I've built a RESTful API using Spray.io.
It contains a number of endpoints, each of which returns JSON.
I use the Spray JSON marshaller to marshal my internal objects to JSON which are returned to the user. So I have something similar to...
respondWithMediaType(`application/json`) {
complete(MyResponse(username, password))
}
Where MyResponse is a case class...
case class MyResponse(username:String, password:String)
However, I want to pick the fields that are returned in the response. So in this case I want to remove the "password" field before it is returned.
Whats the best way to do this with Spray?
Thanks
Posting an answer to close question. Went with Yuvals suggestion above (he didn't add as answer)...
"Why not create PasswordLessResponse case class, instead of jumping hooks to deserialize MyResponse in different ways"
and just created the relevant case classes and marshallers, populated and returned where needed.
Thanks Yuval!
Related
In this question How can I serialize a RealmObject to JSON in Realm for Java? The realm representative said that one can serialize realm object through GSON. Can you please explain it how?
I tried this.
RealmResults<Dog> myDogs=realm.where(Dog.class).findAll();
new Gson().toJson(myDogs);
But StackOverflowError occurred.
To make GSON serialization work with Realm you will need to write a custom JsonSerializer for each object that can be serialized and register it as a TypeAdapter.
You can see an example in this gist: https://gist.github.com/cmelchior/ddac8efd018123a1e53a
You get StackOverflow becouse of Gson based on reflection but managed object (RealmObjectProxy) have no real fields and fields of parent is nulls also some of proxy fields produses recursion in field type recognition of Gson it happens in $GsonTypes class.
To serialize RealmObject you can use one of this options:
Write your own adapter for every RealmObject childs which will takes data using getters.
Call realm.copyFromRealm(realmObject) before serialisation. It will looks like new Gson().toJson(realm.copyFromRealm(realmObject))
Use library based on 2nd option RealmSupportForGson
Hope it helps
The easier way is create a List<Dog> with RLMResult<Dog>, and then serialise this List with Gson.
After two days of bug resolve, I found this simple solution:
YourRealmObject realmObj = realm.where(YourRealmObject.class).findFirst();
if(realmObj != null) {
realmObj = realm.copyFromRealm(realmObj); //detach from Realm, copy values to fields
String json = gson.toJson(realmObj);
}
I am facing a problem of parsing a JSON with a field that may be Array or single object. In case hotel has multiple rooms, typical JsArray is returned. However, if it has only one type of room, it returns only one single object.
I am trying to parse this situation using case classes, especially List[Room] for this situation. This however fails in case only one single object is returned. Is there a way how to overcome this with case classes? If not, what is the solution to this problem?
Thank you very much.
You can use Either[A,B], Either can contain either instance of A or instance of B
case class Hotel(data: Either[Room, List[Room]])
I have a situation where people consuming our API will need to do a partial update in my resource. I understand that the HTTP clearly specifies that this is a PATCH operation, even though people on our side are used to send a PUT request for this and that's how the legacy code is built.
For exemplification, imagine the simple following struct:
type Person struct {
Name string
Age int
Address string
}
On a POST request, I will provide a payload with all three values (Name, Age, Address) and validate them accordingly on my Golang backend. Simple.
On a PUT/PATCH request though, we know that, for instance, a name never changes. But say I would like to change the age, then I would simply send a JSON payload containing the new age:
PUT /person/1 {age:30}
Now to my real question:
What is the best practice to prevent name from being used/updated intentionally or unintentionally modified in case a consumer of our API send a JSON payload containing the name field?
Example:
PUT /person/1 {name:"New Name", age:35}
Possible solutions I thought of, but I don't actually like them, are:
On my validator method, I would either forcibly remove the unwanted field name OR respond with an error message saying that name is not allowed.
Create a DTO object/struct that would be pretty much an extension of my Person struct and then unmarshall my JSON payload into it, for instance
type PersonPut struct {
Age int
Address string
}
In my opinion this would add needless extra code and logic to abstract the problem, however I don't see any other elegant solution.
I honestly don't like those two approaches and I would like to know if you guys faced the same problem and how you solved it.
Thanks!
The first solution your brought is a good one. Some well known frameworks use to implement similar logic.
As an example, latests Rails versions come with a built in solution to prevent users to add extra data in the request, causing the server to update wrong fields in database. It is a kind of whitelist implemented by ActionController::Parameters class.
Let's suppose we have a controller class as bellow. For purpose of this explanation, it contains two update actions. But you won't see it in real code.
class PeopleController < ActionController::Base
# 1st version - Unsafe, it will rise an exception. Don't do it
def update
person = current_account.people.find(params[:id])
person.update!(params[:person])
redirect_to person
end
# 2nd version - Updates only permitted parameters
def update
person = current_account.people.find(params[:id])
person.update!(person_params) # call to person_params method
redirect_to person
end
private
def person_params
params.require(:person).permit(:name, :age)
end
end
Since the second version allows only permitted values, it'll block the user to change the payload and send a JSON containing a new password value:
{ name: "acme", age: 25, password: 'account-hacked' }
For more details, see Rails docs: Action Controller Overview and ActionController::Parameters
If the name cannot be written it is not valid to provide it for any update request. I would reject the request if the name was present. If I wanted to be more lenient, I might consider only rejecting the request if name is different from the current name.
