赋值请求头的Host,赋值成功,但是Host无法被覆盖
对外提供http接口,采用nginx反代,使用域名访问
但是为了容灾,客户端需要指定ip访问该服务,如果该ip坏掉,客户端就切换到另个一ip(靠dns解析太慢)
nginx上只配置了域名的分发,没有配置ip分发
于是在http请求上做了点处理,url配置ip,同时配置http头部的Host参数为该域名,
HttpURLConnection 有setRequestProperty(key,value)方法来设置http头部
通过ip访问,设置Host头部来让nginx识别,然后分发到相应的处理程序
HttpHeaders newHeaders = new HttpHeaders();
//重新赋值Host,没作用
newHeaders.set("Host", "xxxxxxxx");
HttpEntity<String> paramBody = new HttpEntity<>("{"测试":"数据体"}", newHeaders);
//该请求的请求头里的Host,没有被重置为“xxxxxxxx”
ResponseEntity<Object> result = restClient.postForEntity(url, paramBody, Object.class);
问题点在HttpURLConnection的sun的源代码 中为了代码安全限制了请求头某些属性默认不允许覆盖。
private static final String[] restrictedHeaders = {
/* Restricted by XMLHttpRequest2 */
//"Accept-Charset",
//"Accept-Encoding",
"Access-Control-Request-Headers",
"Access-Control-Request-Method",
"Connection", /* close is allowed */
"Content-Length",
//"Cookie",
//"Cookie2",
"Content-Transfer-Encoding",
//"Date",
"Expect",
"Host",
"Keep-Alive",
"Origin",
// "Referer",
// "TE",
"Trailer",
"Transfer-Encoding",
"Upgrade",
//"User-Agent",
"Via"
};
allowRestrictedHeaders = ((Boolean)java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"sun.net.http.allowRestrictedHeaders"))).booleanValue();
如果想要覆盖需要设置
System.setProperty("sun.net.http.allowRestrictedHeaders", "true");