Spring boot rest api not failed in case of invalid Endpoint

Question

I am writing a RESTful web services using spring boot. I am using jwt bearer token for authentication an authorisation.

Below is my RestController

@RestController("api/v1/users")
public class UserController {

    @Autowired
    UserService userService;

    @PostMapping
    public User saveUser(@RequestBody User user) {
        return userService.saveUser(user);
    }

    @GetMapping
    public List<User> getUsers(@RequestParam(required = false) String pageNumber, String pageSize, String role, String status) {
        return userService.findAll(pageNumber, pageSize, role, status);
    }

}

When I hit the api with request-url

http://localhost:8080/api/v1/users?pageNumber=0&pageSize=6&role=admin

Its work perfectly

but if I change the url endpoint to some invalid endpoint like

http://localhost:8080/api/v1/hhh?pageNumber=0&pageSize=6&role=admin

It still returning same results as per 1st correct endpoint.

Below are some logs statements from springframework debug logging

Checking match of request : '/api/v1/hhh'; against '/api/test/secureTest'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against 'api/authenticate'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/users/me'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/student'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/faculty'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/admin'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v1/hhh'; against '/api/v1/users'

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Public object - authentication not attempted

2019-12-28 19:16:47.601 DEBUG 5591 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/v1/hhh?pageNumber=0&pageSize=6&role=admin reached end of additional filter chain; proceeding with original chain

2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : GET "/api/v1/hhh?pageNumber=0&pageSize=6&role=admin", parameters={masked}, headers={masked} in DispatcherServlet 'dispatcherServlet'

2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'api/v1/users'

2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public java.util.List com.asset.app.user.UserController.getUsers(java.lang.String,java.lang.String,java.lang.String,java.lang.String)

2019-12-28 19:16:47.602 TRACE 5591 --- [nio-8080-exec-5] .w.s.m.m.a.ServletInvocableHandlerMethod : Arguments: [0, 6, admin, null]

I feel Spring cache the endpoint url and used if in case of no match found

Any Idea how to stop this?

Browsers cache the previous response if the current one fails, try opening the invalid url in another browser. — MaartenDev, Dec 28 '19 at 14:13
I tried it from Rest client(Postman) And its not client cache as at the server side there is no error — Prasad Parab, Dec 28 '19 at 14:16
yes Same behaviour with different client. Actually call is came to controller method as I run this in debug mode. — Prasad Parab, Dec 28 '19 at 14:21
https://stackoverflow.com/questions/45210005/spring-restcontroller-annotation-does-not-catch-request — Madhav Kumar Jha, Dec 28 '19 at 14:41
You can't specify mapping in RestController, you need to use RequestMapping or other alternatives, either at class level or at method level — Madhav Kumar Jha, Dec 28 '19 at 14:42

score 2 · Accepted Answer · answered Dec 28 '19 at 20:17

if you read the api documentation for @RestController

You see that the annotation constructor takes in a value that is described as:

The value may indicate a suggestion for a logical component name, to be turned into a Spring bean in case of an autodetected component.

So it is used to set a name for the Bean that vill be created.

It is not used to set a url-mapping like you have done.

@RestController("api/v1/users")

You need to annotate your class with @RequestMapping and also add mappings to the @PostMapping and @GetMapping.

@RestController
@RequestMapping("/api/v1") // Add request mapping
public class FooBar {

    @PostMapping("/users") // Add mapping here
    public User bar() {
        ...
    }

    @GetMapping("/users") // Add mapping here
    public List<User> foo() {
        ...
    }
}

Spring boot rest api not failed in case of invalid Endpoint

1 Answers1