A beginner Question about the JAX-RS parameters

[srinivas thallapalli <sr...@gmail.com>]

Hello,

I am bit confused about @QueryParam and @ParhParam, as when to use which
one? what are various scenarios to use each of these?

And when we use these two type of params with POST method, don't you think
there is security problem as we are showing the param values in the (
browser ) URL.

Thanks



--
View this message in context: http://cxf.547215.n5.nabble.com/A-beginner-Question-about-the-JAX-RS-parameters-tp5724606.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: A beginner Question about the JAX-RS parameters

[Andrei Shakirin <as...@talend.com>]

Hi,

URL parameters (inclusive QueryParam and PathParam) normally should not contain sensitive data.
Common practice is to use Basic authentication + SSL for that. Sensitive data will be send in HTTP body (you need HTTP POST for that) or HTTP headers.
You can also look into OAuth standard for more sophisticated use cases.

Regards,
Andrei.

> -----Original Message-----
> From: srinivas thallapalli [mailto:sree.tallapalli@gmail.com]
> Sent: Montag, 18. März 2013 15:41
> To: users@cxf.apache.org
> Subject: RE: A beginner Question about the JAX-RS parameters
> 
> Thanks Andrei.
> 
> But still I need an answer for my question about security. How we can take
> care of passing sensitive data to restful service, how the security is ensured.
> Could you please briefly explain what are best practices for ensuring the
> security.
> 
> Regards,
> Srinivas
> 
> 
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/A-beginner-
> Question-about-the-JAX-RS-parameters-tp5724606p5724701.html
> Sent from the cxf-user mailing list archive at Nabble.com.

RE: A beginner Question about the JAX-RS parameters

[srinivas thallapalli <sr...@gmail.com>]

Thanks Andrei.

But still I need an answer for my question about security. How we can take
care of passing sensitive data to restful service, how the security is
ensured. Could you please briefly explain what are best practices for
ensuring the security.

Regards,
Srinivas





--
View this message in context: http://cxf.547215.n5.nabble.com/A-beginner-Question-about-the-JAX-RS-parameters-tp5724606p5724701.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: A beginner Question about the JAX-RS parameters

[Andrei Shakirin <as...@talend.com>]

Hi,

To say shortly,  
- path parameters are segment part of URL: /customer/546
- query parameters belong to URL query string: /books?topic=software

The main criteria how to choose query or path parameters is following: if want to return 404 error in case if parameter doesn't correspond existing resource - it candidate for path parameter.
If it is OK to return empty if parameter is not found - use query one.

Additionally, take into account that query parameters are normally not cached.

Some additional links regarding the topic:
http://stackoverflow.com/questions/4024271/rest-api-best-practices-where-to-put-parameters
http://stackoverflow.com/questions/3198492/rest-standard-path-parameters-or-request-parameters

Cheers,
Andrei.

> -----Original Message-----
> From: srinivas thallapalli [mailto:sree.tallapalli@gmail.com]
> Sent: Freitag, 15. März 2013 08:08
> To: users@cxf.apache.org
> Subject: A beginner Question about the JAX-RS parameters
> 
> Hello,
> 
> I am bit confused about @QueryParam and @ParhParam, as when to use
> which one? what are various scenarios to use each of these?
> 
> And when we use these two type of params with POST method, don't you
> think there is security problem as we are showing the param values in the (
> browser ) URL.
> 
> Thanks
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/A-beginner-
> Question-about-the-JAX-RS-parameters-tp5724606.html
> Sent from the cxf-user mailing list archive at Nabble.com.