How to map dynamic query parameters in Spring Boot RestController

Question

Is it possible to map query parameters with dynamic names using Spring Boot? I would like to map parameters such as these:

/products?filter[name]=foo
/products?filter[length]=10
/products?filter[width]=5

I could do something like this, but it would involve having to know every possible filter, and I would like it to be dynamic:

@RestController
public class ProductsController {
    @GetMapping("/products")
    public String products(
            @RequestParam(name = "filter[name]") String name,
            @RequestParam(name = "filter[length]") String length,
            @RequestParam(name = "filter[width]") String width
    ) {
        //
    }
}

If possible, I'm looking for something that will allow the user to define any number of possible filter values, and for those to be mapped as a HashMap by Spring Boot.

@RestController
public class ProductsController {
    @GetMapping("/products")
    public String products(
            @RequestParam(name = "filter[*]") HashMap<String, String> filters
    ) {
        filters.get("name");
        filters.get("length");
        filters.get("width");
    }
}

An answer posted on this question suggests using @RequestParam Map<String, String> parameters, however this will capture all query parameters, not only those matching filter[*].

Answer 1

You can map multiple parameters without defining their names in @RequestParam using a map:

@GetMapping("/api/lala")
public String searchByQueryParams(@RequestParam Map<String,String> searchParams) {
    ...
}

Answer 2

Does matrix variables work for you? If I understand you correctly, can be like this:

// GET /products/filters;name=foo;length=100

@GetMapping("/products/filters") public void products( @MatrixVariable MultiValueMap matrixVars) {

// matrixVars: ["name" : "foo", "length" : 100]

}

Answer 3

This seems like a solvable problem. The solutions are not ideal far as I know, but there are ways.

A previous attempt seemed bent on finding a perfect solution where the entire composition of the filter was known in-transit.

Spring MVC populate

The entirety of the dynamic criteria that user defines can be transmitted with some basic scheme you define, as one key=value parameter from the client, then decomposed into its elements once it is received.

You could also send two parameters: "fields" and "values", where the lists of each are encoded in there respectively, with some cautious delimiter of your choosing (could be an encoded special character that the user cannot physically type, perhaps).

You still need, as with everything other approach where the client side is submitting criteria (like filter criteria), full protection from any malicious use of the parameters, just as the client trying to embed SQL criteria in them (SQL Injection).

But so long as the client code follows the agreed syntax, you can receive any number of dynamic parameters from them in one shot.

Client:

/products?filter=field1--value1||field2--value2||field3--value3... 

That is a simplified example showing delimiters that are too easy to "break", but the idea is some simple, even fully readable (no harm in doing so) scheme just for the purpose of packing your field names and values together for easy transit.

Server:

@RequestMapping(value = "/products", method = RequestMethod.GET)
    public String doTheStuff(@RequestParam(value = "filter") String encodedFilter) {

.. decompose the filter here, filter everything they've sent for disallowed characters etc.