欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

java 获取HttpRequest Header的几种方法(必看篇)

程序员文章站 2024-03-12 17:47:44
在开发应用程序的过程中,如果有多个应用,通常会通过一个portal 门户来集成,这个portal  是所有应用程序的入口,用户一旦在portal 登录之后,进入另...

在开发应用程序的过程中,如果有多个应用,通常会通过一个portal 门户来集成,这个portal  是所有应用程序的入口,用户一旦在portal 登录之后,进入另外一个系统,就需要类似的单点登录(sso). 进入各个子系统的时候,就不需要再次登录, 当然类似的功能,你可以通过专业的单点登录软件来实现,也可以自己写数据库token 等方式来实现。其实还有一个比较简单的方法,就是通过 portal 封装已经登录过的用户的消息,写到http header 之中,然后把请求forward 到各个子系统中去,而各子系统从 http header 中获取用户名,作为是否登录过的校验或者合法的校验。

总结了几种处理http header 的方法:

利用 httpservletrequest

import javax.servlet.http.httpservletrequest;
 //...
 private httpservletrequest request;
 //get request headers
 private map<string, string> getheadersinfo() {
  map<string, string> map = new hashmap<string, string>();
  enumeration headernames = request.getheadernames();
  while (headernames.hasmoreelements()) {
    string key = (string) headernames.nextelement();
    string value = request.getheader(key);
    map.put(key, value);
  }
  return map;
 }

一个典型的例子如下:

"headers" : {
  "host" : "yihaomen.com",
  "accept-encoding" : "gzip,deflate",
  "x-forwarded-for" : "66.249.x.x",
  "x-forwarded-proto" : "http",
  "user-agent" : "mozilla/5.0 (compatible; googlebot/2.1; +
http://www.google.com/bot.html
)",
  "x-request-start" : "1389158003923",
  "accept" : "*/*",
  "connection" : "close",
  "x-forwarded-port" : "80",
  "from" : "googlebot(at)googlebot.com"
}

获取 user-agent

import javax.servlet.http.httpservletrequest;
 //...
 private httpservletrequest request;
 private string getuseragent() {
  return request.getheader("user-agent");
 }

一个典型的例子如下:

mozilla/5.0 (compatible; googlebot/2.1; +
http://www.google.com/bot.html
)

利用 spring mvc 获取  httprequest header 的例子

import java.util.enumeration;
import java.util.hashmap;
import java.util.map;
import javax.servlet.http.httpservletrequest;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.stereotype.controller;
import org.springframework.web.bind.annotation.pathvariable;
import org.springframework.web.bind.annotation.requestmapping;
import org.springframework.web.bind.annotation.requestmethod;
import org.springframework.web.servlet.modelandview;
@controller
@requestmapping("/site")
public class sitecontroller {
  @autowired
  private httpservletrequest request;
  @requestmapping(value = "/{input:.+}", method = requestmethod.get)
  public modelandview getdomain(@pathvariable("input") string input) {
    modelandview modelandview = new modelandview("result");
    modelandview.addobject("user-agent", getuseragent());
    modelandview.addobject("headers", getheadersinfo());
    return modelandview;
  }
  //get user agent
  private string getuseragent() {
    return request.getheader("user-agent");
  }
  //get request headers
  private map<string, string> getheadersinfo() {
    map<string, string> map = new hashmap<string, string>();
    enumeration headernames = request.getheadernames();
    while (headernames.hasmoreelements()) {
      string key = (string) headernames.nextelement();
      string value = request.getheader(key);
      map.put(key, value);
    }
    return map;
  }
}

也许有人会说,http header  是可以模拟的,那么自己可以构造一个用来欺骗这些系统, 是的,的确是这样,所以在用http header 来传值得时候,一定要记得,所有的请求都必须经过 portal 来处理,然后 forward 到各子系统,就不会出现这个问题了。因为portal 首先拦截用户发起的所有的请求,如果是构造的用户,在portal 的sessiion 也是没有记录的,仍然会跳转到登录页面,如果在protal 的 session 中记录,而且  http header 中也有记录,那么在子系统就是合法的用户,然后自己可以根据一些要求处理业务逻辑了

jsp/java获取http header信息(request)例子

<%
//header.jsp
out.println("protocol: " + request.getprotocol() + "<br>");
out.println("scheme: " + request.getscheme() + "<br>");
out.println("server name: " + request.getservername() + "<br>" );
out.println("server port: " + request.getserverport() + "<br>");
out.println("protocol: " + request.getprotocol() + "<br>");
out.println("server info: " + getservletconfig().getservletcontext().getserverinfo() + "<br>");
out.println("remote addr: " + request.getremoteaddr() + "<br>");
out.println("remote host: " + request.getremotehost() + "<br>");
out.println("character encoding: " + request.getcharacterencoding() + "<br>");
out.println("content length: " + request.getcontentlength() + "<br>");
out.println("content type: "+ request.getcontenttype() + "<br>");
out.println("auth type: " + request.getauthtype() + "<br>");
out.println("http method: " + request.getmethod() + "<br>");
out.println("path info: " + request.getpathinfo() + "<br>");
out.println("path trans: " + request.getpathtranslated() + "<br>");
out.println("query string: " + request.getquerystring() + "<br>");
out.println("remote user: " + request.getremoteuser() + "<br>");
out.println("session id: " + request.getrequestedsessionid() + "<br>");
out.println("request url: " + request.getrequesturl() + "<br>");
out.println("request uri: " + request.getrequesturi() + "<br>");
out.println("servlet path: " + request.getservletpath() + "<br>");
out.println("created : " + session.getcreationtime() + "<br>");
out.println("lastaccessed : " + session.getlastaccessedtime() + "<br>");

out.println("accept: " + request.getheader("accept") + "<br>");
out.println("host: " + request.getheader("host") + "<br>");
out.println("referer : " + request.getheader("referer") + "<br>");
out.println("accept-language : " + request.getheader("accept-language") + "<br>");
out.println("accept-encoding : " + request.getheader("accept-encoding") + "<br>");
out.println("user-agent : " + request.getheader("user-agent") + "<br>");
out.println("connection : " + request.getheader("connection") + "<br>");
out.println("cookie : " + request.getheader("cookie") + "<br>");
%>

关于request.getheader("referer")的说明

request.getheader("referer")获取来访者地址。只有通过链接访问当前页的时候,才能获取上一页的地址;否则request.getheader("referer")的值为null,通过window.open打开当前页或者直接输入地址,也为null。

以上就是小编为大家带来的java 获取httprequest header的几种方法(必看篇)的全部内容了,希望对大家有所帮助,多多支持~