我正在尝试在@RestController中创建安全的post方法,该方法将接收XML消息,并且不受xml注入的影响,并且没有成功。
@RestController
@RequestMapping("message")
@CrossOrigin(origins = "http://localhost:4200")
public class XMLMessageExampleController {
@RequestMapping(value = "/example", method = RequestMethod.POST, consumes = MediaType.APPLICATION_XML_VALUE, produces = MediaType.APPLICATION_XML_VALUE)
public ResponseEntity<Customer> getXMLExample(String value) {
System.out.println("yes");
try {
JAXBContext jc = JAXBContext.newInstance(Customer.class);
XMLInputFactory xif = XMLInputFactory.newFactory();
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
// XMLStreamReader xsr = xif.createXMLStreamReader(new
// StreamSource(value));
XMLEventReader streamReader = xif.createXMLEventReader(new StringReader(value));
Unmarshaller unmarshaller = jc.createUnmarshaller();
Customer customer = (Customer) unmarshaller.unmarshal(streamReader);
Marshaller marshaller = jc.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
marshaller.marshal(customer, System.out);
return new ResponseEntity<>(customer, HttpStatus.OK);
} catch (JAXBException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (XMLStreamException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return new ResponseEntity<>(null, HttpStatus.OK);
}
}
我有客户课程
@XmlRootElement(name="customer")
public class Customer {
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
我正在尝试通过POSTMAN发送xml波纹管,如下所示: POST请求http://localhost:8080/message/example 在正文部分,我选择了raw和application / xml。内容是
<customer>
<name>Nikola</name>
</customer>
我得到这个回应: 无效的CORS请求