I'm working on generating few reports for my application. We used spring boot to write the REST API. I wanted to generate and download the report (I don't want to hard code the download location instead I want to download the report to the user's downloads folder) to the user's machine, also to send a success JSON response to the client.
The report is generation is successful, however.. when I try to download the report and send the successful JSON response to the client, I'm having issue.
When I do this, the report is generated and the JSON response shows successful code.
However, when I do this, the report is not downloaded instead, its trying to print on the postman console and its all garbage.
You cannot force a file to be downloaded onto a client's computer from a web server. That would be a horrible security issue, with rogue servers infecting clients all over the place.
A ReST client, on the other hand, would be able to request and download data that the ReST client could then store as a file.
Note the key differences here. One approach would have the server in control, the other has the client in control. The client is expected to know what it wants.
Because a web server is not a file server, what you actually get back from a ReST request is not actually a file. It's an HTTP response data stream, including headers, cookies and the like as well as the data body that will be stored as a file. Among the recommended headers are the Content-Type, which should have a value of application/vnd.ms-excel, the Content-Disposition, which should be something like attachment; filename="filename.jpg", and (optional, but recommended) Content-Length which is the length in bytes of the payload.
The filename part of content-disposition is the recommended name that the file should be saved under. Ideally, it should by only a name, since you cannot assume the directory structure of the client's machine. But in any event, it's only a recommendation. When using a browser as a web client with an attachment content-disposition, the browser will present a File Save dialog and (usually) the recommended filename will be pre-loaded into that dialog. To repeat, the server cannot force the file to be saved. Instead, by presenting this dialog. the user is given the choice on whether and where to save the incoming data into a file created by the client machine.
An automated ReST client running stand-alone doesn't need this dialog - or any GUI interaction - since (hopefully) the ReST client is an application installed with the approval of the user. Who knows what it's doing*. So the automated client can process the headers any way it likes and create/update/delete locally-accessible files to its heart's content, subject to local filesystem permissions.
* Roughly speaking. Actual users, of course, haven't the slighest clue and figure it's all the work of magical elves. But someone who allegedly knows better directed it as part of the larger plan.
"privilege" comes from the Latin words for "private" and "law" (legal) and dates to feudal times. To "claim privilege" meant that you were above the laws that applied to the common people.
santosh batta wrote:When I do this, the report is generated and the JSON response shows successful code.
The report is generated, but on the server, not on the client's machine. It just happens to work for you because the server is on your own machine. Try calling the endpoint from a different machine, and you'll notice the file will not be saved there.