#RequestHeader required property behavior for request paramter and value - spring

Can we make a header parameter mandatory but not the value using #RequestHeader?
For example if we use,
#RequestHeader(value = "abc", required = true)
both parameter and it value has to be there.
Edit:
Suppose i call some rest api has above request header param with "abc" but no value. So in this case i am able to invoke the rest api successfully since i have invoke with "abc" header param even i did not enter a value to it. Due to some governance tool rule, i need to have a specific header param but i dont want force user to enter any value.

Spring 5.2 and lower
The #RequestHeader doesn't provide additional facility to check the value of the parameter to be mandatory i.e. not null.
Given below are the available fields as per Spring Doc
defaultValue: The default value to use as a fallback.
name: The name of the request header to bind to.
required: Whether the header is required; null values are allowed
value: Alias for name()
So what you can do is read the parameter either with the help of #RequestHeader or inject a HttpServletRequest request, read by request.getHeader(...) and check inside the controller method if the value exists and then can call methods to perform the necessary logic.
Although you can make sure that the parameter exists with the help of required attribute for e.g. #RequestHeader(value = "Authorization", required = true) String authorization).
Spring 5.3+
The required field was tightened up, both the property and the value should exist. From the release notes:
The #RequestHeader annotation detect a null conversion result value and treat it as missing. In order to allow an empty value to be injected as a null argument, either set required=false on the argument annotation, e.g. #RequestParam(required=false), or declare the argument as #Nullable.

As #Mudassar said, #RequestHeader doesn't provide additional facility to check the value of the parameter to be mandatory i.e. not null.
It is related to this issue: https://github.com/spring-projects/spring-framework/issues/23939
I developed a workaround for this problem using an annotation #RequestHeaderNonNull that I've created: https://github.com/armandoalmeida/request-header-required-non-null
I hope I've helped you!

Related

How do I handle null values during model binding

I have the folowing URL:
http://localhost:7975/test?parameter01=X
In my model, parameter01 is a List<int?>. If a non-integer value (e.g., a string) is passed to this parameter, the model binding process sets this value to null.
How do I intercept this as early as possible in the pipeline so I can return a HTTP status and description without handling this condition in the controller action?
Since you have tagged with asp.net-web-api2 I would recommend using Attribute Routing which enables you to constrain the Parameter Type. With this you'd able to switch handling according to the validity of your input. You can read up on this here
A second possibility would be to write a HTTPHandler which tests for valid input information. This one might be a bit trickier.

Web API parameter accept any parameter after valid one

I have API that have one parameter string UserId a but while testing it accept any parameter after the parameter i have defined like this
http://localhost:xxxx/api/get?UserId=43141688 its shows the result I wanted and i have one parameter that is UserId but if I do like this
"http://localhost:xxxx/api/get?UserId=43141688&xyzpqr and also gets the same result on the basis of UserId
and &xyzpqr is not valid
so how to do parameter binding basis of my parameter no additional (? and & )include only UserId?
What I have tried:
I already tried attribute based routing and action-based routing

Passing extra parameter through GetAll method of webapi

How to pass an extra parameter through a Get method of webapi because when i pass
GetALL(int page,int limit,int start) it works fine but when in passed one more parameters that is optional and may be null it throws error.
GetAll(int page,int limit,int start,string ? search)
What is the best way to make it working
In Web API optional parameters are those which can be nulled.
If you have type values like int or DateTime, you need to make them nullableby using the ? syntax.
But when they're classes instead of value type, they are directly convertible to null, so you don't need to, and can not, mark them as nullable. SO, your method signature must be simply this:
GetAll(int page,int limit,int start,string search)
If you wanted page, limit or start to be nullable, you should declare them as int?. So, int he signature above this 3 parameters are compulsory, and the last one optional.
EDIT, for OP comment
When you use the default routing for Web API the only way to choose the right method is by parameter matching, i.e. the parameters in the request must match the parameters in the action including the optional parameters. So, there are two ways to make it work:
post the optional parameters as empty parameters. For your case, provided you're using the query string, include a &search= in the URL
modify the routes, so that the parameters are provided as route parameters, and define the search parameter as optional
You can also completely modify the web API routing by including the action in the route. In that case, you have to specify the action in the URLs to invoke the action, but the method can be chosen by action name (given by method name or Action attribute), and not by parameter matching. In that case you don't need to provide the optional parameters. It will work like MVC routing.

Can I get saml-token as string?

I am using spring-security-saml2 1.0.0.RELEASE.
It works well and pretty good for me.
But New requirement is rised. I need saml-token as string.
can I get the saml-token as string. I find saml-token in log.
But how to get the saml-token as string format?
Good question, I've just added a new chapter to the Spring SAML manual which addresses this issue:
Authentication assertion
Assertion used to authenticate user is stored in the
SAMLCredential object under property authenticationAssertion. By
default the original content (DOM) of the assertion is discarded and
system only keeps an unmarshalled version which might slightly differ
from the original, e.g. in white-spaces. In order to instruct Spring
SAML to keep the assertion in the original form (keep its DOM) set
property releaseDOM to false on bean WebSSOProfileConsumerImpl.
Assertion can be serialized to String using the following call:
XMLHelper.nodeToString(SAMLUtil.marshallMessage(credential.getAuthenticationAssertion()))

Jersey Rest Client with empty string param

I'm using Jersey to consume some rest services, but I having a problem when I try to sent a parameter empty because seems that Jersey doesn't map the empty or null parameter.
Jersey generate something like (value is the empty string, the equals is lost and I get a 500 error):
http://myservice.test.com/services/rest/setAttribute?id=555&value&test=test
If I go to the browser an enter (this one works!!!):
http://myservice.test.com/services/rest/setAttribute?id=555&value=&test=test
The value field is required so I need to sent it every request, but I cannot set it in empty and sometimes I need the value an empty string.
Thanks...
You can add #JsonWriteNullProperties to the class you serializes to force it to write null values.

Resources