How to get the value of @ PathVariable in SpringMVC
- 2021-12-04 10:09:55
- OfStack
How to get the value of @ PathVariable
1. Address: **/ {id}
@RequestMapping(value = "/del/{id}", method = RequestMethod.GET)
public void del(HttpServletRequest request, @PathVariable("id") Long id){
System.out.println(id);
}
2. Modalities
1. Get it directly through @ PathVariable annotation
@RequestMapping(value = "/del/{id}", method = RequestMethod.GET)
public void del(HttpServletRequest request, @PathVariable("id") Long id){
System.out.println(id);
}2. General @ PathVariable annotations are obtained in batches, and only annotation parameters can be obtained
@RequestMapping(value = "/del/{id}", method = RequestMethod.GET)
public void del(HttpServletRequest request, @PathVariable("id") Long id){
NativeWebRequest webRequest = new ServletWebRequest(request);
Map<String, Object> map = (Map<String, Object>) webRequest.getAttribute(View.PATH_VARIABLES, RequestAttributes.SCOPE_REQUEST);
System.out.println(map.get("id"));
}3. Batch acquisition without any comments
@RequestMapping(value = "/del/{id}", method = RequestMethod.GET)
public void del(HttpServletRequest request){
NativeWebRequest webRequest = new ServletWebRequest(request);
Map<String, String> map = (Map<String, String>) webRequest.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE, RequestAttributes.SCOPE_REQUEST);
System.out.println(map.get("id"));
}
springmvc What should I pay attention to when using @ PathVariable?
Recently, when I was doing the inventory adjustment system, my value transfer methods from the foreground to the background mainly include: 1, which is taken from the path with @ PathVariable or @ RequestParam; More than 1, for updating or adding operations, I use the form entity to pass to the background; Bigger than one, I used @ RequestBody for queries (OK, I admit this is just fun for me, but not many people want to write one line after another in the background: String test = request. getParameter ("test"); Right?????)
Now, I mainly want to talk about a "pit" that takes values from the path, and the most important thing is to talk about @ PathVariable, which I prefer (don't ask me why,/{param}/fn.do, simple)
1. Transformation process using @ PathVariable
First:
When Pangu created the world, that is, when it was still chaotic, I didn't even get the value with @ PathVariable, and I was blinded for a while. I didn't understand what happened at all, because I looked at my grammar and format, and it was right everywhere, but I didn't pass the value. I think when I originally wrote/{param}/fn. do, there was no problem. Why is it a ghost today? ? ? ? After the circle was finished, the clue was discovered.
Please see how I write it:
@RequestMapping("/dealerStock/swapOrder/{orderID}/cancelAuditThisOrder.do")
public @ResponseBody String cancelAuditThisOrder(@PathVariable("OrderID") String strOrderID ) ){
...
...
}Then, then, I have not asked for this method, let alone the problem of whether there is a value! Later, when it was solved, I really wanted to pat myself on the forehead!
Then:
After the code specification is reviewed and approved, it has also passed the level 1 functional business test of the test department and the level 2 business process test of the business department. Documents and the like are all ready (what else can I say, silent two hehe). When they were about to be put on the production line, the boss reviewed the code again, and there was no result in the end. However, when I suddenly saw that @ PathVariable, I asked me two questions:
1. If my ID is discontinuous, does this work? For example: HC 782981; 2. Is it possible to avoid users manipulating other people's data as long as I get this request path and I guess an ID number casually?Girl, I was knocked down by thunder again, speechless, and immediately verified it. Result: Yes! You said that the result of the first one is Yes, which I am very satisfied with, but the second one is Yes, so I want to cry very much. After the test results were obtained, I begged to kill the problem.
My first attempt:
Add method = RequestMethod. post, that is to say, users can't enter Url address to obtain data in the form of get, but can only request it through the system.
Team leader: You said yourself, even if we change to Post request, can you access it? Girl: I can, just write a button by myself, and then ask for it with post. If there are users who know some program coding, they can easily break it. I'll change it again Team leader: Actually, we can only guard against gentlemen. There are loopholes in any system, and there is no absolute authority control and security, but we try our best to do it well.My Step 2 attempt:
Before trying Step 2, I thought for a while. I found that this incident has the following breakthroughs:
1. Can sensitive data like order number not be inferred? 2. The user requests according to the access path and then adds an ID number. What if the user can't get the access path? 3. The main point is that users can only operate their own data, and I can verify the current users at the same time when sensitive operations are made. 4. Since all the problems are caused by @ PathVariable, I can replace this value transfer method with the corresponding method. 5. What the user sees is a request method path. Can I add random password salt to the path and control the access of key operations in one step?Well, for the sake of convenience and speed, I changed this way of transferring values directly. Of course, it hasn't been changed, and the time relationship, like some contents that belong to public data, hasn't been changed.
My Step 3 attempt:
In step 2, the code has been changed. Then, I think I am a very serious person. Taking time off from my busy schedule, I put a few points that I thought of in the second step attempt, and wrote code to test them. The first test is the third one (checking the current user at the same time, which is simply similar to where orderID=? and userID=?) Secondly, the password salt value was also measured, which can really be controlled. However, after thinking about the nature of the system and the final trend of resources, it has not changed. Then, to prevent users from opening developer tools or viewing source code, however, this is simply beyond my control. At most, I can control the opening of shortcut keys, but I still have a mouse. ? ? ? ? ? The function provided by the browser is not to kill every drop if I want to kill it.
My first plan is to change the way of order generation, and then I think it doesn't seem to be reliable. But there is no doubt that it is much more reliable than the current generation method, but this needs to be changed. Uh, forgive me for being unintelligent.
2. Personal summary
My biggest problem is not that I can't think of a more elegant solution later, but that I am fundamentally unaware of the problem that is a problem. I don't even think there is any problem with that. This is the most important point I should consider.
Actually, I use @ PathVariable or some other way to pass the value, which is understandable. But I should also take a step further and consider its application scenario and the data involved in the system function lock, as well as the possible consequences. For example, my @ PathVariable question was used by me when I inquired about some regional information (public display data), and the team leader also saw it, but why did he emphasize the order and ask that the order must be changed? Anyway, I just don't think. . . . . .
Many, many things are based on daily life experience. I used to admire architects, and I do now. However, it suddenly dawned on me that architects are not just empty shelves. Take myself for example. I still have a lot of bad ideas (although not every one is reliable). However, doing things can't be imagined alone, but should be practically operated.
I feel that I have done better recently:
1. Because there is a lot of data queried in one place, I told the team leader that day that I would change a query method to improve the query efficiency. Then the team leader asked me how I wanted to change it. I just ran two sets of code at the same time to show him the same thing. As a result, so easy was replaced by the way I wanted to change. Everything I wanted to say was in the code. Later, I finished it. When I was free, I explained the differences and key points.
2. Because it emphasizes code specification and efficiency. When I was writing the code in private, there was a code neat way next to it, and Ali Code Specification Manual. Then, when I was free, I went to official website to find a comparison of the application of some commonly used data structures and data types. I write while reading. If you don't know how to write, just look at it first and write it according to it. It was painful at first, because if you write one sentence, you will be wrong, and you can't say it wrong, but it is not beautiful enough. However, I feel that it is getting better slowly now, especially, much better.