java 获取HttpRequest Header的几种方法(必看篇)

java 获取HttpRequest Header的几种方法(必看篇)

在开发应用程序的过程中，如果有多个应用，通常会通过一个portal 门户来集成，这个portal  是所有应用程序的入口，用户一旦在portal 登录之后，进入另外一个系统，就需要类似的单点登录(SSO). 进入各个子系统的时候，就不需要再次登录, 当然类似的功能，你可以通过专业的单点登录软件来实现，也可以自己写数据库token 等方式来实现。其实还有一个比较简单的方法，就是通过 portal 封装已经登录过的用户的消息，写到http header 之中，然后把请求forward 到各个子系统中去，而各子系统从 http header 中获取用户名，作为是否登录过的校验或者合法的校验。

总结了几种处理http Header 的方法：

利用 HttpServletRequest

import javax.servlet.http.HttpServletRequest;

//...

private HttpServletRequest request;

//get request headers

private Map getHeadersInfo() {

Map map = new HashMap();

Enumeration headerNames = request.getHeaderNames();

while (headerNames.hasMoreElements()) {

String key = (String) headerNames.nextElement();

String value = request.getHeader(key);

map.put(key, value);

}

return map;

}

一个典型的例子如下：

"headers" : {

"Host" : "yihaomen.com",

"Accept-Encoding" : "gzip,deflate",

"X-Forwarded-For" : "66.249.x.x",

"X-Forwarded-Proto" : "http",

"User-Agent" : "Mozilla/5.0 (compatible; Googlebot/2.1; +

http://google.com/bot.html

)",

"X-Request-Start" : "1389158003923",

"Accept" : "*/*",

"Connection" : "close",

"X-Forwarded-Port" : "80",

"From" : "googlebot(at)googlebot.com"

}

获取 user-agent

import javax.servlet.http.HttpServletRequest;

//...

private HttpServletRequest request;

private String getUserAgent() {

return request.getHeader("user-agent");

}

一个典型的例子如下：

Mozilla/5.0 (compatible; Googlebot/2http://.1; +

http://google.com/bot.html

)

利用 spring mvc 获取  HttpRequest Header 的例子

import java.util.Enumeration;

import java.util.HashMap;

import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.PathVariable;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.servlet.ModelAndView;

@Controller

@RequestMapping("/site")

public class SiteController {

@Autowired

private HttpServletRequest request;

@RequestMapping(value = "/{input:.+}", method = RequestMethod.GET)

public ModelAndView getDomain(@PathVariable("input") String input) {

ModelAndView modelandView = new ModelAndView("result");

modelandView.addObject("user-agent", getUserAgent());

modelandView.addObject("headers", getHeadersInfo());

return modelandView;

}

//get user agent

private String getUserAgent() {

return request.getHeader("user-agent");

}

//get request headers

private Map getHeadersInfo() {

Map map = new HashMap();

Enumeration headerNames = request.getHeaderNames();

while (headerNames.hasMoreElements()) {

String key = (String) headerNames.nextElement();

String value = request.getHeader(key);

map.put(key, value);

}

return map;

}

}

也许有人会说，Http Header  是可以模拟的，那么自己可以构造一个用来欺骗这些系统， 是的，的确是这样，所以在用Http Header 来传值得时候，一定要记得，所有的请求都必须经过 portal 来处理，然后 forward 到各子系统，就不会出现这个问题了。因为portal 首先拦截用户发起的所有的请求，如果是构造的用户，在portal 的sessiion 也是没有记录的，仍然会跳转到登录页面，如果在protal 的 session 中记录，而且  Http Header 中也有记录，那么在子系统就是合法的用户，然后自己可以根据一些要求处理业务逻辑了

jsP/Java获取HTTP header信息(request)例子

<%

//header.jsp

out.println("Protocol: " + request.getProtocol() + "
");

out.println("Scheme: " + request.getScheme() + "
");

out.println("Server Name: " + request.getServerName() + "
" );

out.println("Server Port: " + request.getServerPort() + "
");

out.println("Protocol: " + request.getProtocol() + "
");

out.println("Server Info: " + getServletConfig().getServletContext().getServerInfo() + "
");

out.println("Remote Addr: " + request.getRemoteAddr() + "
");

out.println("Remote Host: " + request.getRemoteHost() + "
");

out.println("Character Encoding: " + request.getCharacterEncoding() + "
");

out.println("Content Length: " + request.getContentLength() + "
");

out.println("Content Type: "+ request.getContentType() + "
");

out.println("Auth Type: " + request.getAhttp://uthType() + "
");

out.println("HTTP Method: " + request.getMethod() + "
");

out.println("Path Info: " + request.getPathInfo() + "
");

out.println("Path Trans: " + request.getPathTranslated() + "
");

out.println("Query String: " + request.getQueryString() + "
");

out.println("Remote User: " + request.getRemoteUser() + "
");

out.println("Session Id: " + request.getRequestedSessionId() + "
");

out.println("Request URL: " + request.getRequestURL() + "
");

out.println("Request URI: " + request.getRequestURI() + "
");

out.println("Servlet Path: " + request.getServletPath() + "
");

out.println("Created : " + session.getCreationTime() + "
");

out.println("LastAccessed : " + session.getLastAccessedTime() + "
");

out.println("Accept: " + request.getHeader("Accept") + "

out.println("Host: " + request.getHeader("Host") + "
");

out.println("Referer : " + request.getHeader("Referer") + "
");

out.println("Accept-Language : " + request.getHeader("Accept-Language") + "
");

out.println("Accept-Encoding : " + request.getHeader("Accept-Encoding") + "
");

out.println("User-Agent : " + request.getHeader("User-Agent") + "
");

out.println("Connection : " + request.getHeader("Connection") + "
");

out.println("Cookie : " + request.getHeader("Cookie") + "
");

%>

关于request.getHeader("Referer")的说明

request.getHeader("Referer")获取来访者地址。只有通过链接访问当前页的时候，才能获取上一页的地址；否则request.getHeader("Referer")的值为Null，通过window.open打开当前页或者直接输入地址，也为Null。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。