从tomcat的Filter类方法响应servlet客户端时如何设置http状态代码 [英] How to set http status code when responding to servlet client from Filter class-method in tomcat

问题描述

我正在用spring(此问题与spring ...无关)编写一个Web服务，该服务实现了(希望)可静态的api.据我了解，所有响应都应采用xml或json格式.在大多数情况下，这并不是什么大问题.但是在一种情况下，这似乎是不可能的.我正在使用tomcat中涉及到servlet的工具.由于某种原因，我不得不使用过滤器(而这是身份验证).由于我是servlet的新手，所以最终我的理解不太好，但是对我来说看起来像这样

I am writing a webservice with spring (this question is not about spring...) that implements a (hopefully) restful api. From my understanding all response should be in xml or json format. This is not really a big deal in most cases. But in one situation this seems not possible. I am using a facility from tomcat where a servlet is involved. I have to use a filter for some reason (and this reason is authentication). As I am new to servlets my understanding is eventually not so well, but to me it looks like this

我的过滤器类是从javax.servlet.filter派生的，我正在doFilter方法中编写代码:

My filter-class derives from javax.servlet.filter and I am writing my code within the doFilter method:

@Override
public void doFilter(ServletRequest request, ServletResponse response,
                          FilterChain chain) throws IOException, ServletException { // ... }

在某个时候，我意识到我必须用HTTP状态码401响应客户端，并且还想给他一个有关所发生情况的xml或json信息.现在对我来说，好像我可以

And at some point i realize i have to respond to the client with http status code 401 and also want to give him a xml or json information about what happened. Now to me it looks as if i can either

1)使用ServletResponse:这使我可以获得OutputStream并写出xml/json.但是，我根本无法设置http状态代码.到达客户端的最终响应确实包含一些http标头.

1) Use the ServletResponse: This allows me to get an OutputStream and write my xml/json out. However I cannot set the http status code at all. The final response arriving at the client does contain some http headers.

2)将ServletResponse强制转换为HttpServletResponse:这允许我设置状态代码，但是我似乎无法设置响应主体，但可以从tomcat处理响应主体.

2) Cast ServletResponse to HttpServletResponse: This allows me to set status code, but I don't seem to be able to set the response body, but let response body be handled from tomcat.

这两种方法似乎都不完整.如果我使用ServletResponse写入OutputStream，然后转换为HttpServletResponse，然后调用sendError(401)-希望我写到OutputStream的所有内容都到达客户端-我的响应不包含http状态行".但是，http标头的存在类似于服务器:Apache-Coyote/1.1"

Either way seems incomplete. If i use ServletResponse to write to the OutputStream and then cast to HttpServletResponse and then call sendError(401) - hoping that whatever I wrote to OutputStream reaches the client - my response does not contain an http "status line". However http headers are present like "Server: Apache-Coyote/1.1"

欢迎任何帮助...

推荐答案

我不久就实现了用于身份验证的过滤器.我已经编写了类似的代码:

I've implemented a filter for authentication shortly. I've coded something similar to this:

public void doFilter(ServletRequest req, ServletResponse resp,
                         FilterChain chain)
{
    HttpServletResponse response=(HttpServletResponse) resp;

    boolean authenticated=false;
    // perform authentication

    if (authenticated)
    {
         chain.doFilter(req, response);
    }
    else
    {
         // don't continue the chain
         response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
         response.setHeader("WWW-Authenticate", "BASIC realm=\"Your realm\"");

         response.setContentType("what you need");
         PrintWriter writer=response.getWriter();

         // don't set content length , don't close
    }
}

这篇关于从tomcat的Filter类方法响应servlet客户端时如何设置http状态代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！