转:http://www.jb51.net/article/93662.htm
在开发应用程序的过程中,如果有多个应用,通常会通过一个portal 门户来集成,这个portal 是所有应用程序的入口,用户一旦在portal 登录之后,进入另外一个系统,就需要类似的单点登录(SSO). 进入各个子系统的时候,就不需要再次登录, 当然类似的功能,你可以通过专业的单点登录软件来实现,也可以自己写数据库token 等方式来实现。其实还有一个比较简单的方法,就是通过 portal 封装已经登录过的用户的消息,写到http header 之中,然后把请求forward 到各个子系统中去,而各子系统从 http header 中获取用户名,作为是否登录过的校验或者合法的校验。
总结了几种处理http Header 的方法:
利用 HttpServletRequest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
import
javax.servlet.http.HttpServletRequest;
//...
private
HttpServletRequest request;
//get request headers
private
Map<String, String> getHeadersInfo() {
Map<String, String> map =
new
HashMap<String, String>();
Enumeration headerNames = request.getHeaderNames();
while
(headerNames.hasMoreElements()) {
String key = (String) headerNames.nextElement();
String value = request.getHeader(key);
map.put(key, value);
}
return
map;
}
|
一个典型的例子如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
"headers"
: {
"Host"
:
"yihaomen.com"
,
"Accept-Encoding"
:
"gzip,deflate"
,
"X-Forwarded-For"
:
"66.249.x.x"
,
"X-Forwarded-Proto"
:
"http"
,
"User-Agent"
:
"Mozilla/5.0 (compatible; Googlebot/2.1; +
)"
,
"X-Request-Start"
:
"1389158003923"
,
"Accept"
:
"*/*"
,
"Connection"
:
"close"
,
"X-Forwarded-Port"
:
"80"
,
"From"
:
"googlebot(at)googlebot.com"
}
|
获取 user-agent
1
2
3
4
5
6
|
import javax.servlet.http.HttpServletRequest;
//...
private HttpServletRequest request;
private String getUserAgent() {
return
request.getHeader(
"user-agent"
);
}
|
一个典型的例子如下:
1
2
3
|
Mozilla/
5.0
(compatible; Googlebot/
2.1
; +
http:
//www.google.com/bot.html
)
|
利用 spring mvc 获取 HttpRequest Header 的例子
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
import
java.util.Enumeration;
import
java.util.HashMap;
import
java.util.Map;
import
javax.servlet.http.HttpServletRequest;
import
org.springframework.beans.factory.annotation.Autowired;
import
org.springframework.stereotype.Controller;
import
org.springframework.web.bind.annotation.PathVariable;
import
org.springframework.web.bind.annotation.RequestMapping;
import
org.springframework.web.bind.annotation.RequestMethod;
import
org.springframework.web.servlet.ModelAndView;
@Controller
@RequestMapping
(
"/site"
)
public
class
SiteController {
@Autowired
private
HttpServletRequest request;
@RequestMapping
(value =
"/{input:.+}"
, method = RequestMethod.GET)
public
ModelAndView getDomain(
@PathVariable
(
"input"
) String input) {
ModelAndView modelandView =
new
ModelAndView(
"result"
);
modelandView.addObject(
"user-agent"
, getUserAgent());
modelandView.addObject(
"headers"
, getHeadersInfo());
return
modelandView;
}
//get user agent
private
String getUserAgent() {
return
request.getHeader(
"user-agent"
);
}
//get request headers
private
Map<String, String> getHeadersInfo() {
Map<String, String> map =
new
HashMap<String, String>();
Enumeration headerNames = request.getHeaderNames();
while
(headerNames.hasMoreElements()) {
