Accessing the raw body of a PUT or POST request

grailsservlets

I am implementing a RESTful API in Grails, and use a custom authentication scheme that involves signing the body of the request (in a manner similar to Amazon's S3 authentication scheme). Therefore, to authenticate the request, I need to access the raw POST or PUT body content to calculate and verify the digital signature.

I am doing authentication in a beforeInterceptor in the controller. So I want something like request.body to be accessible in the interceptor, and still be able to use request.JSON in the actual action. I am afraid if I read the body in the interceptor using getInputStream or getReader (methods provided by ServletRequest), the body will appear empty in the action when I try to access it via request.JSON.

I am migrating from Django to Grails, and I had the exact same issue in Django a year ago, but it was quickly patched. Django provides a request.raw_post_data attribute you can use for this purpose.

Lastly, to be nice and RESTful, I'd like this to work for POST and PUT requests.

Any advice or pointers would be greatly appreciated. If it doesn't exist, I'd prefer pointers on how to implement an elegant solution over ideas for quick and dirty hacks. =) In Django, I edited some middleware request handlers to add some properties to the request. I am very new to Groovy and Grails, so I have no idea where that code lives, but I wouldn't mind doing the same if necessary.

Best Solution

It is possible by overriding the HttpServletRequest in a Servlet Filter.

You need to implement a HttpServletRequestWrapper that stores the request body: src/java/grails/util/http/MultiReadHttpServletRequest.java

package grails.util.http;

import org.apache.commons.io.IOUtils;

import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.ServletInputStream;
import java.io.*;
import java.util.concurrent.atomic.AtomicBoolean;

public class MultiReadHttpServletRequest extends HttpServletRequestWrapper {

    private byte[] body;

    public MultiReadHttpServletRequest(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        // Read the request body and save it as a byte array
        InputStream is = super.getInputStream();
        body = IOUtils.toByteArray(is);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        return new ServletInputStreamImpl(new ByteArrayInputStream(body));
    }

    @Override
    public BufferedReader getReader() throws IOException {
        String enc = getCharacterEncoding();
        if(enc == null) enc = "UTF-8";
        return new BufferedReader(new InputStreamReader(getInputStream(), enc));
    }

    private class ServletInputStreamImpl extends ServletInputStream {

        private InputStream is;

        public ServletInputStreamImpl(InputStream is) {
            this.is = is;
        }

        public int read() throws IOException {
            return is.read();
        }

        public boolean markSupported() {
            return false;
        }

        public synchronized void mark(int i) {
            throw new RuntimeException(new IOException("mark/reset not supported"));
        }

        public synchronized void reset() throws IOException {
            throw new IOException("mark/reset not supported");
        }
    }

}

A Servlet Filter that overrides the current servletRequest: src/java/grails/util/http/MultiReadServletFilter.java

package grails.util.http;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Set;
import java.util.TreeSet;

public class MultiReadServletFilter implements Filter {

    private static final Set<String> MULTI_READ_HTTP_METHODS = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER) {{
        // Enable Multi-Read for PUT and POST requests
            add("PUT");
            add("POST");
    }};

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if(servletRequest instanceof HttpServletRequest) {
            HttpServletRequest request = (HttpServletRequest) servletRequest;
            // Check wether the current request needs to be able to support the body to be read multiple times
            if(MULTI_READ_HTTP_METHODS.contains(request.getMethod())) {
                // Override current HttpServletRequest with custom implementation
                filterChain.doFilter(new MultiReadHttpServletRequest(request), servletResponse);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}

Then you need to run grails install-templates and edit the web.xml in src/templates/war and add this after the charEncodingFilter definition:

<filter>
    <filter-name>multireadFilter</filter-name>
    <filter-class>grails.util.http.MultiReadServletFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>multireadFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

You should then be able to call request.inputStream as often as you need.

I haven't tested this concrete code/procedure but I've done similar things in the past, so it should work ;-)

Note: be aware that huge requests can kill your application (OutOfMemory...)

Related Solutions

Java – Request params and PUT method

I had the exact same issue today and was able to fix it. I did an ajax request with JQuery to a Grails RESTful WebService (method: "PUT"), but the parameter map was empty.

Just want to share my solution here.

I had to JSON.stringify my data and set the contentType to "application/json" and then use request.JSON (as suggested before) in my Grails controller.

example (JQuery Ajax Request):

$.ajax({
        url: "/entries/" + id,
        contentType: "application/json",
        type: "PUT",
        dataType: "json",
        data: JSON.stringify({'name' : name, 'date': date}),
        success: function(msg) {
            console.log('updated...')
            $.mobile.changePage($('#list'));
        }

afterwards I could use:

request.JSON

in my Controller in order to get the data sent by the ajax request (params was still empty). If I did not use JSON.stringify and set the content type, I had the following Grails error:

Error 2012-04-03 13:50:20,046 [http-bio-8080-exec-3] ERROR errors.GrailsExceptionResolver  - IllegalStateException occurred when processing request: [PUT] /entries/2
getReader() has already been called for this request. Stacktrace follows:
Message: getReader() has already been called for this request

I'm using Grails 2.0.1 and JQuery 1.7.1

Json – Problems with a POST/PUT Json RESTful request Grails

Here is how it should be done in controllers:-

def index() {
    //JSON Object is not bound to params it is bound to request in POST/PUT
    def jsonObj = request.JSON

    //You can also use JSON.parse() to get a JSON object if the request payload has JSON as string
    //def jsonObj = JSON.parse(request)

    //You will not be able to save the inner JSONArrays if you
    // directly bind the jsonObj to the domain. in order to save
    //convert them to the proper domain objects otherwise you would get validation     errors for parametros
    def catalogParams = [] as Set
    jsonObj.parametros.each{
        catalogParams << new CatalogParams(it)
    }

    //Set the domain back to the jsonObj
    jsonObj.parametros = catalogParams

    //Bind to catalog
    def catalog = new Catalog(jsonObj) 
    //Synonymous to new Catalog(params) but here you cannot use params.

    //Save
    if (!catalog.save(flush: true)){
        catalog.errors.each {
            println it
        }
    }

    render catalog
}

//Domain Classes:-
class CatalogParams {
    String tipoParametro
    String json
    static constraints = {
        tipoParametro(nullable:true)
        json(nullable:true)
    }
}

class Catalog {
    String nombre
    String descripcion
    String url
    Set<CatalogParams> parametros = []
    static hasMany = [parametros: CatalogParams]
    int numeroParametros = parametros.size()
}

REST Client:

How are you testing the REST WS? You should have a REST client to test the service? Or you can use REST console extension in Chrome to test your service. You can also use a grails plugin rest-client-builder to test your service. In basic terms, if you do not want any client implementation then atleast a script to test your service. HttpBuilder will be useful in this case:. Something like this is required to test your service

import groovyx.net.http.HTTPBuilder
def http = new HTTPBuilder('http://yourdomain.com/catalog/')
http.request(POST, JSON) {
  requestContentType = ContentType.APPLICATION_JSON // coreesponding to application/json
  body = ["descripcion": "bla", "nombre" : "lalala", "numeroParametros":3, "parametros":[{ "tipoParametro":"string", "json":"bla"}],"url":"google.com"]

  response.success = { resp ->
    assert resp.statusLine.statusCode == 200
  }
}

Best Solution

Related Solutions

Java – Request params and PUT method

Json – Problems with a POST/PUT Json RESTful request Grails

Related Question