I have two models User, Task and TaskRepository, UserRepository associated with them. I am using Spring boot with spring-boot-starter-web and spring-boot-starter-data-rest packages.
@RepositoryRestResource(path="/task") public interface TaskRepository extends CrudRepository<Task, Integer> { } @RepositoryRestResource(path="/user") public interface UserRepository extends CrudRepository<User, Integer> { } When i want to save new task i have to pass a user. I noticed that he has to be passed as java.net.URI but this is really strange for me. Why can't it be just user id. It's possible to change this ?
1 Answers
Answers 1
So, your question is:
Why the parameters need to be passed as a Java.net.URI?
Mkyong has given the answer as below:
This is always advisable to encode URL or form parameters; plain form parameter is vulnerable to cross site attack, SQL injection and may direct our web application into some unpredicted output.
For example, when a user enters following special characters, and your web application doesn’t handle encoding, it will caused cross site script attack. Please remember always encode the URL string and form parameters to prevent all the vulnerability attacks.
Resource Link:
https://www.mkyong.com/java/how-to-encode-a-url-string-or-form-parameter-in-java/
0 comments:
Post a Comment