Spring boot rest api 在端点无效的情况下不会失败
Spring boot rest api not failed in case of invalid Endpoint
我正在使用 spring 引导编写 RESTful 网络服务。我正在使用 jwt 不记名令牌进行身份验证和授权。
下面是我的 RestController
@RestController("api/v1/users")
public class UserController {
@Autowired
UserService userService;
@PostMapping
public User saveUser(@RequestBody User user) {
return userService.saveUser(user);
}
@GetMapping
public List<User> getUsers(@RequestParam(required = false) String pageNumber, String pageSize, String role, String status) {
return userService.findAll(pageNumber, pageSize, role, status);
}
}
当我用请求点击 api 时-url
http://localhost:8080/api/v1/users?pageNumber=0&pageSize=6&role=admin
它的工作完美
但是如果我将 url 端点更改为一些无效的端点,例如
http://localhost:8080/api/v1/hhh?pageNumber=0&pageSize=6&role=admin
它仍然返回与第一个正确端点相同的结果。
下面是来自spring框架调试日志记录
的一些日志语句
Checking match of request : '/api/v1/hhh'; against
'/api/test/secureTest'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request :
'/api/v1/hhh'; against 'api/authenticate'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request :
'/api/v1/hhh'; against '/api/v1/users/me'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request :
'/api/v1/hhh'; against '/api/v1/student'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request :
'/api/v1/hhh'; against '/api/v1/faculty'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request :
'/api/v1/hhh'; against '/api/v1/admin'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request :
'/api/v1/hhh'; against '/api/v1/users'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.s.w.a.i.FilterSecurityInterceptor : Public object -
authentication not attempted
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5]
o.s.security.web.FilterChainProxy :
/api/v1/hhh?pageNumber=0&pageSize=6&role=admin reached end of
additional filter chain; proceeding with original chain
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5]
o.s.web.servlet.DispatcherServlet : GET
"/api/v1/hhh?pageNumber=0&pageSize=6&role=admin", parameters={masked},
headers={masked} in DispatcherServlet 'dispatcherServlet'
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5]
o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance
of singleton bean 'api/v1/users'
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5]
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public
java.util.List
com.asset.app.user.UserController.getUsers(java.lang.String,java.lang.String,java.lang.String,java.lang.String)
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5]
.w.s.m.m.a.ServletInvocableHandlerMethod : Arguments: [0, 6, admin,
null]
我觉得 Spring 缓存端点 url 并在找不到匹配项的情况下使用
知道如何阻止它吗?
如果您阅读 @RestController
的 api 文档
您看到注解构造函数接受了一个 value,描述为:
The value may indicate a suggestion for a logical component name, to
be turned into a Spring bean in case of an autodetected component.
因此它用于为将要创建的 Bean 设置名称。
它不是用来设置url映射的,就像您所做的那样。
@RestController("api/v1/users")
您需要用 @RequestMapping 注释您的 class 并添加到 @PostMapping 和 @GetMapping 的映射。
@RestController
@RequestMapping("/api/v1") // Add request mapping
public class FooBar {
@PostMapping("/users") // Add mapping here
public User bar() {
...
}
@GetMapping("/users") // Add mapping here
public List<User> foo() {
...
}
}
我正在使用 spring 引导编写 RESTful 网络服务。我正在使用 jwt 不记名令牌进行身份验证和授权。
下面是我的 RestController
@RestController("api/v1/users")
public class UserController {
@Autowired
UserService userService;
@PostMapping
public User saveUser(@RequestBody User user) {
return userService.saveUser(user);
}
@GetMapping
public List<User> getUsers(@RequestParam(required = false) String pageNumber, String pageSize, String role, String status) {
return userService.findAll(pageNumber, pageSize, role, status);
}
}
当我用请求点击 api 时-url
http://localhost:8080/api/v1/users?pageNumber=0&pageSize=6&role=admin
它的工作完美
但是如果我将 url 端点更改为一些无效的端点,例如
http://localhost:8080/api/v1/hhh?pageNumber=0&pageSize=6&role=admin
它仍然返回与第一个正确端点相同的结果。
下面是来自spring框架调试日志记录
的一些日志语句Checking match of request : '/api/v1/hhh'; against '/api/test/secureTest'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against 'api/authenticate'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/users/me'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/student'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/faculty'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/admin'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/users'
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Public object - authentication not attempted
2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/v1/hhh?pageNumber=0&pageSize=6&role=admin reached end of additional filter chain; proceeding with original chain
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : GET "/api/v1/hhh?pageNumber=0&pageSize=6&role=admin", parameters={masked}, headers={masked} in DispatcherServlet 'dispatcherServlet'
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'api/v1/users'
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public java.util.List com.asset.app.user.UserController.getUsers(java.lang.String,java.lang.String,java.lang.String,java.lang.String)
2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] .w.s.m.m.a.ServletInvocableHandlerMethod : Arguments: [0, 6, admin, null]
我觉得 Spring 缓存端点 url 并在找不到匹配项的情况下使用
知道如何阻止它吗?
如果您阅读 @RestController
的 api 文档您看到注解构造函数接受了一个 value,描述为:
The value may indicate a suggestion for a logical component name, to be turned into a Spring bean in case of an autodetected component.
因此它用于为将要创建的 Bean 设置名称。
它不是用来设置url映射的,就像您所做的那样。
@RestController("api/v1/users")
您需要用 @RequestMapping 注释您的 class 并添加到 @PostMapping 和 @GetMapping 的映射。
@RestController
@RequestMapping("/api/v1") // Add request mapping
public class FooBar {
@PostMapping("/users") // Add mapping here
public User bar() {
...
}
@GetMapping("/users") // Add mapping here
public List<User> foo() {
...
}
}