下面列出了javax.servlet.http.HttpServletResponse#setHeader() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static void addSecurityHeaders(final HttpServletResponse resp) {
if (resp.containsHeader("X-Content-Type-Options")) {
resp.setHeader("X-Content-Type-Options", "nosniff");
}
else {
resp.addHeader("X-Content-Type-Options", "nosniff");
}
if (resp.containsHeader("X-XSS-Protection")) {
resp.setHeader("X-XSS-Protection", "1;mode=block");
}
else {
resp.addHeader("X-XSS-Protection", "1;mode=block");
}
if (resp.containsHeader("content-security-policy")) {
resp.setIntHeader("content-security-policy", 1);
}else {
resp.addIntHeader("content-security-policy", 1);
}
resp.addHeader("content-security-policy","default-src=none");
resp.addHeader("content-security-policy","script-src=self");
resp.addHeader("content-security-policy","connect-src=self");
resp.addHeader("content-security-policy","img-src=self");
resp.addHeader("content-security-policy","style-src=self");
}
private Object writeSvg(String suggestedFilenameStem,
byte[] dataBytes,
Response response) throws IOException {
HttpServletResponse httpResponse = response.raw();
httpResponse.setHeader("Content-Type", "image/svg+xml");
httpResponse.setHeader("Content-Disposition", "attachment; filename=" + suggestedFilenameStem + ".svg");
httpResponse.setHeader("Content-Transfer-Encoding", "7bit");
httpResponse.setContentLength(dataBytes.length);
httpResponse.getOutputStream().write(dataBytes);
httpResponse.getOutputStream().flush();
httpResponse.getOutputStream().close();
return httpResponse;
}
public ActionForward prepareExecutePrintCandidacies(ActionMapping mapping, ActionForm actionForm, HttpServletRequest request,
HttpServletResponse response) throws IOException {
response.setContentType("application/vnd.ms-excel");
response.setHeader("Content-disposition", "attachment; filename=" + getReportFilename());
final ServletOutputStream writer = response.getOutputStream();
final Over23CandidacyProcess process = getProcess(request);
final Spreadsheet spreadsheet = buildReport(process.getOver23IndividualCandidaciesThatCanBeSendToJury());
spreadsheet.exportToXLSSheet(writer);
writer.flush();
response.flushBuffer();
return null;
}
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
String fileName = httpServletRequest.getParameter("fileName");
if(fileName!=null){
if(!fileName.endsWith(".xls")){
fileName += ".xls" ;
}
}else{
fileName = "default.xls";
}
log.info("{}",fileName);
httpServletResponse.setContentType("application/vnd.ms-excel");
httpServletResponse.setHeader("Content-Disposition", "attachment;filename="+fileName);
httpServletResponse.setContentType("utf-8");
return true;
}
/**
* 根据浏览器 If-None-Match Header, 计算Etag是否已无效.
* 如果Etag有效, checkIfNoneMatch返回false, 设置304 not modify status.
* @param etag 内容的ETag.
*/
public static boolean checkIfNoneMatchEtag(HttpServletRequest request, HttpServletResponse response, String etag) {
String headerValue = request.getHeader(HttpHeaders.IF_NONE_MATCH);
if (headerValue != null) {
boolean conditionSatisfied = false;
if (!"*".equals(headerValue)) {
StringTokenizer commaTokenizer = new StringTokenizer(headerValue, ",");
while (!conditionSatisfied && commaTokenizer.hasMoreTokens()) {
String currentToken = commaTokenizer.nextToken();
if (currentToken.trim().equals(etag)) {
conditionSatisfied = true;
}
}
} else {
conditionSatisfied = true;
}
if (conditionSatisfied) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
response.setHeader(HttpHeaders.ETAG, etag);
return false;
}
}
return true;
}
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
throws ServletException, IOException {
resp.setHeader("Access-Control-Allow-Origin", "*");
try {
String path = (String) req.getAttribute(HttpConstants.ATTR_XIPKI_PATH);
ResponderAndPath responderAndPath = server.getResponderForPath(path);
if (responderAndPath == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
resp.setContentLength(0);
return;
}
HealthCheckResult healthResult = server.healthCheck(responderAndPath.getResponder());
int status = healthResult.isHealthy()
? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
byte[] respBytes = JSON.toJSONBytes(healthResult);
resp.setStatus(status);
resp.setContentType(HealthCheckServlet.CT_RESPONSE);
resp.setContentLength(respBytes.length);
resp.getOutputStream().write(respBytes);
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen", th);
}
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
resp.setContentLength(0);
} finally {
resp.flushBuffer();
}
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
String ajaxRequestHeader = request.getHeader("X-Requested-With");
response.setHeader("X-Frame-Options", "DENY");
if ("XMLHttpRequest".equals(ajaxRequestHeader)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} else {
LOG.debug("redirecting to login page loginPath" + loginPath);
response.sendRedirect(loginPath);
}
}
/**
* Sends an error to the client.
