首页

春季:在 REST 调用响应中插入 Cookie

rest java spring spring-mvc spring-security
2022-09-03 08:24:37

我正在使用 spring mvc 实现 REST API 端点。我正在尝试发回带有 cookie 值的 HTTP 响应。这相当于我在红宝石SINATRA中需要做的事情:

  response.set_cookie('heroku-nav-data', :value => params['nav-data'], :path => '/')

这是我到目前为止尝试过的,但没有奏效:

@RequestMapping(value = "/login", method = RequestMethod.POST)
    public ResponseEntity<String> single_sign_on(@RequestBody String body_sso) {

        String[] tokens = body_sso.split("&");
        String nav_data=tokens[3].substring(9);
        String id = tokens[2].substring(3);
        String time_param = tokens[0].substring(10);
        long timestamp= Long.valueOf(time_param).longValue(); 

        String pre_token = id+':'+HEROKU_SSO_SALT+':'+time_param;
        String token = DigestUtils.shaHex(pre_token);
         long lDateTime = new Date().getTime()/1000;
        if (!((token.equals(tokens[4].substring(6))) && ((lDateTime-timestamp)<300)))
        {   
            return new ResponseEntity<String>(HttpStatus.FORBIDDEN);
        }

        HttpHeaders headers = new HttpHeaders();
        headers.add("heroku-nav-data",nav_data);// this didn't work
        return new ResponseEntity<String>(id,headers,HttpStatus.OK);    

}

我该怎么办?谢谢。


答案 1

虽然可以使用原始标头设置cookie,但使用Servlet API会更容易:Set-Cookie

将参数添加到您的控制器方法中,Spring将传递相关实例;然后使用方法:HttpServletResponseaddCookie

@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<String> singleSignOn(@RequestBody String bodySso, HttpServletResponse response) {

    response.addCookie(new Cookie("heroku-nav-data", navData));
    return new ResponseEntity<String>(id,headers,HttpStatus.OK);    

}

如果需要,您还可以向 Cookie 对象添加更多参数:

final Cookie cookie = new Cookie(this.cookieName, principal.getSignedJWT());
cookie.setDomain(this.cookieDomain);
cookie.setSecure(this.sendSecureCookie);
cookie.setHttpOnly(true);
cookie.setMaxAge(maxAge);
response.addCookie(cookie);

答案 2

您可以使用Spring API for Cookie:org.springframework.http.HttpCookie:

HttpCookie cookie = ResponseCookie.from("heroku-nav-data", nav_data)
        .path("/")
        .build();
return ResponseEntity.ok()
        .header(HttpHeaders.SET_COOKIE, cookie.toString())
        .body(id);

推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »