Framework for API testing(Using Java).
At line (1),I am expecting error as there is mismatch in expected JSON response and Actual JSON response
But instead my code is executing successfully.
Can someone please tell me if I am doing anything wrong in below code?
public void test123() {
try {
//Read the Curl Request Input file
String json = input.readFromTextFile(
System.getProperty("user.dir") + "\\src\\test\\resources\\inputFile\\CurlDataFile.txt");
json = json.replaceAll(" ", "");
RestAssured.baseURI = "My URL";
given().
contentType("application/json").
body(json).
when().
post("").
then().
assertThat().body(matchesJsonSchemaInClasspath("testCurlOuput1.json")); (1)
} catch (IOException e) {
e.printStackTrace();
}catch(JsonSchemaValidationException e){
e.printStackTrace();
}
}
This is not directly relevant to REST-assured, but I suggest you take a look at Karate, because IMO it may be exactly what you are looking for.
One of the core features of Karate is that you can perform a full equality match of a JSON payload in one step.
And you can easily use JSON from files, which encourages the re-use of payloads across multiple tests.
You are catching all Exceptions. When your assertThat(..) fails, it throws an Exception. Put a breakpoint on the e.printStackTrace(); run in DEBUG mode and check that your AssertionException/Error isn't being caught.
Instead of catching exceptions, just add all Checked Exceptions to your test signature. If an exception is uncaught, it will fail the test. Alternatively, but less prefered in my opinion, resolve by putting fail(); in the catch block.
Finally I choose different library i.e. jayway.restassured library and then JSON Assert library (org.skyscreamer.jsonassert.JSONAssert) which will comapre actual and expected response.
public void test123() {
String postData = input.readFromTextFile(System.getProperty("user.dir") + "\\src\\test\\resources\\inputFile\\CurlDataFile.txt");
RestAssured.baseURI = "MY URL";
Response r = (Response)given().contentType("application/json").body(postData).when().post("");
String responseBody = r.getBody().asString();
String curlResponse = //I am providing expected Curl response here
//JSON Assertion for matching Expected and Actual response
JSONAssert.assertEquals(curlResponse, responseBody, false);
}
Also sometime we may want to avoid comparing particular field from JSON like some ID field which generate dynamically which we can do using JSON comparator
I am a fan of JSONAssert as this provides easy comparing of complete JSONs.
Just use .extract().response().getBody().asString() to get the string representation of the answer.
Complete example:
#Test
public void getReturnsExpectedDataForMailExampleCom() throws JSONException {
String response = get("/users/mail#example.com")
.then()
.statusCode(200)
.extract().response().getBody().asString();
JSONAssert.assertEquals(
"{\"email\":\"mail#example.com\",\"locale\":\"de-DE\"}",
response,
false);
}
Update The drawback is that the complete JSON is not output to stdout if the assertion fails.
I am using the java speech recognition API - Jarvis located at https://github.com/lkuza2/java-speech-api
However when I run my application, I get an error : Server returned HTTP response code: 400 for URL: https://www.google.com/speech-api/v1/recognize?xjerr=1&client=chromium&lang=en-US&maxresults=1 (This is the URL that this api uses to get response from Google)
I also created a API key as mentioned in the earlier posts and tried to use the url (this is version 2 API): www.google.com/speech-api/v2/recognize?output=json&lang=en-US&key=MYKey". But in this case I get a null response from Google.
Can anybody please tell me how to get around this?
I change some things from the Recognizer class:
I change the GOOGLE_RECOGNIZER_URL constant to:
private static final String GOOGLE_RECOGNIZER_URL = "https://www.google.com/speech-api/v2/recognize?output=json&lang=en-us&key=YOUR_KEY";
Then I changed this method because the response data have 2 lines
private String rawRequest(File inputFile, int maxResults, int sampleRate) throws IOException
The first line (the one that is read and sent) is null (i don¡t really know why) and the second line has the response of the speech recognized. For this you must read the second line (don't know if there is a nicer way):
String response = br.readLine();
response = br.readLine();
br.close();
return response;
Then I change this method, I think it was using the v1 URL response or something because this method looks for utterance in the json response and there is none utterance key.
private void parseResponse(String rawResponse, GoogleResponse googleResponse)
if (rawResponse == null)
return;
JSONObject jsonObject = new JSONObject(rawResponse);
JSONArray jsonArray= (JSONArray) jsonObject.get("result");
JSONArray jsonArrayResult = (JSONArray) jsonArray.getJSONObject(0).get("alternative");
googleResponse.setResponse(jsonArrayResult.getJSONObject(0).get("transcript").toString());
googleResponse.setConfidence(jsonArrayResult.getJSONObject(0).get("confidence").toString());
I'm new with the json library so it might be a better and shorter way but this worked for me!
