下面列出了javax.servlet.http.HttpServletResponse#containsHeader() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Set HTTP headers to allow caching for the given number of seconds.
* Tells the browser to revalidate the resource if mustRevalidate is
* {@code true}.
* @param response the current HTTP response
* @param seconds number of seconds into the future that the response
* should be cacheable for
* @param mustRevalidate whether the client should revalidate the resource
* (typically only necessary for controllers with last-modified support)
* @deprecated as of 4.2, in favor of {@link #applyCacheControl}
*/
@Deprecated
protected final void cacheForSeconds(HttpServletResponse response, int seconds, boolean mustRevalidate) {
if (this.useExpiresHeader) {
// HTTP 1.0 header
response.setDateHeader(HEADER_EXPIRES, System.currentTimeMillis() + seconds * 1000L);
}
else if (response.containsHeader(HEADER_EXPIRES)) {
// Reset HTTP 1.0 Expires header if present
response.setHeader(HEADER_EXPIRES, "");
}
if (this.useCacheControlHeader) {
// HTTP 1.1 header
String headerValue = "max-age=" + seconds;
if (mustRevalidate || this.alwaysMustRevalidate) {
headerValue += ", must-revalidate";
}
response.setHeader(HEADER_CACHE_CONTROL, headerValue);
}
if (response.containsHeader(HEADER_PRAGMA)) {
// Reset HTTP 1.0 Pragma header if present
response.setHeader(HEADER_PRAGMA, "");
}
}
private Collection<String> getVaryRequestHeadersToAdd(HttpServletResponse response, String[] varyByRequestHeaders) {
if (!response.containsHeader(HttpHeaders.VARY)) {
return Arrays.asList(varyByRequestHeaders);
}
Collection<String> result = new ArrayList<>(varyByRequestHeaders.length);
Collections.addAll(result, varyByRequestHeaders);
for (String header : response.getHeaders(HttpHeaders.VARY)) {
for (String existing : StringUtils.tokenizeToStringArray(header, ",")) {
if ("*".equals(existing)) {
return Collections.emptyList();
}
for (String value : varyByRequestHeaders) {
if (value.equalsIgnoreCase(existing)) {
result.remove(value);
}
}
}
}
return result;
}
/**
* Delegate OPTIONS requests to {@link #processRequest}, if desired.
* <p>Applies HttpServlet's standard OPTIONS processing otherwise,
* and also if there is still no 'Allow' header set after dispatching.
* @see #doService
*/
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
processRequest(request, response);
if (response.containsHeader("Allow")) {
// Proper OPTIONS response coming from a handler - we're done.
return;
}
}
// Use response wrapper in order to always add PATCH to the allowed methods
super.doOptions(request, new HttpServletResponseWrapper(response) {
@Override
public void setHeader(String name, String value) {
if ("Allow".equals(name)) {
value = (StringUtils.hasLength(value) ? value + ", " : "") + HttpMethod.PATCH.name();
}
super.setHeader(name, value);
}
});
}
@Provides
@Singleton
public Filter apiOriginFilter() {
return new Filter(){
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse) response;
if (!res.containsHeader("Access-Control-Allow-Origin")) {
res.setHeader("Access-Control-Allow-Origin", "*");
}
res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
res.addHeader("Access-Control-Allow-Headers", "Content-Type, api_key, Authorization");
chain.doFilter(request, response);
}
@Override
public void destroy() {}
};
}
public static void addSecurityHeaders(final HttpServletResponse resp) {
if (resp.containsHeader("X-Content-Type-Options")) {
resp.setHeader("X-Content-Type-Options", "nosniff");
