Jersey过滤器不提供标题值 [英] Jersey filter does not give header values

问题描述

我们将jersey 2用于Java中的REST Web服务. 我们创建了javax.ws.rs.container.ContainerRequestFilter和javax.ws.rs.container.ContainerResponseFilter

We are using jersey 2 for our REST web services in Java. We have created the javax.ws.rs.container.ContainerRequestFilter and javax.ws.rs.container.ContainerResponseFilter

我们在发送诸如appKey，secret，token等请求时具有标头. 如果我们遇到邮递员的请求，它将为所有标头提供其值，如下所示:

We have headers while sending a request like appKey, secret, token etc. If we hit a request from Postman, it gives all the header with their values as follows:

{
  host=[localhost:8080], 
  connection=[keep-alive], 
  authorization=[bearer <token>], 
  cache-control=[no-cache],  
  x-request-id=[<request-id>], 
  x-api-secret=[<secret>], 
  user-agent=[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36], 
  x-api-key=[api-key], 
  postman-token=[<postman-token>], 
  accept=[*/*], 
  accept-encoding=[gzip, deflate, br], 
  accept-language=[en-US,en;q=0.9]
}

，如果我们从Web客户端收到请求，它将在access-control-request-headers下提供如下值(仅键，而不是其值):

and if we hit a request from our web client, it gives values under access-control-request-headers as follows (only keys, not their values):

{
  host=[localhost:8080], 
  connection=[keep-alive], 
  access-control-request-method=[GET], 
  origin=[http://resttesttest.com], 
  user-agent=[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36], 
  access-control-request-headers=[authorization,x-api-key,x-api-secret,x-request-id], 
  accept=[*/*],
  accept-encoding=[gzip, deflate, br],
  accept-language=[en-US,en;q=0.9]
}

为什么不提供标头参数值?

why it does not give header parameters values?

如何获得那些东西?

请对此进行指导. 预先感谢！

Please guide me on this. Thanks in advance!

推荐答案

首先，这些是您显示的 request 标头，而不是 response 标头，看起来像您在说他们是.

Firstly, these are request headers you are showing, not response headers, which it seems like you are saying they are.

您在这里显示的是 CORS preflight的标题 请求，而不是实际请求.飞行前请求是浏览器在实际请求之前执行的请求，并与服务器确认是否允许该请求.如果预检被批准，那么将提出真正的要求.在预检中，浏览器正在询问服务器是否将允许这些列出的标头.这是在请求标头access-control-request-headers中.同样，它使用access-control-request-method询问服务器是否将允许GET方法调用.

What you are showing here are the headers from the CORS preflight request, not the actual request. The preflight request is a request that the browser performs before the actual request, verifying with the server that the request is allowed. If the preflight is approved, then the real request will be made. In the preflight, the browser is asking the server if it will allow those listed headers. This is in the request header access-control-request-headers. Similarly it uses the access-control-request-method to ask the server if it will allow GET method calls.

在对CORS预检请求的响应中，服务器应使用标头来响应那些确认请求是可接受的标头.响应中应包含以下标头

In the response to the CORS preflight request, the server should respond with headers to those confirm that the request is acceptable. The response should include the following headers

• Access-Control-Allow-Origin-这是对Origin预检请求标头的响应.该值应包括Origin或*的值以允许所有起源.这告诉浏览器允许原点.

• Access-Control-Allow-Origin - this is in response to the Origin preflight request header. The value should include the value of the Origin or * to allow all origins. This tells the browser that the origin is allowed.

Access-Control-Allow-Headers-这是对access-control-request-headers预检请求标头的响应.该值应为逗号分隔的列表，至少包含浏览器请求的所有标头.如果其中任何一个丢失，则预检请求将失败.

Access-Control-Allow-Headers - this is in response to the access-control-request-headers preflight request header. The value should be a comma separated list of at least all the headers that the browser requested. If any of them are missing, the the preflight request will fail.

Access-Control-Allow-Methods-这是对access-control-request-method预检请求标头的响应.该值应至少为请求的方法，或者通常为允许的方法列表.

Access-Control-Allow-Methods - this is in response to the access-control-request-method preflight request header. The value should be at least the method requested, or usually a list of methods allowed.

如果您查看这篇文章，您会发现使用ContainerResponseFilter来处理此内容的返回通过添加所有必需的标头以通过预检验证来进行预检请求.

If you look at this post, you will see that a ContainerResponseFilter is used to handle the return of this preflight request by adding all the required headers to pass the preflight verification.

@Provider
public class CORSFilter implements ContainerResponseFilter {

    @Override
    public void filter(ContainerRequestContext request,
                       ContainerResponseContext response) throws IOException {

        response.getHeaders().add("Access-Control-Allow-Origin", "*");
        response.getHeaders().add("Access-Control-Allow-Headers",
                "origin, content-type, accept, authorization");
        response.getHeaders().add("Access-Control-Allow-Credentials", "true");
        response.getHeaders().add("Access-Control-Allow-Methods",
                "GET, POST, PUT, DELETE, OPTIONS, HEAD");
    }
}

在您的情况下，您想将标头x-api-key,x-api-secret,x-request-id添加到Access-Control-Allow-Headers中的列表中.这些值告诉浏览器可以发送这些标头.

In your case, you would want to add the headers x-api-key,x-api-secret,x-request-id to the list in the Access-Control-Allow-Headers. These values tell the browser that it is OK to send these headers.

预检请求成功后，浏览器将发送实际请求.如果预检失败，通常浏览器会提示您哪些验证失败.

After the preflight request is a success, then the browser will send the actual request. If the preflight failed, then usually the browser will give you a hint as to which verifications failed.

这篇关于Jersey过滤器不提供标题值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！