We Keep Coding

JSON Patch Request validation in Java

In my spring boot service, I'm using https://github.com/java-json-tools/json-patch for handling PATCH requests.
Everything seems to be ok except a way to avoid modifying immutable fields like object id's, creation_time etc. I have found a similar question on Github https://github.com/java-json-tools/json-patch/issues/21 for which I could not find the right example.
This blog seems to give some interesting solutions about validating JSON patch requests with a solution in node.js. Would be good to know if something similar in JAVA is already there.

Under many circumstances you can just patch an intermediate object which only has fields that the user can write to. After that you could quite easily map the intermediate object to your entity, using some object mapper or just manually.
The downside of this is that if you have a requirement that fields must be explicitly nullable, you won’t know if the patch object set a field to null explicitly or if it was never present in the patch.
What you can do too is abuse Optionals for this, e.g.
public class ProjectPatchDTO {
private Optional<#NotBlank String> name;
private Optional<String> description;
}
Although Optionals were not intended to be used like this, it's the most straightforward way to implement patch operations while maintaining a typed input. When the optional field is null, it was never passed from the client. When the optional is not present, that means the client has set the value to null.

Instead of receiving a JsonPatch directly from the client, define a DTO to handle the validation and then you will later convert the DTO instance to a JsonPatch.
Say you want to update a user of instance User.class, you can define a DTO such as:
public class UserDTO {
#Email(message = "The provided email is invalid")
private String username;
#Size(min = 2, max = 10, message = "firstname should have at least 2 and a maximum of 10 characters")
private String firstName;
#Size(min = 2, max = 10, message = "firstname should have at least 2 and a maximum of 10 characters")
private String lastName;
#Override
public String toString() {
return new Gson().toJson(this);
}
//getters and setters
}
The custom toString method ensures that fields that are not included in the update request are not prefilled with null values.
Your PATCH request can be as follows(For simplicity, I didn't cater for Exceptions)
#PatchMapping("/{id}")
ResponseEntity<Object> updateUser(#RequestBody #Valid UserDTO request,
#PathVariable String id) throws ParseException, IOException, JsonPatchException {
User oldUser = userRepository.findById(id);
String detailsToUpdate = request.toString();
User newUser = applyPatchToUser(detailsToUpdate, oldUser);
userRepository.save(newUser);
return userService.updateUser(request, id);
}
The following method returns the patched User which is updated above in the controller.
private User applyPatchToUser(String detailsToUpdate, User oldUser) throws IOException, JsonPatchException {
ObjectMapper objectMapper = new ObjectMapper();
// Parse the patch to JsonNode
JsonNode patchNode = objectMapper.readTree(detailsToUpdate);
// Create the patch
JsonMergePatch patch = JsonMergePatch.fromJson(patchNode);
// Convert the original object to JsonNode
JsonNode originalObjNode = objectMapper.valueToTree(oldUser);
// Apply the patch
TreeNode patchedObjNode = patch.apply(originalObjNode);
// Convert the patched node to an updated obj
return objectMapper.treeToValue(patchedObjNode, User.class);
}

Another solution would be to imperatively deserialize and validate the request body.
So your example DTO might look like this:
public class CatDto {
#NotBlank
private String name;
#Min(0)
#Max(100)
private int laziness;
#Max(3)
private int purringVolume;
}
And your controller can be something like this:
#RestController
#RequestMapping("/api/cats")
#io.swagger.v3.oas.annotations.parameters.RequestBody(
content = #Content(schema = #Schema(implementation = CatDto.class)))
// ^^ this passes your CatDto model to swagger (you must use springdoc to get it to work!)
public class CatController {
#Autowired
SmartValidator validator; // we'll use this to validate our request
#PatchMapping(path = "/{id}", consumes = "application/json")
public ResponseEntity<String> updateCat(
#PathVariable String id,
#RequestBody Map<String, Object> body
// ^^ no Valid annotation, no declarative DTO binding here!
) throws MethodArgumentNotValidException {
CatDto catDto = new CatDto();
WebDataBinder binder = new WebDataBinder(catDto);
BindingResult bindingResult = binder.getBindingResult();
binder.bind(new MutablePropertyValues(body));
// ^^ imperatively bind to DTO
body.forEach((k, v) -> validator.validateValue(CatDto.class, k, v, bindingResult));
// ^^ imperatively validate user input
if (bindingResult.hasErrors()) {
throw new MethodArgumentNotValidException(null, bindingResult);
// ^^ this can be handled by your regular exception handler
}
// Here you can do normal stuff with your cat DTO.
// Map it to cat model, send to cat service, whatever.
return ResponseEntity.ok("cat updated");
}
}
No need for Optional's, no extra dependencies, your normal validation just works, your swagger looks good. The only problem is, you don't get proper merge patch on nested objects, but in many use cases that's not even required.

