使用Apache的重定向覆盖头HttpComponents [英] Headers overwritten on redirect using Apache HttpComponents
问题描述
我使用Apache HttpComponents(核心 - 4.1.3,4.1.1的HttpClient),以使REST客户端,我写的HTTP请求。该网站的服务需要OAuth的,我已经使用路标来实现。最近,Web服务已经推出301重定向到端点也需要OAuth的。所以,我实现它建立一个新的请求,并与路标招牌吧,就像我通常会做一个自定义RedirectStrategy。然而,前两行(在<一href=\"http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/DefaultRequestDirector.html\"相对=nofollow> DefaultRequestDirector )后我回到我的新请求中设置的所有头那些在初始请求已发送,有效地擦着我的新授权头,并导致所有请求重定向到失败。
有谁知道解决的办法?我认为总是在我的自定义<一个返回false href=\"http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/RedirectStrategy.html\"相对=nofollow> RedirectStrategy ,并在<一本移交href=\"http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/ResponseHandler.html\"相对=nofollow> ResponseHandler所的,我已经把它贴到了我的要求,但有重建请求并提交回通过适当的客户端非同小可的方法。
这些都是在它调用我的自定义RedirectStrategy的DefaultRequestDirector线1021年至1023年,然后抹我的头(我会尝试链接到源,不久):
HttpUriRequest重定向= redirectStrategy.getRedirect(请求,响应上下文);
HTT prequest原稿= request.getOriginal();
redirect.setHeaders(orig.getAllHeaders());
我在这里猜了一点,但如果code,你指的是行<一个href=\"https://svn.apache.org/repos/asf/httpcomponents/httpclient/tags/4.1.1/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java\"相对=nofollow DefaultRequestDirector ,再远一点下来线452存在于 requestExec通话。$ P的> 349 $ pProcess(包装,httpProcessor,上下文)。
会在这里注册一个处理器,签署请求时,它可能呢?
如果没有,<一href=\"https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.1.3/httpcore/src/main/java/org/apache/http/protocol/BasicHttpProcessor.java\"相对=nofollow> BasicHttpProcessor (这可能是这里使用的处理器)允许您注册拦截器,让您参加pre-请求处理。
这可能是对请求签名的另一种选择。
可替换地,有一个<一href=\"https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.1.3/httpcore/src/main/java/org/apache/http/protocol/HttpContext.java\"相对=nofollow> 的HttpContext 对象。此对象的Javadoc表明,它可以用于保存上下文数据的请求,你的数据将符合这一描述。所以停放和regather当你以后需要它。
I'm using Apache HttpComponents (core - 4.1.3, httpclient 4.1.1) to make http requests in a REST client I've written. The web service requires OAuth, which I've implemented using signpost. Recently, the webservice has introduced 301 redirects to endpoints that also require oauth. So, I've implemented a custom RedirectStrategy which builds a new request and signs it with signpost, just like I would do normally. However, the first two lines (in DefaultRequestDirector) immediately after I return my new request are setting all the headers to those that were sent in the initial request, effectively wiping my new Authorization header and causing all redirect requests to fail.
Does anyone know a way around this? I've considered always returning false in my custom RedirectStrategy and handing this in the ResponseHandler that I've attached to my request, but there's no trivial way of reconstructing the request and submitting it back through the proper client.
These are lines 1021-1023 in the DefaultRequestDirector where it calls to my custom RedirectStrategy and then wipes my headers (I'll try to link to source, shortly):
HttpUriRequest redirect = redirectStrategy.getRedirect(request, response, context);
HttpRequest orig = request.getOriginal();
redirect.setHeaders(orig.getAllHeaders());
I'm guessing a bit here, but if the code that you are referring to is line 349 of DefaultRequestDirector, then a bit further down on line 452 there is a call to requestExec.preProcess(wrapper, httpProcessor, context).
Would it be possible to register a processor here that signs the request?
If not, the BasicHttpProcessor (which is probably the processor used here) allows you to register interceptors that allow you to participate in the pre-processing of the request.
This might be another option to sign the request.
Alternatively, there is a HttpContext object. The Javadoc for this object suggests that it can be used to hold contextual data for the request, and your data would fit this description. So park it there and regather when you need it later.
这篇关于使用Apache的重定向覆盖头HttpComponents的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
