2

I am working on a login system - and was using previously get methods. When I run the application the ajax request seems correct - but the server side parameters coming in are null?

old code...

-- server side

@SuppressWarnings("unchecked")
@RequestMapping(value = "/login", method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
public ResponseEntity<?> login(
        @RequestParam(value="email", required=false, defaultValue="email") String email,
        @RequestParam(value="password", required=false, defaultValue="password") String password, 
        HttpServletRequest request
        ) throws  Exception {

-- front side

export function fetchAuthentication(data) {
  let url = 'http://localhost:8080/login?email=ruperttest2@hotmail.com&password=1234'; 
  return function (dispatch) {     
    axios.get(url)
      .then(function (response) { 
        dispatch(authSuccess(response));
      })
      .catch(function (error) { 
        dispatch(authFail(error));
      });
  }
}

new code..

-- server side

@SuppressWarnings("unchecked")
@RequestMapping(value = "/login", method = RequestMethod.POST)
@CrossOrigin(origins = {"*"})
public ResponseEntity<?> login(
        @PathVariable(value="email", required=false) String email,
        @PathVariable(value="password", required=false) String password, 
        HttpServletRequest request
        ) throws  Exception {

                System.out.println("email email>>>"+email);

-- front side

export function fetchAuthentication(data) {

  let url = 'http://localhost:8080/login';

  return function (dispatch) {     
     axios.post(url, data) 
      .then(function (response) { 

      if(response.status === "success"){
        dispatch(authSuccess(response));
      }
      else{
        // fail - user not found for example
        dispatch(authFail(response));
      }

      })
      .catch(function (error) { 
        dispatch(authFail(error));
      });
  }
}
The Old County
  • 89
  • 13
  • 59
  • 129
  • ``PathVariable``s relate to your URI, not to the payload in the POST body. – Jan B. Sep 11 '17 at 10:54
  • So it should be "RequestParam" -- I had it like this - but was still not getting anything? – The Old County Sep 11 '17 at 10:55
  • the axios code seems correct - I can see in the header of the post -- the data -- "{"email":"ruperttest2@hotmail.com","password":"1234"}" -- but when I check the logs on the Java side -- with RequestParam its null? – The Old County Sep 11 '17 at 10:59
  • "@RequestBody" -- should I change to this.. let me check – The Old County Sep 11 '17 at 11:00
  • I'm getting errors - what is the problem here -- why can't I switch over to a post and get the params still? – The Old County Sep 11 '17 at 11:11
  • Are you actually sending any payload to the server (I can see that your ajax makes use of data)? Also, sending a password in the URL is a very bad thing even when it's encrypted. – dsp_user Sep 11 '17 at 11:32

1 Answers1

0

You can make the input parameters required=true just to make sure you are doing fine in client side.

ali4j
  • 522
  • 3
  • 15
  • -- I have that validation in place on client side -with redux-forms -- but its as if my requestParams -- server side are not processing POST request methods? – The Old County Sep 11 '17 at 11:15
  • Maybe those parameters are not sent to the server and IMHO both client side and server side validations are necessary. Also which path your controller is mapped to? I mean what is the value of`RequestMapping` annotation you have annotated your controller class with? – ali4j Sep 11 '17 at 11:18
  • The request mapping is going to /login -- I have switched over to get requests and appear to be getting those parameters now - but I am wondering if for security I got to switch over to post soon – The Old County Sep 11 '17 at 11:47
  • I guess you are sending email and password as payload to the server, though they are supposed to be a part of the url (since they are annotated as `PathVariable`) – ali4j Sep 11 '17 at 11:51
  • Well I tried both versions -- requestParam and pathvariable -- I've not seen any clear documentation on a basic Post form and method post java spring boot example. – The Old County Sep 11 '17 at 11:54
  • For security, the only thing that is secure enough is SSL. Using a POST is slightly more secure than a GET but only slightly. – dsp_user Sep 11 '17 at 11:58
  • check https://stackoverflow.com/questions/13715811/requestparam-vs-pathvariable for the difference, What happened when you switched to `@RequestParameter`? – ali4j Sep 11 '17 at 12:00
  • You need @RequestParam, for &PathVariable to work your URL should look something like /login/{loginID} – dsp_user Sep 11 '17 at 12:00