String key = (String) headerNames.nextElement();
String value = request.getHeader(key);
map.put(key, value);
}
return
map;
}
}
|
也许有人会说,Http Header 是可以模拟的,那么自己可以构造一个用来欺骗这些系统, 是的,的确是这样,所以在用Http Header 来传值得时候,一定要记得,所有的请求都必须经过 portal 来处理,然后 forward 到各子系统,就不会出现这个问题了。因为portal 首先拦截用户发起的所有的请求,如果是构造的用户,在portal 的sessiion 也是没有记录的,仍然会跳转到登录页面,如果在protal 的 session 中记录,而且 Http Header 中也有记录,那么在子系统就是合法的用户,然后自己可以根据一些要求处理业务逻辑了
JSP/Java获取HTTP header信息(request)例子
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<%
//header.jsp
out.println(
"Protocol: "
+ request.getProtocol() +
"<br>"
);
out.println(
"Scheme: "
+ request.getScheme() +
"<br>"
);
out.println(
"Server Name: "
+ request.getServerName() +
"<br>"
);
out.println(
"Server Port: "
+ request.getServerPort() +
"<br>"
);
out.println(
"Protocol: "
+ request.getProtocol() +
"<br>"
);
out.println(
"Server Info: "
+ getServletConfig().getServletContext().getServerInfo() +
"<br>"
);
out.println(
"Remote Addr: "
+ request.getRemoteAddr() +
"<br>"
);
out.println(
"Remote Host: "
+ request.getRemoteHost() +
"<br>"
);
out.println(
"Character Encoding: "
+ request.getCharacterEncoding() +
"<br>"
);
out.println(
"Content Length: "
+ request.getContentLength() +
"<br>"
);
out.println(
"Content Type: "
+ request.getContentType() +
"<br>"
);
out.println(
"Auth Type: "
+ request.getAuthType() +
"<br>"
);
out.println(
"HTTP Method: "
+ request.getMethod() +
"<br>"
);
out.println(
"Path Info: "
+ request.getPathInfo() +
"<br>"
);
out.println(
"Path Trans: "
+ request.getPathTranslated() +
"<br>"
);
out.println(
"Query String: "
+ request.getQueryString() +
"<br>"
);
out.println(
"Remote User: "
+ request.getRemoteUser() +
"<br>"
);
out.println(
"Session Id: "
+ request.getRequestedSessionId() +
"<br>"
);
out.println(
"Request URL: "
+ request.getRequestURL() +
"<br>"
);
out.println(
"Request URI: "
+ request.getRequestURI() +
"<br>"
);
out.println(
"Servlet Path: "
+ request.getServletPath() +
"<br>"
);
out.println(
"Created : "
+ session.getCreationTime() +
"<br>"
);
out.println(
"LastAccessed : "
+ session.getLastAccessedTime() +
"<br>"
);
out.println(
"Accept: "
+ request.getHeader(
"Accept"
) +
"<br>"
);
out.println(
"Host: "
+ request.getHeader(
"Host"
) +
"<br>"
);
out.println(
"Referer : "
+ request.getHeader(
"Referer"
) +
"<br>"
);
out.println(
"Accept-Language : "
+ request.getHeader(
"Accept-Language"
) +
"<br>"
);
out.println(
"Accept-Encoding : "
+ request.getHeader(
"Accept-Encoding"
) +
"<br>"
);
out.println(
"User-Agent : "
+ request.getHeader(
"User-Agent"
) +
"<br>"
);
out.println(
"Connection : "
+ request.getHeader(
"Connection"
) +
"<br>"
);
out.println(
"Cookie : "
+ request.getHeader(
"Cookie"
) +
"<br>"
);
%>
|
关于request.getHeader("Referer")的说明
request.getHeader("Referer")获取来访者地址。只有通过链接访问当前页的时候,才能获取上一页的地址;否则request.getHeader("Referer")的值为Null,通过window.open打开当前页或者直接输入地址,也为Null。
以上就是小编为大家带来的java 获取HttpRequest Header的几种方法(必看篇)的全部内容了,希望对大家有所帮助,多多支持脚本之家~