1

I am writing a restful API and try to use all available http method but have a problem with PUT method.

When I send http request whith put method, I have "400 Bad request" error. If I use POST method, I have no problem.

Here is my http PUT request :

Remote Address:::1:8080
Request URL:http://localhost:8080/adminRight
Request Method:PUT
Status Code:400 Mauvaise Requête

Request Headersview parsed
PUT /adminRight HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 37
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
Content-Type: application/json
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: JSESSIONID=41D1CCDF94D3150F0FCA3754E347A4AD

Request Payload
typeList=1&id=2&nom=labelViewerAvance

Response Headersview parsed
HTTP/1.1 400 Mauvaise Requête
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 984
Date: Fri, 30 May 2014 12:55:32 GMT
Connection: close

And here my http POST request :

Remote Address:::1:8080
Request URL:http://localhost:8080/adminRight
Request Method:POST
Status Code:200 OK

Request Headersview parsed
POST /adminRight HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 37
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
Content-Type: application/json
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: JSESSIONID=41D1CCDF94D3150F0FCA3754E347A4AD

Request Payload
typeList=1&id=2&nom=labelViewerAvance

Response Headersview parsed
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=utf-8
Content-Length: 2
Date: Fri, 30 May 2014 13:09:03 GMT

What is the difference between PUT and POST syntax? Or maybe, is it one special configuration in my web.xml?

Thanks in advance for your help.

Edit with new information :

My requests are mapped in java with these two methods :

@RequestMapping(value = "/adminRight", 
                method = RequestMethod.PUT
                )
     @ResponseBody
        public ResponseEntity<String> updateListRights(@RequestParam(value = "typeList") String typeList,
                @RequestParam(value = "id") String idList,
                @RequestParam(value = "nom") String nomList)
        {

and 

@RequestMapping(value = "/adminRight", 
                method = RequestMethod.POST
                )
     @ResponseBody
        public ResponseEntity<String> addNewListRights(@RequestParam(value = "typeList") String typeList,
                @RequestParam(value = "id") String idList,
                @RequestParam(value = "nom") String nomList)

        {
Gwen
  • 139
  • 1
  • 11

1 Answers1

0

Your Server: Apache-Coyote/1.1 is just a HTTP connector. Behind that connector there is a web server, for example Apache Tomcat. You have to look up the manual of that server and check how you can allow a HTTP method. By Tomcat there is a server.xml file, in that there is something like this: 

// Sample Security Constraint
 <security-constraint>
 <web-resource-collection>
  <web-resource-name><strong>restricted methods</strong></web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>PUT</http-method>
  <http-method>POST</http-method>
  <http-method>DELETE</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>TRACE</http-method>
 </web-resource-collection>
 <auth-constraint />
 </security-constraint>

You should add PUT and DELETE to that list. If your REST clients are running in browsers and they are served under a different domain, then you have to enable the OPTIONS method either (for CORS preflight requests), and add CORS allow headers as well. By serving browsers you have to add some HTTP response headers as well and set them properly to prevent XSS attacks.

Another security concern that you should hide the version number of the coyote connector.

Btw. using session cookies like Cookie: JSESSIONID=41D1CCDF94D3150F0FCA3754E347A4AD is not RESTful.

I know very little about java request mapping, but by REST you use POST usually to add a new item resource to a collection resource, for example POST /rights in your case, and PUT usually to edit an entire item resource, for example PUT /rights/{id} where {id} should be a unique resource id (probably the same as one of your aggregate ids). In your code I can't see anything related to this URL structure by the PUT request. You may be interested in PATCH as well.

Community
  • 1
  • 1
inf3rno
  • 24,976
  • 11
  • 115
  • 197