I would not silently ignore a name which was different from the current name.
This can be solved by decoding the JSON body into a map[string]json.RawMessage first. The json.RawMessage type is useful for delaying the actual decoding. Afterwards, a whitelist can be applied on the map[string]json.RawMessage map, ignoring unwanted properties and only decoding the json.RawMessages of the properties we want to keep.
The process of decoding the whitelisted JSON body into a struct can be automated using the reflect package; an example implementation can be found here.
I am not proficient on Golang but I believe a good strategy would be converting your name field to be a read-only field.
For instance, in a strictly object-oriented language as Java/.NET/C++ you can just provide a Getter but not a Setter.
Maybe there is some accessor configuration for Golang just like Ruby has....
If it is read-only then it shouldn't bother with receiving a spare value, it should just ignore it. But again, not sure if Golang supports it.
I think the clean way is to put this logic inside the PATCH handler. There should be some logic that would update only the fields that you want. Is easier if you unpack into a map[string]string and only iterate over the fields that you want to update. Additionally you could decode the json into a map, delete all the fields that you don't want to be updated, re-encode in json and then decode into your struct.
I'm trying to parse a grails parameter map to a Json String, and then back to a parameter map. (For saving html form entries with constraint-violations)
Everything is fine as long as there is no hasMany relationship in the parameter-map.
I'm using
fc.parameter = params as JSON
to save the params as JSON String.
Later I'm trying to rebuild the parameter map and create a new Domain-Object with it:
new Foo(JSON.parse(fc.parameter))
Everything is fine using only 1:1 relationships (states).
[states:2, listSize:50, name:TestFilter]
But when I try to rebuild a params-map with multi-select values (states)
[states:[1,2], listSize:50, name:TestFilter]
I'm getting this IllegalStateException:
Failed to convert property value of type org.codehaus.groovy.grails.web.json.JSONArray to required type java.util.Set for property states; nested exception is java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [de.gotosec.approve.State] for property states[0]: no matching editors or conversion strategy found
I tried to use this, but without success:
JSON.use("deep") {
new Foo(JSON.parse(fc.parameter))
}
You can use JsonSlurper instead of the converters.JSON of grails, it maps JSON objects to Groovy Maps. I think this link also might help you.
Edit: Now, if the problem is binding the params map to your domain, you should try using bindData() method, like:
bindData(foo, params)
Note that this straightforward use is only if you're calling bindData inside a controller.
What seems to be happening in your case is that Grails is trying to bind a concrete type of List (ArrayList in the case of JsonSlurper and JSONArray in the case of converters.JSON) into a Set of properties (which is the default data structure for one-to-many associations). I would have to take a look at your code to confirm that. But, as you did substitute states: [1,2] for a method of your app, try another test to confirm this hypothesis. Change:
states:[1,2]
for
states:[1,2] as Set
If this is really the problem and not even bindData() works, take a look at this for a harder way to make it work using object marshalling and converters.JSON. I don't know if it's practical for you to use it in your project, but it sure works nicely ;)
I am marshaling objects in Grails to JSON using the JSON.registerObjectMarshaller() method, which is invoked in the BootStrap class.
My object graph has a number of nested objects e.g. User -> Address -> Phone and I have a marshaller for each object.
I have a scenario where I want to be able to either return a "shallow" or "deep" version of the top level object. In the case of a shallow request, in place of the address I want to return the field. In the case of the a deep version, the other object marshalers can do delegated to as usual.
I want to do a deep versus shallow based on the value of a parameter passed in the request, however I do not know how to access request parameters when in the registerObjectMarshaller() method from the BootStrap class.
Once I have a way to access these parameters I can tailor it as needed.
Any pointers would be greatly appreciated.
I once tried the object marshaller approach for XML and sadly it didn't work out.
Similar to you, I don't have one way to represent objects. I have a lot more than two, but I think Object Marshallers are a way to go only if you want to do something trivial. If you need more, just forget about them.
It may be much easier for you, to simply create a service or a class with static methods which will generate the JSON for you based on the values you pass.
You can use JsonGroovyBuilder to achieve that, and then just convert it to string and wrap it in a nice http header or whatever you need.
In my case it looks like this [mind you, this is for XML, so you have to use JsonGroovyBuilder, or other - whichever suits you - and you will probably not need to use the StringWriter as I do]:
def writer = new StringWriter()
def xml = new MarkupBuilder(writer)
def retData = someService.doSomething()
def xmlGen = new XmlResponseGenerator(xml, retData)
render(contentType: 'text/xml', encoding: "UTF-8", text: writer.toString())