Posted In: Spring, Spring REST, Spring Security

Spring REST – Difference in request parameter and path variable

We will talk about design level as well as organizational security/policy level differences in these two options.

Example of Path Variable

	@RequestMapping(value = "/employee/{employeeId}",
	        consumes = "application/json",
	        method = { RequestMethod.GET })
	public @ResponseBody Object getEmployee(ServletRequest req,
	        ServletResponse res,
	        @PathVariable("employeeId") int employeeId)

Example of Request Paramter

	@RequestMapping(value = "/employee/",
	        method = { RequestMethod.GET })
	public @ResponseBody Object getEmployee(ServletRequest req,
	        ServletResponse res,
	        @RequestParam("employeeId") int employeeId)

 

You can pretty much use either path variable or request param to design your service. Though there are some organizational level restrictions that we may face while taking that decision.

 

1. When you use path variable, data is available in URL. Hence it cannot be sensitive data. In this example if your organization considers EMPLOYEE ID as sensitive data then do not use path variable. Rather use POST data with request parameter.

 

2. Path variable will be restricted to valid URL characters. Service will break if you do not restrict character usage.

 

3. If you use Request Param then you can not send JSON data in request body or use syntax like consumes = “application/json”

 

4. Path variables at the end of the URL may get issues with data that ends with “.com”. Make sure to set Spring configuration correctly to avoid it.
Example
Service – /employer/@PathVariable(“employerName”)
It may break for “/employer/javausecase.com” call.

 

by , on July 12th, 2017

  • Categories