Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/339.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring:在REST调用响应中插入cookie_Java_Spring_Rest_Spring Mvc_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring:在REST调用响应中插入cookie

Java Spring:在REST调用响应中插入cookie

java spring rest spring-mvc spring-security

Java Spring:在REST调用响应中插入cookie,java,spring,rest,spring-mvc,spring-security,Java,Spring,Rest,Spring Mvc,Spring Security,我正在使用SpringMVC实现RESTAPI端点。我正在尝试发回带有cookie值的HTTP响应。 这相当于我在ruby SINATRA中需要做的事情: response.set_cookie('heroku-nav-data', :value => params['nav-data'], :path => '/') 这是我迄今为止尝试过的,但没有成功: @RequestMapping(value = "/login", method = RequestMethod.POST

我正在使用SpringMVC实现RESTAPI端点。我正在尝试发回带有cookie值的HTTP响应。 这相当于我在ruby SINATRA中需要做的事情:

  response.set_cookie('heroku-nav-data', :value => params['nav-data'], :path => '/')
这是我迄今为止尝试过的,但没有成功:

@RequestMapping(value = "/login", method = RequestMethod.POST)
    public ResponseEntity<String> single_sign_on(@RequestBody String body_sso) {

        String[] tokens = body_sso.split("&");
        String nav_data=tokens[3].substring(9);
        String id = tokens[2].substring(3);
        String time_param = tokens[0].substring(10);
        long timestamp= Long.valueOf(time_param).longValue(); 

        String pre_token = id+':'+HEROKU_SSO_SALT+':'+time_param;
        String token = DigestUtils.shaHex(pre_token);
         long lDateTime = new Date().getTime()/1000;
        if (!((token.equals(tokens[4].substring(6))) && ((lDateTime-timestamp)<300)))
        {   
            return new ResponseEntity<String>(HttpStatus.FORBIDDEN);
        }

        HttpHeaders headers = new HttpHeaders();
        headers.add("heroku-nav-data",nav_data);// this didn't work
        return new ResponseEntity<String>(id,headers,HttpStatus.OK);    

}

@RequestMapping(value=“/login”,method=RequestMethod.POST)
公共响应单一登录(@RequestBody-String-body-sso){
String[]tokens=body_sso.split(&);
字符串nav_data=tokens[3]。子字符串(9);
字符串id=令牌[2]。子字符串(3);
字符串时间参数=令牌[0]。子字符串(10);
long timestamp=long.valueOf(time_param).longValue();
字符串pre_token=id+':'+HEROKU_SSO_SALT+':'+time_param;
字符串标记=DigestUtils.shaHex(pre_标记);
long lDateTime=new Date().getTime()/1000;

如果(!((token.equals)(tokens[4].substring(6))&((lDateTime timestamp)我最终找到了解决方案:


HttpHeaders headers = new HttpHeaders();
headers.add("Set-Cookie","key="+"value");
ResponseEntity.status(HttpStatus.OK).headers(headers).build();



虽然可以使用原始
set cookie
头设置cookie,但使用Servlet API会更容易:
HttpServletResponse
参数添加到控制器方法中,Spring将传递相关实例;然后使用
addCookie
方法:


@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<String> singleSignOn(@RequestBody String bodySso, HttpServletResponse response) {

    response.addCookie(new Cookie("heroku-nav-data", navData));
    return new ResponseEntity<String>(id,headers,HttpStatus.OK);    

}



您可以将Spring API用于Cookie:org.springframework.http.HttpCookie:


HttpCookie cookie = ResponseCookie.from("heroku-nav-data", nav_data)
        .path("/")
        .build();
return ResponseEntity.ok()
        .header(HttpHeaders.SET_COOKIE, cookie.toString())
        .body(id);



这是一个如何向响应对象添加cookie并使用@CookieParam从响应对象读取cookie的示例


package com.ft.resources;
import javax.ws.rs.CookieParam;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
@Path("/cookie")
public class CookieResource {

@GET
@Path("/write")
public Response write() {
    //create cookie
    NewCookie c1=new NewCookie("uname","gaurav");
    NewCookie c2=new NewCookie("password","gaurav@123");
    //adding cookie to response object
    return Response.ok().cookie(c1,c2).build();
}

@GET
@Path("/read")
public Response read(@CookieParam("uname") String uname,@CookieParam("password") 
String password) {
    System.out.println(uname);
    System.out.println(password);

    String msg="Username:"+uname;
    msg=msg.concat("</br>");
    msg=msg.concat("Password:"+password);
    return Response.ok(msg).build();

}
}



package com.ft.resources;
导入javax.ws.rs.CookieParam;
导入javax.ws.rs.GET;
导入javax.ws.rs.Path;
导入javax.ws.rs.core.NewCookie;
导入javax.ws.rs.core.Response;
@路径(“/cookie”)
公共类烹饪资源{
@得到
@路径(“/write”)
公众回应书(){
//创建cookie
NewCookie c1=新的NewCookie(“uname”、“gaurav”);
NewCookie c2=新的NewCookie(“密码”)gaurav@123");
//向响应对象添加cookie
返回Response.ok().cookie(c1,c2.build();
}
@得到
@路径(“/read”)
公共响应读取(@CookieParam(“uname”)字符串uname,@CookieParam(“密码”)
字符串(密码){
系统输出打印LN(uname);
System.out.println(密码);
字符串msg=“用户名:”+uname;
msg=msg.concat(“
”);
msg=msg.concat(“密码:”+密码);
返回Response.ok(msg.build();
}
}

或者,您可以使用


HttpHeaders headers = new HttpHeaders();
headers.add(HttpHeaders.COOKIE, cookie-name + "=" + cookie value);
ResponseEntity.status(HttpStatus.OK).headers(headers).build();



请允许我就与cookie和基本身份验证相关的类似问题向您寻求帮助。遗憾的是,这不包括确保cookie仅在特定域和/或安全上下文中使用的其他值。因此,由客户端选择这些值。您可以在该域中配置任何cookie选项环:例如:headers.add(“Set Cookie”,“key=“+”value“+”;Max Age=3600;Secure;HttpOnly”);

HttpHeaders headers = new HttpHeaders();
headers.add(HttpHeaders.COOKIE, cookie-name + "=" + cookie value);
ResponseEntity.status(HttpStatus.OK).headers(headers).build();