Java Spring:在REST调用响应中插入cookie
我正在使用SpringMVC实现RESTAPI端点。我正在尝试发回带有cookie值的HTTP响应。 这相当于我在ruby SINATRA中需要做的事情:Java Spring:在REST调用响应中插入cookie,java,spring,rest,spring-mvc,spring-security,Java,Spring,Rest,Spring Mvc,Spring Security,我正在使用SpringMVC实现RESTAPI端点。我正在尝试发回带有cookie值的HTTP响应。 这相当于我在ruby SINATRA中需要做的事情: response.set_cookie('heroku-nav-data', :value => params['nav-data'], :path => '/') 这是我迄今为止尝试过的,但没有成功: @RequestMapping(value = "/login", method = RequestMethod.POST
response.set_cookie('heroku-nav-data', :value => params['nav-data'], :path => '/')
这是我迄今为止尝试过的,但没有成功:
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<String> single_sign_on(@RequestBody String body_sso) {
String[] tokens = body_sso.split("&");
String nav_data=tokens[3].substring(9);
String id = tokens[2].substring(3);
String time_param = tokens[0].substring(10);
long timestamp= Long.valueOf(time_param).longValue();
String pre_token = id+':'+HEROKU_SSO_SALT+':'+time_param;
String token = DigestUtils.shaHex(pre_token);
long lDateTime = new Date().getTime()/1000;
if (!((token.equals(tokens[4].substring(6))) && ((lDateTime-timestamp)<300)))
{
return new ResponseEntity<String>(HttpStatus.FORBIDDEN);
}
HttpHeaders headers = new HttpHeaders();
headers.add("heroku-nav-data",nav_data);// this didn't work
return new ResponseEntity<String>(id,headers,HttpStatus.OK);
}
@RequestMapping(value=“/login”,method=RequestMethod.POST)
公共响应单一登录(@RequestBody-String-body-sso){
String[]tokens=body_sso.split(&);
字符串nav_data=tokens[3]。子字符串(9);
字符串id=令牌[2]。子字符串(3);
字符串时间参数=令牌[0]。子字符串(10);
long timestamp=long.valueOf(time_param).longValue();
字符串pre_token=id+':'+HEROKU_SSO_SALT+':'+time_param;
字符串标记=DigestUtils.shaHex(pre_标记);
long lDateTime=new Date().getTime()/1000;
如果(!((token.equals)(tokens[4].substring(6))&((lDateTime timestamp)我最终找到了解决方案:
HttpHeaders headers = new HttpHeaders();
headers.add("Set-Cookie","key="+"value");
ResponseEntity.status(HttpStatus.OK).headers(headers).build();
虽然可以使用原始set cookie
头设置cookie,但使用Servlet API会更容易:
将HttpServletResponse
参数添加到控制器方法中,Spring将传递相关实例;然后使用addCookie
方法:
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<String> singleSignOn(@RequestBody String bodySso, HttpServletResponse response) {
response.addCookie(new Cookie("heroku-nav-data", navData));
return new ResponseEntity<String>(id,headers,HttpStatus.OK);
}
您可以将Spring API用于Cookie:org.springframework.http.HttpCookie:
HttpCookie cookie = ResponseCookie.from("heroku-nav-data", nav_data)
.path("/")
.build();
return ResponseEntity.ok()
.header(HttpHeaders.SET_COOKIE, cookie.toString())
.body(id);
这是一个如何向响应对象添加cookie并使用@CookieParam从响应对象读取cookie的示例
package com.ft.resources;
import javax.ws.rs.CookieParam;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
@Path("/cookie")
public class CookieResource {
@GET
@Path("/write")
public Response write() {
//create cookie
NewCookie c1=new NewCookie("uname","gaurav");
NewCookie c2=new NewCookie("password","gaurav@123");
//adding cookie to response object
return Response.ok().cookie(c1,c2).build();
}
@GET
@Path("/read")
public Response read(@CookieParam("uname") String uname,@CookieParam("password")
String password) {
System.out.println(uname);
System.out.println(password);
String msg="Username:"+uname;
msg=msg.concat("</br>");
msg=msg.concat("Password:"+password);
return Response.ok(msg).build();
}
}
package com.ft.resources;
导入javax.ws.rs.CookieParam;
导入javax.ws.rs.GET;
导入javax.ws.rs.Path;
导入javax.ws.rs.core.NewCookie;
导入javax.ws.rs.core.Response;
@路径(“/cookie”)
公共类烹饪资源{
@得到
@路径(“/write”)
公众回应书(){
//创建cookie
NewCookie c1=新的NewCookie(“uname”、“gaurav”);
NewCookie c2=新的NewCookie(“密码”)gaurav@123");
//向响应对象添加cookie
返回Response.ok().cookie(c1,c2.build();
}
@得到
@路径(“/read”)
公共响应读取(@CookieParam(“uname”)字符串uname,@CookieParam(“密码”)
字符串(密码){
系统输出打印LN(uname);
System.out.println(密码);
字符串msg=“用户名:”+uname;
msg=msg.concat(“”);
msg=msg.concat(“密码:”+密码);
返回Response.ok(msg.build();
}
}
或者,您可以使用
HttpHeaders headers = new HttpHeaders();
headers.add(HttpHeaders.COOKIE, cookie-name + "=" + cookie value);
ResponseEntity.status(HttpStatus.OK).headers(headers).build();
请允许我就与cookie和基本身份验证相关的类似问题向您寻求帮助。遗憾的是,这不包括确保cookie仅在特定域和/或安全上下文中使用的其他值。因此,由客户端选择这些值。您可以在该域中配置任何cookie选项环:例如:headers.add(“Set Cookie”,“key=“+”value“+”;Max Age=3600;Secure;HttpOnly”);
HttpHeaders headers = new HttpHeaders();
headers.add(HttpHeaders.COOKIE, cookie-name + "=" + cookie value);
ResponseEntity.status(HttpStatus.OK).headers(headers).build();