RESTweb服务中get方法中的java invoke post方法
我正在为一个项目开发一个RESTful web服务。移动应用程序应该提供一个id,WS需要在get方法中使用该id从数据库检索信息。现在,我通过PathParam传递id,作为get方法uri的一部分。我可以通过使用post方法捕获id,然后在get方法中调用此post方法来获取id吗?或者我该怎么做?我认为在get方法中使用PathParam传递id不是一个安全的好主意
@GET
@Path("/MachineDetail/{machineId}")
@Produces(MediaType.APPLICATION_JSON)
public MachineDetail returnMachineDetail(@PathParam("machineId") int machineId ) throws Exception {
System.err.println("test");
PreparedStatement query = null;
String myString = "";
Connection conn = null;
List<Issue> issueList = new ArrayList<Issue>();
int i = 0;
MachineDetail machineDetail = new MachineDetail();
Machine machine = null;
Machinedocolink machinedocolink = null;
Manufacturer manufacturer = null;
Issue issue = null;
int manufacturerId = 0;
int machineid = machineId;
try {
conn = db.DBConn().getConnection();
//conn = db.DBConnLocal();
// get info from machine table
query = conn.prepareStatement("SELECT * FROM USER04419.MACHINE WHERE MACHINEID = "
+ machineid);
ResultSet rsMachine = query.executeQuery();
while (rsMachine.next()) {
manufacturerId = rsMachine.getInt("MANUFACTURERID");
myString = myString + rsMachine.getString("LOCATION") + "!!!!!"
+ rsMachine.getInt("MACHINEID") + "!!!!!"
+ rsMachine.getInt("MACHINEID");
Long maintainenceDate = rsMachine.getDate("MAINTDATE")
.getTime();
Long dateInstalled = rsMachine.getDate("DATEINSTALLED")
.getTime();
machine = new Machine();
machine.setMachineId(rsMachine.getInt("MACHINEID"));
machine.setLocation(rsMachine.getString("LOCATION"));
machine.setMaintainenceDate(maintainenceDate);
machine.setDateInstalled(dateInstalled);
machine.setInstaller(rsMachine.getString("INSTALLER"));
machine.setMachineCode(rsMachine.getString("MACHINECODE"));
machine.setModel(rsMachine.getString("MODEL"));
machine.setManufacturerID(rsMachine.getInt("MANUFACTURERID"));
machine.setName(rsMachine.getString("NAME"));
machine.setSoftware(rsMachine.getString("SOFTWARE"));
machineDetail.setMachine(machine);
myString = machine.toString();
}
// select info from manufacturer table
query = conn
.prepareStatement("SELECT * FROM MANUFACTURER WHERE MANUFACTURERID = "
+ manufacturerId);
ResultSet rsManufacturer = query.executeQuery();
while (rsManufacturer.next()) {
manufacturer = new Manufacturer();
manufacturer.setManufacturerId(rsManufacturer
.getInt("MANUFACTURERID"));
manufacturer.setManufacturerName(rsManufacturer
.getString("MANUFACTURERNAME"));
machineDetail.setManufacturer(manufacturer);
myString = myString + manufacturer.toString();
}
// get info from machinedocolink table
query = conn
.prepareStatement("SELECT * FROM MACHINEDOCOLINK WHERE MACHINEID = "
+ machine.getMachineId());
ResultSet rsMachinedocolink = query.executeQuery();
while (rsMachinedocolink.next()) {
machinedocolink = new Machinedocolink();
machinedocolink.setMachinedocolinkId(rsMachinedocolink
.getInt("MACHINEDOCLINKID"));
machinedocolink.setMachineId(rsMachinedocolink
.getInt("MACHINEID"));
machinedocolink.setURLLink(rsMachinedocolink
.getString("URLLINK"));
machinedocolink.setURLTitle(rsMachinedocolink
.getString("URLTITLE"));
machineDetail.setMachinedocolink(machinedocolink);
myString = myString + machinedocolink.toString();
}
// get info from issue table
query = conn
.prepareStatement("SELECT * FROM ISSUE WHERE MACHINEID = "
+ machine.getMachineId());
ResultSet rsIssue = query.executeQuery();
while (rsIssue.next()) {
issue = new Issue();
issue.setIssueId(rsIssue.getInt("ISSUEID"));
;
issue.setMachineId(rsIssue.getInt("MACHINEID"));
issue.setPriority(rsIssue.getInt("PRIORITY"));
issue.setUserId(rsIssue.getInt("USERID"));
issue.setIssueTitle(rsIssue.getString("ISSUETITLE"));
issue.setIssueStatus(rsIssue.getString("ISSUESTATUS"));
Long creationDate = rsIssue.getDate("CREATIONDATE").getTime();
Long executionDate = rsIssue.getDate("EXECUTIONDATE").getTime();
issue.setCreationDate(creationDate);
issue.setExecutionDate(executionDate);
issueList.add(i, issue);
i++;
}
machineDetail.setIssueList(issueList);
myString = myString + machinedocolink.toString();
query.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (conn != null)
conn.close();
}
return machineDetail;
// return myString;
}
# 1 楼答案
可以通过两个不同的方法映射同一个方法,并通过GET和POST进行注释
@GET invokeMethodGET(){ invokeMethod() }
@POST invokeMethodPOST(){ invokeMethod() }
public void invokeMethod(){ }
# 2 楼答案
从你的问题中我了解到,你有如下端点的资源
获取http://example.com/rest/resource_name/1
如果您已经用身份验证和授权保护了REST端点(除非您正在开发公共可访问的API),那么这是非常好的
您关于在RESTweb服务中的GET方法中调用post方法的想法看起来不像RESTful