Postman - Sending image file and json on POST

I'm using Postman to test REST Web API and I have a method that receives this object:
public class NewShipmentDto implements Serializable {
private String description;
private Long senderId;
private Long receiverId;
private byte[] packageImage;
private CommissionPaidBy commissionPaidBy;
private Long senderPaymentMethod;
private LocationDto senderLocation;
private LocationDto receiverLocation;
// + constructors and gets/sets
}
So the body of my POST needs to be something like this:
{
"description":"Libros",
"senderId":1,
"receiverId":1,
"commissionPaidBy":"BOTH",
"senderPaymentMethod":1,
"senderLocation":
{
"latitud":100,
"longitud":100
},
"receiverLocation":
{
"latitud":100,
"longitud":100
}
}
But I also need to send the file so it can be transformed to a byte []. The thing is if I use form data to pass the file how do I send this bits:
"receiverLocation":
{
"latitud":100,
"longitud":100
}
Is it possible to send nested json in the form data?
This is my POST method, I haven't added the logic of reading the file yet:
#POST
#Consumes({MediaType.APPLICATION_JSON})
#Produces({MediaType.APPLICATION_JSON})
public Response addShipment(String shipment) throws EnviosYaException {
Gson gson = new Gson();
NewShipmentDto newShipmentDto = gson.fromJson(shipment, NewShipmentDto.class);
NewShipmentResponseDto response = shipmentServices.addShipment(newShipmentDto);
return Response.ok(gson.toJson(response)).build();
}
If necessary I could change the structure of the json to avoid having nested json, but I would like to know if it's possible first.
Thanks

It looks like you are using JAX-RS for the REST API. For your use case multipart/format-data content-type is more appropriate.
Please have a look at this JAX-RS question.
Or
If you like keep the JSON structure intact, you can store the base64 encoded data in a string for the image field. The model would looks like.
public class NewShipmentDto implements Serializable {
private String description;
private Long senderId;
private Long receiverId;
private String encodedPackageImage;
private CommissionPaidBy commissionPaidBy;
private Long senderPaymentMethod;
private LocationDto senderLocation;
private LocationDto receiverLocation;
// + constructors and gets/sets
}

Mapping BIGDECIMAL from Mongo, lack CONSTRUCTOR

I have a problem when I want get a object from mongo with a BigDecimal field.
I have the next structure in mongo:
{
"_id":ObjectId("546b07420c74bf96c7c3cd5f"),
"accountId":"1",
"modelVersion":"seasonal_optimized",
"yearMonth":"20143",
"income":{
"unscaled":{
"$numberLong":"68500"
},
"scale":2
},
"expense":{
"unscaled":{
"$numberLong":"125900"
},
"scale":2
}
}
And the entity is :
#Data
#NoArgsConstructor
#AllArgsConstructor
#Document(collection = "forecasts")
public class Forecast {
private String accountId;
private LocalDate monthYear;
private String modelVersion;
private BigDecimal income;
private BigDecimal expense;
}
and I'm trying retrieving a object from mongo, but I got the next error:
org.springframework.data.mapping.model.MappingInstantiationException: Failed to instantiate java.math.BigDecimal using constructor NO_CONSTRUCTOR with arguments.
Anybody can help me?
Thank you!!!!

It's an old question but I had the same issue using Spring data mongo and the aggregation framework.
Specifically when I want a BigDecimal as return type.
A possible workaround is to wrap your BigDecimal in a class and provide it as your return OutPutType, ie:
#Data
public class AverageTemperature {
private BigDecimal averageTemperature;
}
#Override
public AverageTemperature averageTemperatureByDeviceIdAndDateRange(String deviceId, Date from, Date to) {
final Aggregation aggregation = newAggregation(
match(
Criteria.where("deviceId")
.is(deviceId)
.andOperator(
Criteria.where("time").gte(from),
Criteria.where("time").lte(to)
)
),
group("deviceId")
.avg("temperature").as("averageTemperature"),
project("averageTemperature")
);
AggregationResults<AverageTemperature> result = mongoTemplate.aggregate(aggregation, mongoTemplate.getCollectionName(YourDocumentClass.class), AverageTemperature.class);
List<AverageTemperature> mappedResults = result.getMappedResults();
return (mappedResults != null ? mappedResults.get(0) : null);
}
In the example above the aggregation calculates the average temperature as BigDecimal.
Keep in mind that the default BigDecimal converter map it to a string in mongodb when saving. mapping-conversion
Retrieving the document as is should not be a problem anymore with Spring data mongo, versions I used:
org.springframework.boot:spring-boot-starter-data-mongodb:jar:2.0.1.RELEASE
spring-data-mongodb:jar:2.0.6.RELEASE
org.mongodb:mongodb-driver:jar:3.6.3