*
* @param e The exception that caused the problem.
* @param rs The <code>ReqState</code> for the client.
*/
public void anyExceptionHandler(Throwable e, ReqState rs) {
try {
log.error("DODServlet ERROR (anyExceptionHandler): " + e);
printThrowable(e);
// Strip any double quotes out of the parser error message.
// These get stuck in auto-magically by the javacc generated parser
// code and they break our error parser (bummer!)
String msg = e.getMessage();
if (msg != null)
msg = msg.replace('\"', '\'');
if (rs != null) {
HttpServletResponse response = rs.getResponse();
log.error(rs + "");
if (track) {
RequestDebug reqD = (RequestDebug) rs.getUserObject();
log.error(" request number: " + reqD.reqno + " thread: " + reqD.threadDesc);
}
BufferedOutputStream eOut = new BufferedOutputStream(response.getOutputStream());
response.setHeader("Content-Description", "dods-error");
// This should probably be set to "plain" but this works, the
// C++ slients don't barf as they would if I sent "plain" AND
// the C++ don't expect compressed data if I do this...
response.setHeader("Content-Encoding", "");
DAP2Exception de2 = new DAP2Exception(opendap.dap.DAP2Exception.UNDEFINED_ERROR, msg);
de2.print(eOut);
}
} catch (IOException ioe) {
log.error("Cannot respond to client! IO Error: " + ioe.getMessage());
}
}
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setHeader("Content-type", "application/json;charset=UTF-8");
// httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// 如果这里状态改为HttpServletResponse.SC_UNAUTHORIZED 会导致feign之间调用异常 see https://xujin.org/sc/sc-feign-4xx/
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
LogBack.error("用户没有登录时返回给前端的数据");
JsonData jsonData = new JsonData(StatusEnum.LOGIN_EXPIRED);
httpServletResponse.getWriter().write(JsonUtil.toJsonString(jsonData));
}
@SuppressWarnings("rawtypes")
@Override
public void render(Map model, HttpServletRequest request, HttpServletResponse response) throws Exception {
Integer sc = (Integer) model.get(SC_KEY);
if (sc == null) {
sc = DEFAULT_SC;
}
response.setStatus(sc.intValue());
response.setContentType(getContentType());
if (model.containsKey(CUSTOM_HEADERS_KEY)) {
Map<String, String> customHeaders = (Map<String, String>) model.get(CUSTOM_HEADERS_KEY);
if (customHeaders != null) {
for (String headerName : customHeaders.keySet()) {
response.setHeader(headerName, customHeaders.get(headerName));
}
}
}
try (OutputStream out = response.getOutputStream()) {
String content = (String) model.get(CONTENT_KEY);
if (content != null) {
byte[] contentBytes = content.getBytes("UTF-8");
response.setContentLength(contentBytes.length);
out.write(contentBytes);
} else {
response.setContentLength(0);
}
}
}
static void disableHttpCaching(HttpServletResponse httpResponse) {
Date now = new Date();
httpResponse.setDateHeader("Date", now.getTime()); //$NON-NLS-1$
httpResponse.setDateHeader("Expires", expiredSinceYesterday(now)); //$NON-NLS-1$
httpResponse.setHeader("Pragma", "no-cache"); //$NON-NLS-1$ //$NON-NLS-2$
httpResponse.setHeader("Cache-control", "no-cache, no-store, must-revalidate"); //$NON-NLS-1$ //$NON-NLS-2$
}
/**
* 获取页面的提示信息
* @return
*/
@RequestMapping(value = "/admin/polling")
@ResponseBody
public Object polling(HttpServletResponse resp, @CurrentUser User user) {
resp.setHeader("Connection", "Keep-Alive");
resp.addHeader("Cache-Control", "private");
resp.addHeader("Pragma", "no-cache");
Long userId = user.getId();
if(userId == null) {
return null;
}
//如果用户第一次来 立即返回
if(!pushService.isOnline(userId)) {
Long unreadMessageCount = messageApi.countUnread(userId);
List<Map<String, Object>> notifications = notificationApi.topFiveNotification(user.getId());
Map<String, Object> data = Maps.newHashMap();
data.put("unreadMessageCount", unreadMessageCount);
data.put("notifications", notifications);
pushService.online(userId);
return data;
} else {
//长轮询
return pushService.newDeferredResult(userId);
}
}
@Override
protected final void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request,
HttpServletResponse response) throws Exception {
// ファイル名に日本語を含めても文字化けしないようにUTF-8にエンコードする
val encodedFilename = EncodeUtils.encodeUtf8(filename);
val contentDisposition = String.format("attachment; filename*=UTF-8''%s", encodedFilename);
response.setHeader(CONTENT_TYPE, getContentType());
response.setHeader(CONTENT_DISPOSITION, contentDisposition);
// CSVヘッダをオブジェクトから作成する
CsvSchema schema = csvMapper.schemaFor(clazz).withHeader();
if (isNotEmpty(columns)) {
// カラムが指定された場合は、スキーマを再構築する
val builder = schema.rebuild().clearColumns();
for (String column : columns) {
builder.addColumn(column);
}
schema = builder.build();
}
// 書き出し
val outputStream = createTemporaryOutputStream();
try (Writer writer = new OutputStreamWriter(outputStream, "Windows-31J")) {
csvMapper.writer(schema).writeValue(writer, data);
