在開發應用程序的過程中,如果有多個應用,通常會通過一個portal 門戶來集成,這個portal 是所有應用程序的入口,用戶一旦在portal 登錄之后,進入另外一個系統,就需要類似的單點登錄(SSO). 進入各個子系統的時候,就不需要再次登錄, 當然類似的功能,你可以通過專業的單點登錄軟件來實現,也可以自己寫數據庫token 等方式來實現。其實還有一個比較簡單的方法,就是通過 portal 封裝已經登錄過的用戶的消息,寫到http header 之中,然后把請求forward 到各個子系統中去,而各子系統從 http header 中獲取用戶名,作為是否登錄過的校驗或者合法的校驗。
總結了幾種處理http Header 的方法:
利用 HttpServletRequest
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
import javax.servlet.http.HttpServletRequest; //... private HttpServletRequest request; //get request headers private Map<String, String> getHeadersInfo() { Map<String, String> map = new HashMap<String, String>(); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String key = (String) headerNames.nextElement(); String value = request.getHeader(key); map.put(key, value); } return map; } |
一個典型的例子如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
"headers" : { "Host" : "yihaomen.com", "Accept-Encoding" : "gzip,deflate", "X-Forwarded-For" : "66.249.x.x", "X-Forwarded-Proto" : "http", "User-Agent" : "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "X-Request-Start" : "1389158003923", "Accept" : "*/*", "Connection" : "close", "X-Forwarded-Port" : "80", "From" : "googlebot(at)googlebot.com"} |
獲取 user-agent
|
1
2
3
4
5
6
|
import javax.servlet.http.HttpServletRequest; //... private HttpServletRequest request; private String getUserAgent() { return request.getHeader("user-agent"); } |
一個典型的例子如下:
|
1
2
3
|
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
利用 spring mvc 獲取 HttpRequest Header 的例子
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
import java.util.Enumeration;import java.util.HashMap;import java.util.Map;import javax.servlet.http.HttpServletRequest;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.PathVariable;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.servlet.ModelAndView;@Controller@RequestMapping("/site")public class SiteController { @Autowired private HttpServletRequest request; @RequestMapping(value = "/{input:.+}", method = RequestMethod.GET) public ModelAndView getDomain(@PathVariable("input") String input) { ModelAndView modelandView = new ModelAndView("result"); modelandView.addObject("user-agent", getUserAgent()); modelandView.addObject("headers", getHeadersInfo()); return modelandView; } //get user agent private String getUserAgent() { return request.getHeader("user-agent"); } //get request headers private Map<String, String> getHeadersInfo() { Map<String, String> map = new HashMap<String, String>(); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String key = (String) headerNames.nextElement(); String value = request.getHeader(key); map.put(key, value); } return map; }} |
也許有人會說,Http Header 是可以模擬的,那么自己可以構造一個用來欺騙這些系統, 是的,的確是這樣,所以在用Http Header 來傳值得時候,一定要記得,所有的請求都必須經過 portal 來處理,然后 forward 到各子系統,就不會出現這個問題了。因為portal 首先攔截用戶發起的所有的請求,如果是構造的用戶,在portal 的sessiion 也是沒有記錄的,仍然會跳轉到登錄頁面,如果在protal 的 session 中記錄,而且 Http Header 中也有記錄,那么在子系統就是合法的用戶,然后自己可以根據一些要求處理業務邏輯了
JSP/Java獲取HTTP header信息(request)例子
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<%//header.jspout.println("Protocol: " + request.getProtocol() + "<br>");out.println("Scheme: " + request.getScheme() + "<br>");out.println("Server Name: " + request.getServerName() + "<br>" );out.println("Server Port: " + request.getServerPort() + "<br>");out.println("Protocol: " + request.getProtocol() + "<br>");out.println("Server Info: " + getServletConfig().getServletContext().getServerInfo() + "<br>");out.println("Remote Addr: " + request.getRemoteAddr() + "<br>");out.println("Remote Host: " + request.getRemoteHost() + "<br>");out.println("Character Encoding: " + request.getCharacterEncoding() + "<br>");out.println("Content Length: " + request.getContentLength() + "<br>");out.println("Content Type: "+ request.getContentType() + "<br>");out.println("Auth Type: " + request.getAuthType() + "<br>");out.println("HTTP Method: " + request.getMethod() + "<br>");out.println("Path Info: " + request.getPathInfo() + "<br>");out.println("Path Trans: " + request.getPathTranslated() + "<br>");out.println("Query String: " + request.getQueryString() + "<br>");out.println("Remote User: " + request.getRemoteUser() + "<br>");out.println("Session Id: " + request.getRequestedSessionId() + "<br>");out.println("Request URL: " + request.getRequestURL() + "<br>");out.println("Request URI: " + request.getRequestURI() + "<br>");out.println("Servlet Path: " + request.getServletPath() + "<br>");out.println("Created : " + session.getCreationTime() + "<br>");out.println("LastAccessed : " + session.getLastAccessedTime() + "<br>");out.println("Accept: " + request.getHeader("Accept") + "<br>");out.println("Host: " + request.getHeader("Host") + "<br>");out.println("Referer : " + request.getHeader("Referer") + "<br>");out.println("Accept-Language : " + request.getHeader("Accept-Language") + "<br>");out.println("Accept-Encoding : " + request.getHeader("Accept-Encoding") + "<br>");out.println("User-Agent : " + request.getHeader("User-Agent") + "<br>");out.println("Connection : " + request.getHeader("Connection") + "<br>");out.println("Cookie : " + request.getHeader("Cookie") + "<br>");%> |
關于request.getHeader("Referer")的說明
request.getHeader("Referer")獲取來訪者地址。只有通過鏈接訪問當前頁的時候,才能獲取上一頁的地址;否則request.getHeader("Referer")的值為Null,通過window.open打開當前頁或者直接輸入地址,也為Null。
以上就是小編為大家帶來的java 獲取HttpRequest Header的幾種方法(必看篇)的全部內容了,希望對大家有所幫助,多多支持服務器之家~