}
else {
resp.addHeader("X-Content-Type-Options", "nosniff");
}
if (resp.containsHeader("X-XSS-Protection")) {
resp.setHeader("X-XSS-Protection", "1;mode=block");
}
else {
resp.addHeader("X-XSS-Protection", "1;mode=block");
}
if (resp.containsHeader("content-security-policy")) {
resp.setIntHeader("content-security-policy", 1);
}else {
resp.addIntHeader("content-security-policy", 1);
}
resp.addHeader("content-security-policy","default-src=none");
resp.addHeader("content-security-policy","script-src=self");
resp.addHeader("content-security-policy","connect-src=self");
resp.addHeader("content-security-policy","img-src=self");
resp.addHeader("content-security-policy","style-src=self");
}
private String getUsernameFromResponse(HttpServletResponse response) {
String userName = null;
boolean checkCookie = response.containsHeader("Set-Cookie");
if (checkCookie) {
Collection<String> cookiesCollection = response.getHeaders("Set-Cookie");
if (cookiesCollection != null) {
Iterator<String> iterator = cookiesCollection.iterator();
while (iterator.hasNext()) {
String cookie = iterator.next();
if (StringUtils.isNotEmpty(cookie)) {
if (cookie.toLowerCase().startsWith(AUTH_COOKIE_NAME.toLowerCase())) {
Matcher m = usernamePattern.matcher(cookie);
if (m.find()) {
userName = m.group(1);
}
}
}
if (StringUtils.isNotEmpty(userName)) {
break;
}
}
}
}
logger.debug("kerberos username from response >>>>>>>>" + userName);
return userName;
}
/**
* Set HTTP headers to allow caching for the given number of seconds.
* Tells the browser to revalidate the resource if mustRevalidate is
* {@code true}.
* @param response the current HTTP response
* @param seconds number of seconds into the future that the response
* should be cacheable for
* @param mustRevalidate whether the client should revalidate the resource
* (typically only necessary for controllers with last-modified support)
* @deprecated as of 4.2, in favor of {@link #applyCacheControl}
*/
@Deprecated
protected final void cacheForSeconds(HttpServletResponse response, int seconds, boolean mustRevalidate) {
if (this.useExpiresHeader) {
// HTTP 1.0 header
response.setDateHeader(HEADER_EXPIRES, System.currentTimeMillis() + seconds * 1000L);
}
if (this.useCacheControlHeader) {
// HTTP 1.1 header
String headerValue = "max-age=" + seconds;
if (mustRevalidate || this.alwaysMustRevalidate) {
headerValue += ", must-revalidate";
}
response.setHeader(HEADER_CACHE_CONTROL, headerValue);
}
if (response.containsHeader(HEADER_PRAGMA)) {
// Reset HTTP 1.0 Pragma header if present
response.setHeader(HEADER_PRAGMA, "");
}
}
/**
* Set the HTTP Cache-Control header according to the given settings.
* @param response current HTTP response
* @param cacheControl the pre-configured cache control settings
* @since 4.2
*/
protected final void applyCacheControl(HttpServletResponse response, CacheControl cacheControl) {
String ccValue = cacheControl.getHeaderValue();
if (ccValue != null) {
// Set computed HTTP 1.1 Cache-Control header
response.setHeader(HEADER_CACHE_CONTROL, ccValue);
if (response.containsHeader(HEADER_PRAGMA)) {
// Reset HTTP 1.0 Pragma header if present
response.setHeader(HEADER_PRAGMA, "");
}
if (response.containsHeader(HEADER_EXPIRES)) {
// Reset HTTP 1.0 Expires header if present
response.setHeader(HEADER_EXPIRES, "");
}
}
}
/**
* Set HTTP headers to allow caching for the given number of seconds.
* Tells the browser to revalidate the resource if mustRevalidate is
* {@code true}.