}
}
public ActionForward exportXLS(ActionMapping mapping, ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws IOException {
ExternalSupervisorViewsBean bean = getRenderedObject("sessionBean");
final Spreadsheet spreadsheet = generateSpreadsheet(bean);
response.setContentType("application/vnd.ms-excel");
response.setHeader("Content-disposition", "attachment; filename=" + getFilename(bean) + ".xls");
spreadsheet.exportToXLSSheet(response.getOutputStream());
response.getOutputStream().flush();
response.flushBuffer();
return null;
}
/**
* 设置相应头
*
* @param response HttpServletResponse
*/
public static void setHeader(HttpServletResponse response) {
response.setContentType("image/gif");
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
assertTrue("Invalid request content-length", request.getContentLength() > 0);
assertNotNull("No content-type", request.getContentType());
String body = FileCopyUtils.copyToString(request.getReader());
assertEquals("Invalid request body", s, body);
response.setStatus(HttpServletResponse.SC_CREATED);
response.setHeader("Location", baseUrl + location);
response.setContentLength(buf.length);
response.setContentType(contentType.toString());
FileCopyUtils.copy(buf, response.getOutputStream());
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
java.util.Map<String,String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
String[] values = map.get("BenchmarkTest00476");
if (values != null) param = values[0];
}
String bar;
// Simple ? condition that assigns constant to bar on true condition
int num = 106;
bar = (7*18) + num > 200 ? "This_should_always_happen" : param;
response.setHeader("X-XSS-Protection", "0");
response.getWriter().println(bar);
}
/**
* Creates a PDF document based on the PO information and the items that were selected by the user on the Purchase Order
* Retransmit Document page to be retransmitted, then display the PDF to the browser.
*
* @param mapping An ActionMapping
* @param form An ActionForm
* @param request The HttpServletRequest
* @param response The HttpServletResponse
* @throws Exception
* @return An ActionForward
*/
public ActionForward printingRetransmitPoOnly(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
String selectedItemIndexes = request.getParameter("selectedItemIndexes");
String documentNumber = request.getParameter("poDocumentNumberForRetransmit");
PurchaseOrderDocument po = SpringContext.getBean(PurchaseOrderService.class).getPurchaseOrderByDocumentNumber(documentNumber);
String retransmitHeader = request.getParameter("retransmitHeader");
// setting the isItemSelectedForRetransmitIndicator items of the PO obtained from the database based on its value from
// the po from the form
setItemSelectedForRetransmitIndicatorFromPOInForm(selectedItemIndexes, po.getItems());
po.setRetransmitHeader(retransmitHeader);
ByteArrayOutputStream baosPDF = new ByteArrayOutputStream();
try {
StringBuffer sbFilename = new StringBuffer();
sbFilename.append("PURAP_PO_");
sbFilename.append(po.getPurapDocumentIdentifier());
sbFilename.append("_");
sbFilename.append(System.currentTimeMillis());
sbFilename.append(".pdf");
// below method will throw ValidationException if errors are found
SpringContext.getBean(PurchaseOrderService.class).retransmitPurchaseOrderPDF(po, baosPDF);
response.setHeader("Cache-Control", "max-age=30");
response.setContentType("application/pdf");
StringBuffer sbContentDispValue = new StringBuffer();
sbContentDispValue.append("inline");
sbContentDispValue.append("; filename=");
sbContentDispValue.append(sbFilename);
response.setHeader("Content-disposition", sbContentDispValue.toString());
response.setContentLength(baosPDF.size());
ServletOutputStream sos;
sos = response.getOutputStream();
baosPDF.writeTo(sos);
sos.flush();
}
catch (ValidationException e) {
LOG.warn("Caught ValidationException while trying to retransmit PO with doc id " + po.getDocumentNumber());
return mapping.findForward(KFSConstants.MAPPING_ERROR);
}
finally {
if (baosPDF != null) {
baosPDF.reset();
}
}
return null;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
response.setHeader("Access-Control-Allow-Headers","Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Origin, Authorization, appId, serviceId");
response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
super.afterCompletion(request, response, handler, ex);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("Referer");
if (headers != null && headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
// URL Decode the header value since req.getHeaders() doesn't. Unlike req.getParameters().
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar = org.owasp.esapi.ESAPI.encoder().encodeForHTML(param);
response.setHeader("X-XSS-Protection", "0");
response.getWriter().println(bar.toCharArray());
}