How to convert SlingHttpServletRequest to POJO - aem

I am writing a Sling servlet extending SlingAllMethodsServlet where this servlet will receive payload as json, currently I am parsing SlingHttpServletRequest to get json from request body. Instead of doing all these things, I would like to receive the payload as model class, similar to Spring framework. Is there any way to achieve this?
I tried using Sling models, though the documentation says the SlingHttpServletRequest can be adapted I couldn't get model class from request.
For sure I am missing something but not able to figure it out even after researching for few days. Any help is highly appreciated.
#Model(adaptables=Resource.class)
public class Test{
#Inject
private String param;
}
protected void doPost(final SlingHttpServletRequest request, final SlingHttpServletResponse response)
throws ServletException, IOException {
Test test = resource.adaptTo(Test.class) // getting null

Related

How can I get the IP address of the caller in a Jersey 2.25.1 application?

I've tried the approach here without luck: As the comments in the answer there mentions the HttpServletRequest is just null.
This is my filter:
public void myFilter(ContainerRequestContext request) throws IOException
{
// I don't see a way to get the IP address from the ContainerRequestContext
}
If I try to use #Context HttpServletRequest httpServletRequest, as the answer in the other question suggests, I just get a NullPointerException.
Another similar question: How to get source address / ip from inside ContainerResponseFilter
The nullpointerexception only occured in our tests. peeskillet helped me realize that injecting HttpServletRequest won't work as long as we're using jersey-test-framework-provider-jetty for our tests (see for example https://github.com/jersey/jersey/issues/2764 or https://github.com/jersey/jersey/issues/3092). If we had used something like GrizzlyWebTestContainerFactory, then injecting the HttpServletRequest would work since we then would have a ServletDeploymentContext.
We went for this solution in our tests, i.e. just mocking the HttpServletRequest where needed.

Jersey Jaxb Issues

We are having a problem with generic Payload while using Jersey. Here is our Domain object.
#XmlRootElement
#XmlAccessorType(XmlAccessType.FIELD)
public class Event<T> {
private T eventPayload;
private String eventType;
}
Here we have top level domain object defined. But the internal domain object is generic.
Now on the resource endpoint we have something like this as we know that the sub-domain object we were expecting is.
#POST
#Path("log")
#Consumes(MediaType.APPLICATION_XML)
public Response writeLog(Event<LogPayload> event)
But this doesn’t work.
The event instance is created but the subdomain is not populated correctly.
It just tries to populate the sub-domain object with any random domain object which has the same root element as in the XML (there may be more than one).
Our Solution:
This is our solution, but I am sure this is not the best.
We have to modify our parent domain object have a String variable which stores XML-representation of the generic payload in a String format. For this we have had to write our own Jaxb marshaller.
Modifications to the Event
#XmlRootElement
#XmlAccessorType(XmlAccessType.FIELD)
public class Event<T> {
#XmlTransient
private T eventPayload;
private String eventType;
private String payLoadXML;
// Changes to the constructor:
public Event(T eventPayload ……) {
super();
this.eventPayload = eventPayload;
payLoadXML = JAXBUtils.marshall(eventPayload,false); }}
On the resource side once we get the parent Event object, we have to again use our own jaxb marshaller to get the required domain object from the payloadXML as follows.
#POST
#Path("log")
#Consumes(MediaType.APPLICATION_XML)
public Response writeLog(Event<LogPayload> event)
LogPayload log1 = (LogPayload) JAXBUtils.unMarshall(
event.getPayLoadXML(),LogPayload.class);
So ineffect we are using our jaxbmarshaller to marshall and unmarshall the generic subdomain object before and after making the rest call….
Please lets us know if there is a better way to do this ?
Thanks,
ND
I've seen the same question before and I don't think this will work as you originally planned. Web services (json/xml, rest/soap) usually create a service description (like wsdl) and a generic type technically cannot be part of this description. What you could do is to publish multiple services where Event is not generic anymore.

How to do XSS escaping on input coming into Restlet web service

I have a GWT web application using Restlet.
It has #Post annotated service methods that take a bean and perform some logic on it.
I want to XML-escape the data in these beans.
For example, say I have the following:
public class MyService extends ServerResource {
#Post
public DataBean performLogic(DataBean bean) {
...
}
}
public class DataBean {
String data;
}
Is there a way I could XML-escape DataBean.data after it's serialized but before it is sent to MyService.performLogic()?
You can override the doInit() method, this may allow you do do what you need; but will occur before any calls to your #Post #Get method in your ServerResource.
Alternatively if you need it more widely you may want to look at adding a Filter into your Command Chain and overriding the beforeHandle() method there.

Serialization Exception while making an RPC call

I have created a very basic application. I have only one service class and a corresponding Async class which contains only Java types and no custom classes. But still I get the serialization exception.
My service class looks like this.
public interface MyService extends RemoteService {
public String getName();
public Object getAdditionalDetials(ArrayList<String> ids);
public Date getJoiningDate();
}
My async interface looks like this
public interface MyServiceAsync {
public void getName(AsyncCallback<String> callback);
public void getAdditionalDetials(ArrayList<String> ids, AsyncCallback<Object> callback);
public void getJoiningDate(AsyncCallback<Date> callback);
}
I know I am making some stupid mistake.
I am Naive in gwt rpc and serialization mechanism, but will try to answer your question.
Whenever you write classes involving an RPC, GWT creates a Serialization Policy File. The serialization policy file contains a whitelist of allowed types which may be serialized.
In your Service methods, all the types you mention and refer will be automatically added to this list if they implements IsSerializable. In your case you have used the following two methods,
public String getName();
public Date getJoiningDate();
Here you have used String and Date as your return types and hence it is added to your Serialization Policy File. But in the below method their lies a problem,
public Object getAdditionalDetials(Arraylist<String> ids);
Here you have used ArrayList and String that is not a problem and they will be added to your whitelist, but the problem is you have mentioned return type as Object. Here GWT Compiler does not know what type to be added to whitelist or Serialization Policy and hence it wont pass your RPC call. The solution is use mention a class which implements IsSerializable instead of mentioning the return type of type Object.
FWIW, I was having this problem but my 'Object' type was hidden behind generified classes.
So if one of your rpc methods involves a class:
class Xxx<T> implements IsSerializable {...
It needs to change to:
class Xxx<T extends IsSerializable> implements IsSerializable {...

EJB: what's the point of class-level annotations?

I'm reading this book, Pro JPA2: Mastering the Java Persistance API, and I'm not getting the usefulness of the class-level annotation like in this example:
#EJB(name="cart", beanInterface=ShoppingCart.class)
public class ShoppingCartServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession(true);
ShoppingCart cart = (ShoppingCart) session.getAttribute("cart");
//......
}
}
What's the point of putting that #EJB if the value of the cart variable won't be auto-injected in there and you have to init the var. yourself? Won't the code work just as well w/o that annotation? What does the annotation actually do?
I get the usefulness of the other type of annotations, like when you put it on the method or a variable, it'll auto-inject stuff. Just here, at the class level, it looks useless.
class level #EJB (or #Resource) defines that your ShoppingCartServlet depends on some EJB, in your case "cart". You need that, if you want to access to EJBs from non-managed context, like POJOs. In this case, you have to make a JNDI look-up in order to get a reference to the EJB which you can define either with ejb-ref (ejb-local-ref) descriptor, or class level #EJB annotation.
That looks like a class level annotation rather than method level, and I have no idea why one would want to annotate a servlet as EJB, but the #EJB annotation when used properly will provide that class with many different things for free, such as transactions etc...