I'm trying to send a JSON object which contains a JSON array with JSON objects inside via HTTP POST parameters.
The format of the parameter (what the server expects) is something like:
{""team"":[
{""teamid"":""179228"",""position"":1},
{""teamid"":""218036"",""position"":2},
{""teamid"":""88109"",""position"":3},
{""teamid"":""88111"",""position"":4},
{""teamid"":""165536"",""position"":5},
{""teamid"":""224645"",""position"":6}
]}
nevertheless, what gets sent is:
{"team":"[
\"{\\\"position\\\":0,\\\"teamid\\\":\\\"88107\\\"}\",\"{\\\"position\\\":1,\\\"teamid\\\":\\\"88109\\\"}\",\"{\\\"position\\\":2,\\\"teamid\\\":\\\"156714\\\"}\",\"{\\\"position\\\":3,\\\"teamid\\\":\\\"138877\\\"}\",\"{\\\"position\\\":4,\\\"teamid\\\":\\\"168730\\\"}\",\"{\\\"position\\\":5,\\\"teamid\\\":\\\"88110\\\"}\",\"{\\\"position\\\":6,\\\"teamid\\\":\\\"88111\\\"}\",\"{\\\"position\\\":7,\\\"teamid\\\":\\\"134431\\\"}\",\"{\\\"position\\\":8,\\\"teamid\\\":\\\"88112\\\"}\",\"{\\\"position\\\":9,\\\"teamid\\\":\\\"138507\\\"}\",\"{\\\"position\\\":10,\\\"teamid\\\":\\\"138880\\\"}\",\"{\\\"position\\\":11,\\\"teamid\\\":\\\"138881\\\"}\",\"{\\\"position\\\":12,\\\"teamid\\\":\\\"151465\\\"}\",\"{\\\"position\\\":13,\\\"teamid\\\":\\\"151464\\\"}\
"]"}
The way I build that JSON object is the following:
JSONArray teamArray = new JSONArray();
JSONObject jsonRoot = new JSONObject();
for (int i = 0; i < mTeams.size(); i++) {
String teamId = null;
BaseModel data = mTeams.get(i);
if (data != null && data instanceof TeamModel) {
teamId = ((TeamModel) data).getId();
}
JSONObject teamObject = new JSONObject();
try {
teamObject.put(
getResources().getString(
R.string.sendResortedTeamsPosition), i);
teamObject.put(
getResources().getString(
R.string.sendResortedTeamsTeamId), teamId);
teamArray.put(teamObject);
} catch (NotFoundException e) {
e.printStackTrace();
} catch (JSONException e) {
e.printStackTrace();
}
}
try {
jsonRoot.put("team", teamArray);
mNameValuePairs.put("teams", jsonRoot);
} catch (JSONException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
In the last but one line (jsonRoot.put("team", teamArray);) it has the same format as what gets sent in the last line, but with one less \, so one less times "parsed" apparently.
Part of my HTTP code:
String postBody = json.toString();
Log.d("HTTPHelper", "posting JSON: " + postBody);
((HttpPost) httpRequest).setEntity(new StringEntity(postBody));
Why is this happening? Is it Java?
Any ideas how could I build the correct JSON? or any work around?
Thanks a lot in advance!
I gave this up, and decided to go the dirty-way: replacing chars manually the following way:
json = new JSONObject(nameValuePairs.toString().replace("\"", "'"));
json = new JSONObject(json.toString().replace("\"", ""));
It's ugly, probably dangerous or risky, but it works...
Too much code for this task, checkout this library https://github.com/kodart/Httpzoid
It uses GSON internally and provides API that works with objects. All JSON details are hidden.
Http http = HttpFactory.create(context);
http.get("http://example.com/users")
.handler(new ResponseHandler<User[]>() {
#Override
public void success(User[] users, HttpResponse response) {
}
}).execute();
just a tip... i'm not really into android, just java..
but you could de- and encode your json with Base64 on both sides, and pass the encoded "String".
so you don't have to worry about any "dirty-way" replacing.
hope this helps u or others, too. :)
IN json object if we can found if data exist by jsonobj.has("element_name") by how can we check that data is jsonarray or json object, follow error gives error if only one events element found and throws JSONexception.
JsonObject jObj;
if (json.has("Events")) {
try {
JSONArray eventsArray = json.getJSONObject("Events");
} catch (JSONException e) {
jObj = json.getJsonObject(""Events"")
}
}
Is there a reason you're trying to read an array using getJSONObject instead of getJSONArray?
If it's possible that the Events array doesn't always exist, you should be using the optJSONArray method.
If it's a different problem, you'd need to post some example JSON for the success and failure cases to make your question clearer.