2

I am working on some web servers and I have to sent some data to the web service and get back a status code.. I am thinking maybe this should be a POST and not a GET but I would like to hear from all the pros out on the internet.

Here is my client code using Spring RESTTemplate

vars.put("lastName", "JOHN");
vars.put("firstName", "SMITH");
vars.put("middleInitial", "");
vars.put("socialSecurityNumber", "111-11-1111");
vars.put("Type","A");
vars.put("FileNumber","");
vars.put("EISNumber","");


String jsonreturn = restTemplate.getForObject("http://" + mRESTServer.getHost() + ":8080/services/api/checkstatus", String.class, vars);

Now here is my service side code (Spring MVC RESTful service). I would think all the fields I entered in the client would be in the ModelMap object but its not

@RequestMapping(value = "/checkstatus", method = RequestMethod.get)
@ResponseBody
public ResponseEntity<String> getCheckEnrollStatus(ModelMap model) throws ResourceNotFoundException
{
        logger.debug("Looking for  Status: " + model.toString());
}

So I have two questions:

1) Should I change the GET to a POST due to senting alot of data to the server?

2) If I leave it as a get why is my ModelMap emply?

Please help me out

user2428795
  • 527
  • 5
  • 11
  • 24

3 Answers3

1

For your ModelMap to be populated you probably need to annotate it with @RequestBody.

As the comment has pointed out you can't have a request body with a GET as per the specification. So you would either need to make the parameters part of the URL and use get or convert to POST.

Though POST seems to not fit with the purpose of your call.

Jim
  • 3,173
  • 1
  • 16
  • 26
1

Normally I'd say this should be a GET, but I noticed you have socialSecurityNumber as one of your parameters. You definitely do NOT want that to be part of your URL. Check out RFC 2616 section 15.1.3

Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead

Do a POST.

Jeremiah Orr
  • 2,540
  • 1
  • 16
  • 22
0

get as it is not changing anything onserver just returning data here is the spec.

Use request parameters like this 

@RequestMapping(value = "/checkstatus", method = RequestMethod.get)
@ResponseBody
public ResponseEntity<String> getCheckEnrollStatus(@RequestParam final Long id)

or uri parameters, like

@RequestMapping(value = "/checkstatus/{id}", method = RequestMethod.get)
@ResponseBody
public ResponseEntity<String> getCheckEnrollStatus(@PathVariable final Long id) throws ResourceNotFoundException
{
NimChimpsky
  • 43,542
  • 55
  • 186
  • 295
  • but I have to pass all 7 fields – user2428795 Jun 19 '13 at 15:10
  • then you'll need 7 uri parameters, or 7 @requestparams. I thought social security numbers were unique ? – NimChimpsky Jun 19 '13 at 15:11
  • @user2428795 If you can use a unique value rather than all the parameters this would be more RESTful as Nim suggests. Either way the service you're describing should be over HTTPS from the start. – Jim Jun 19 '13 at 15:22