PUT 和 POST 在未知属性上失败 弹簧不同行为
2022-09-02 13:14:17
我正在使用Spring Data Rest存储库编写Spring Boot应用程序,如果请求正文包含具有未知属性的JSON,我想拒绝访问资源。简化实体和存储库的定义:
@Entity
public class Person{
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private long id;
private String firstName;
private String lastName;
/* getters and setters */
}
@RepositoryRestResource(collectionResourceRel = "people", path = "people")
public interface PersonRepository extends CrudRepository<Person, Long> {}
我使用 Jackson 的反序列化功能来禁止 JSON 中的未知属性。
@Bean
public Jackson2ObjectMapperBuilder objectMapperBuilder(){
Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder();
builder.failOnUnknownProperties(true);
return builder;
}
当我发送POST请求时,一切都按预期工作。当我使用有效字段时,我得到正确的响应:
curl -i -x POST -H "Content-Type:application/json" -d '{"firstName": "Frodo", "lastName": "Baggins"}' http://localhost:8080/people
{
"firstName": "Frodo",
"lastName": "Baggins",
"_links": {...}
}
当我发送带有未知字段的JSON时,应用程序会抛出预期的错误:
curl -i -x POST -H "Content-Type:application/json" -d '{"unknown": "POST value", "firstName": "Frodo", "lastName": "Baggins"}' http://localhost:8080/people
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "unknown" (class Person), not marked as ignorable (2 known properties: "lastName", "firstName")
使用有效 JSON 时的 PUT 方法也会返回正确的响应。但是,当我发送具有未知字段的PUT请求时,我希望Spring会抛出错误,但相反,Spring会更新数据库中的对象并返回它:
curl -i -x PUT -H "Content-Type:application/json" -d '{"unknown": "PUT value", "firstName": "Bilbo", "lastName": "Baggins"}' http://localhost:8080/people/1
{
"firstName": "Bilbo",
"lastName": "Baggins",
"_links": {...}
}
仅当数据库中没有具有给定 ID 的对象时,才会引发该错误:
curl -i -x PUT -H "Content-Type:application/json" -d '{"unknown": "PUT value", "firstName": "Gandalf", "lastName": "Baggins"}' http://localhost:8080/people/100
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "unknown" (class Person), not marked as ignorable (2 known properties: "lastName", "firstName")
是预期的行为还是Spring Data Rest中的错误?无论请求方法是什么,当具有未知属性的JSON传递给应用程序时,如何引发错误?
我通过修改 http://spring.io/guides/gs/accessing-data-rest/ 重现了此行为,我所做的唯一更改是,此项目中没有其他控制器或存储库。Jackson2ObjectMapperBuilder
