I currently have a servlet returning a JSON string on a POST to the output stream of the response.
This is my code:
...
response.setContentType("application/json");
PrintWriter out = response.getWriter();
out.print(jsonString);
out.flush();
I'm not sure how to handle this on the client side as it just displays the string on the page. What needs to be done?
A servlet returning a JSON is not meant to be called directly by the browser. It's meant to be called with JavaScript or another artifact that can interpret JSON.
Usually you will have something like:
var myObject = JSON.parse(myJSONtext, reviver);
That will get you an object parsed from JSON contents you send from servlet.
To get myJSONtext you usually do an AJAX call within a piece of Java Script code.
Google for: json ajax example
You will get a lot of information online.
Related
I am using angular 2 as front end frame work and node js in the back end, So I am trying to send image with a json object that contains some particular information about that image. So I am wondering , if it is safe to pass that json object in the URL.
No, it's not safe, as your JSON object might be very long, too long for a URL. You will need to send an AJAX request where your JSON will be a parameter. Example of asynchronous request sending a JSON object:
xhttp.open("POST", "ajax_test.asp", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("data=" + JSON.stringify(yourobject));
then, on the server you will have a POST parameter called data where you will have everything you need.
Let's say I ask Mailchimp for subscriber data, and they send back an http request with JSON in the body. Should I be able to go:
var thingy = body.property;
Or should I have to go:
var object = JSON.parse(body);
var thingy = object.property;
?
Also, does the node.js body parse parse JSON for me?
JSON is sent over the wire from the server as a string. That's what JSON is - a string format.
Whether or not it arrives at your code as a string or as already parsed Javascript object depends entirely upon the code you are using to make the http request and perhaps what headers the server sets and what auto-detection the code doing the Ajax call makes.
If the response header sets the type to json, then some code making the request will automatically parse it for you into Javscript. Other code will leave that to the caller to do. If the server does not set the proper headers, then some code will auto-detect it as JSON and parse it and other code will not.
So ... bottom line. It depends entirely upon what the server is doing in its response and what code is being use to make the request. You can very easily just do a console.log(body) and see whether you have a JSON string or an already parsed Javascript object.
If you really weren't sure what behavior you would get, you can test the type and act accordingly (though a given server and calling code should be consistent so you shouldn't have to vary your behavior) once you test how it behaves.
if (typeof body === "string") {
body = JSON.parse(body);
}
Depends on the API, usually you get the response header Content-type: application/json. If that is the case there's probably no need to parse the response as most of the clients will understand that it's a json object and parse it for you. Anyhow, not all clients will do this automatically.
We are in the process of building a custom built JEE security layer which is going to ensure that all possible OWASP concerns are addressed. This security layer is built as Filters that needs to run before the Controllers (Spring in our case), so that they can execute before the request actually reaches the Controller. These security filters looks at the user input and performs various Sanitation. One such sanitation is the JSON sanitation, where the JSON data from client is looked for any malicious content.
Currently , the Spring Controllers use the #RequestBody annotation to populare the incoming JSON data into POJO classes.
I have exactly the same question but, is there a generic way to retrieve the parameters (sent as JSON data) from the request ?
my objective is to have a JSON sanitizer code in a Filter, so that it
intercepts and parses all JSON data that comes to the controller.
I was able to read & retrieve the json data using the following technique. The StringBuffer jb finally has the entire JSON data.
StringBuffer jb = new StringBuffer();
String line = null;
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null)
jb.append(line);
}
Ref: HttpServletRequest get JSON POST data
i'm developping a program in java ee.
i know how to display a view from a servlet with a code like this
this.getServletContext().getRequestDispatcher( VUE).forward( request, response );
where my view (VUE) is in a jsp page.
i know also how to return a json object with something like that
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
response.getWriter().write(jsonErreurEtRole);
I'm using google Gson to convert java objects.
Now i want to return a json object that contain a view in one field and some others messages in others field.
But i can't find how to do it.
Is there a way for that ?
EDIT
I will try to be more clear,
My problem is that : users ara requesting content by calling a servlet (a controller), i check their right on that content. And if they don't have right i send a message like "you don't have right ..."
that message should not replace any content in the html page but just appear as a notification.
So i wanted to return a json object like [message, content]
by the way i solved my problem by sending only message in a json object if user don't have right and html content if he has. And in je jquery code i'm testing the return type of the response.
I used this post :
jQuery ajax returned data: json and html mix?
I have a question regarding REST Assured. - https://code.google.com/p/rest-assured/wiki/Usage
I understand that I can use REST assured to make HTTP calls(.get .put etc.) and validate the response using when() etc. I would like to validate JSON responses that I have already saved in the database, instead of Calling the web service realtime and validating it's response.
Can I use REST-assured to Load a JSON response as a String and validate it?
Yes you can use Rest Assured's JsonPath project independently of Rest Assured (see getting started page). Once you have it in classpath you can do something like this:
JsonPath jsonPath = new JsonPath(<your json as string>);
String title = jsonPath.getString("x.y.title");