Spring MVC - 如何检查没有传递意外的查询字符串参数？ [英] Spring MVC - How to check that no unexpected query string parameters has been passed?

问题描述

我有一个用Spring MVC编写的Web服务。它可以被第三方开发人员使用。
我们的方法有很多可选参数（在查询字符串中传递）。

I have a web service written in Spring MVC. It can be used by 3rd party developers. Our methods have a lot of optional parameters (passed in the query string).

我想确保所有的查询字符串参数拼写正确，没有拼写错误。
有没有简单的方法呢？方法签名示例：

I want to make sure that all the query string parameters are spelled correctly and there is no typos. Is there an easy way to do it? Method signature example:

 @RequestMapping(value = {"/filter"}, method = RequestMethod.GET)
    @ResponseBody
    public List<MetricType> getMetricTypes(    
            @RequestParam(value = "subject", required = false) Long subjectId,
            @RequestParam(value = "area", required = false) Long areaId,
            @RequestParam(value = "onlyImmediateChildren", required = false) Boolean onlyImmediateChildren,   
            @RequestParam(value = "componentGroup", required = false) Long componentGroupId    
            ) throws Exception
    {
        //Some code
    }

如果有人用onlyImediateChildren = true参数调用此方法（输入错误） ）而不是onlyImmediateChildren = true，Spring MVC将忽略拼写错误的参数，并假设onlyImmediateChildren为空。开发人员会得到稍微不正确的结果列表，并且不会注意到错误。这些问题可能很普遍，难以诊断。我想检查查询字符串中没有拼写错误以防止此类问题。

If somebody calls this method with "onlyImediateChildren=true" parameter (a typo) instead of "onlyImmediateChildren=true", Spring MVC will ignore the typoed parameter and will assume "onlyImmediateChildren" is null. Developer will get slightly incorrect list of results and will not notice the error. Such issues could be widespread and difficult to diagnose. I want to check there is no typoed params in query string to prevent such issues.

UPDATE

它是可以从查询字符串中提取实际参数列表。然后可以将其与允许参数列表进行比较。如果我对允许的参数列表进行硬编码，它将复制方法签名。我想知道从方法签名中提取允许参数列表是否容易（例如通过@RequestParam注释）？

It is possible to extract the list of actual parameters from the query string. Then it could be compared with the list of the allowed parameters. If I hardcode the allowed parameter list, it will duplicate the method signature. I wonder if it is easy to extract a list of allowed parameters from the method signature (e.g. by @RequestParam annotation)?

非常感谢

Maxim

推荐答案

您可以实现自己的 HandlerInterceptor 。在preHandle方法中，您可以获取所有使用@RequestParameter注释的HandlerMethod参数。这些将是请求中的所有允许参数。

You could implement your own HandlerInterceptor. In preHandle method you can obtain all HandlerMethod's parameters annotated with @RequestParameter. These will be all allowed parameters in request.

这篇关于Spring MVC - 如何检查没有传递意外的查询字符串参数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！