JAX-RS - JSON List to Object with JaxB

I am using JAX-RS (CXF) with JaxB and Jackson to provide a REST-API.
Unfortunately, none of the found results helps me with following (simple) problem:
I implemented following method:
#POST
#Path(ApiStatics.ARMY_CREATE_ARMY)
public com.empires.web.dto.Army createArmy(#FormParam("locationid") long locationId, #FormParam("name") String name, #FormParam("troops") ArmyTroops troops) {
and here are is my model class:
#XmlRootElement
#XmlSeeAlso(ArmyTroop.class)
public class ArmyTroops {
public ArmyTroops() {
}
public ArmyTroops(List<ArmyTroop> troops) {
this.troops = troops;
}
#XmlElement(name = "troops")
private List<ArmyTroop> troops = new ArrayList<ArmyTroop>();
public List<ArmyTroop> getTroops() {
return troops;
}
public void setTroops(List<ArmyTroop> troops) {
this.troops = troops;
}
}
ArmyTroop
#XmlRootElement(name = "troops")
public class ArmyTroop {
#XmlElement
private long troopId;
#XmlElement
private String amount;
public long getTroopId() {
return troopId;
}
public void setTroopId(long troopId) {
this.troopId = troopId;
}
public String getAmount() {
return amount;
}
public void setAmount(String amount) {
this.amount = amount;
}
}
My json that i send looks like this:
locationid 1
name asdasd
troops {"troops":[{"troopId":4,"amount":"5"},{"troopId":6,"amount":"5"}]}
Unfortunately, the object gets not transformed. Instead I receive this error:
InjectionUtils #reportServerError - Parameter Class com.empires.web.dto.in.ArmyTroops has no constructor with single String parameter, static valueOf(String) or fromString(String) methods
If I provide the constructor with a single string parameter, I get passed the whole json string for "troops" as mentioned above.
Any ideas why JaxB does not work at this point?

You are passing all your parameters with #Form annotation.
But the Form part of the http message must be an xml data structure.
Your 3 parameters don't have a main xml datastructure so it wont work.
In short, form params are send as body.
Cxf use the MultivaluedMap to send params (cxf have an xml model for this structure).
As you can see it is not fit for parameters that can't be trivally serialized.
Here me solution would be to drop the #FormParam to avoid the problem:
1) Use #PathParam #CookieParam to send yours first 2 parameters, and the 'no tag' (body) only for the army compositions.
2) Define an uber object that take all parameters and can be serialized as xml datastructure and use the 'no tag' (body) sending.
3) Use soap, with cxf it is really easy to gets both Rest and Soap.

Jackson 2.1.0 object serialize with JsonIgnore,JsonProperty and dynamic filter

I have an object which have several annotations:
#JsonInclude(Include.NON_DEFAULT) , #JsonIgnoreand#JsonProperty("BLA BLA")`
I need to serialize my object while ignoring fields that their value is not changed, and also always ignore some other fields. while serializing I want some fields to have diffrent names inside the json String. all of that works great. my problem is when i try to filter out some fields dynamically! I tried every example I could find and nothing worked, I coukdn't exclude fields dynamically. mabye my other annotations are preventing me from doing that?
This is my code:
#JsonInclude(Include.NON_DEFAULT)
public class objectFilter implements Serializable {
#JsonIgnore
private String filterDescription = "";
private String[] address = {"","0","false"};
#JsonProperty("status.statusCode")
private String[] statusCode = {"","0","false"};
#JsonIgnore
private String statusCodeDescription = "";
#JsonProperty("createdUser.userCode")
private String[] createdUser = {"","0","true"};
#JsonIgnore
private String createdUserDescription = "";
#JsonProperty("List.endorsment")
private String[] endorsment1 = {"","0","false"};
#JsonProperty("endorsment")
private String[] endorsment2 = {"","0","false"};
#JsonProperty("List.policy")
private String[] policy1 = {"","0","false"};
#JsonProperty("policy")
private String[] policy2 = {"","0","false"};
//getters and setters
}
I want to be able to exclusde some fields from being serialized even if they are not with #JsonIgnore
for example: I want exclude all fields except from policy2 and endorsment2 , even if the other fields have values inside of them.
How can this be done?
please help.

So sometimes you only want to serialize policy2 and endorsement2 while other times you want to serialize all the fields? If so you can use Jackson's JSON views to achieve this. You would first create a marker class for this view:
private interface OnlyPolicyTwoAndEndorsementTwo { }
And then you would set these two fields as belonging to this view:
..........
#JsonView(OnlyPolicyTwoAndEndorsementTwo.class)
#JsonProperty("endorsment")
private String[] endorsment2 = {"","0","false"};
..........
#JsonView(OnlyPolicyTwoAndEndorsementTwo.class)
#JsonProperty("policy")
private String[] policy2 = {"","0","false"};
And now to serialize the full object you could do:
mapper.writer().writeValueAsString(objectFilter);
Or to only serialize policy2 and endorsement2 you would do:
mapper.writerWithView(OnlyPolicyTwoAndEndorsementTwo.class).writeValueAsString(objectFilter);

Use Mixins: http://wiki.fasterxml.com/JacksonMixInAnnotations
Define that annotations of a mix-in class (or interface)
and it will be used with a target class (or interface) such that it appears
as if the target class had all annotations that the mix-in class has (for purposes of configuring serialization / deserialization)