* @param response the current HTTP response
* @param seconds number of seconds into the future that the response
* should be cacheable for
* @param mustRevalidate whether the client should revalidate the resource
* (typically only necessary for controllers with last-modified support)
* @deprecated as of 4.2, in favor of {@link #applyCacheControl}
*/
@Deprecated
protected final void cacheForSeconds(HttpServletResponse response, int seconds, boolean mustRevalidate) {
if (this.useExpiresHeader) {
// HTTP 1.0 header
response.setDateHeader(HEADER_EXPIRES, System.currentTimeMillis() + seconds * 1000L);
}
else if (response.containsHeader(HEADER_EXPIRES)) {
// Reset HTTP 1.0 Expires header if present
response.setHeader(HEADER_EXPIRES, "");
}
if (this.useCacheControlHeader) {
// HTTP 1.1 header
String headerValue = "max-age=" + seconds;
if (mustRevalidate || this.alwaysMustRevalidate) {
headerValue += ", must-revalidate";
}
response.setHeader(HEADER_CACHE_CONTROL, headerValue);
}
if (response.containsHeader(HEADER_PRAGMA)) {
// Reset HTTP 1.0 Pragma header if present
response.setHeader(HEADER_PRAGMA, "");
}
}
private Collection<String> getVaryRequestHeadersToAdd(HttpServletResponse response) {
if (!response.containsHeader(HttpHeaders.VARY)) {
return Arrays.asList(getVaryByRequestHeaders());
}
Collection<String> result = new ArrayList<String>(getVaryByRequestHeaders().length);
Collections.addAll(result, getVaryByRequestHeaders());
for (String header : response.getHeaders(HttpHeaders.VARY)) {
for (String existing : StringUtils.tokenizeToStringArray(header, ",")) {
if ("*".equals(existing)) {
return Collections.emptyList();
}
for (String value : getVaryByRequestHeaders()) {
if (value.equalsIgnoreCase(existing)) {
result.remove(value);
}
}
}
}
return result;
}
/**
* Delegate OPTIONS requests to {@link #processRequest}, if desired.
* <p>Applies HttpServlet's standard OPTIONS processing otherwise,
* and also if there is still no 'Allow' header set after dispatching.
* @see #doService
*/
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
processRequest(request, response);
if (response.containsHeader("Allow")) {
// Proper OPTIONS response coming from a handler - we're done.
return;
}
}
// Use response wrapper for Servlet 2.5 compatibility where
// the getHeader() method does not exist
super.doOptions(request, new HttpServletResponseWrapper(response) {
@Override
public void setHeader(String name, String value) {
if ("Allow".equals(name)) {
value = (StringUtils.hasLength(value) ? value + ", " : "") + HttpMethod.PATCH.name();
}
super.setHeader(name, value);
}
});
}
@Override
protected ModelAndView handleInternal(HttpServletRequest request,
HttpServletResponse response, HandlerMethod handlerMethod) throws Exception {
// 注释 10. 调用适配器方法
ModelAndView mav;
checkRequest(request);
// Execute invokeHandlerMethod in synchronized block if required.
// 判断 synchronizeOnSession 是否开启,开启的话,同一个 session 的请求将会串行执行
if (this.synchronizeOnSession) {
HttpSession session = request.getSession(false);
if (session != null) {
Object mutex = WebUtils.getSessionMutex(session);
synchronized (mutex) {
mav = invokeHandlerMethod(request, response, handlerMethod);
}
}
else {
// No HttpSession available -> no mutex necessary
mav = invokeHandlerMethod(request, response, handlerMethod);
}
}
else {
// No synchronization on session demanded at all...
// 执行适配中真正的方法
mav = invokeHandlerMethod(request, response, handlerMethod);
}
if (!response.containsHeader(HEADER_CACHE_CONTROL)) {
if (getSessionAttributesHandler(handlerMethod).hasSessionAttributes()) {
applyCacheSeconds(response, this.cacheSecondsForSessionAttributeHandlers);
}
else {
prepareResponse(response);
}
}
return mav;
}
private static String readUserFromCookie(HttpServletResponse response1) {
String userName = null;
boolean isCookieSet = response1.containsHeader("Set-Cookie");
if (isCookieSet) {
Collection<String> authUserName = response1.getHeaders("Set-Cookie");
if (authUserName != null) {
for (String cookie : authUserName) {
if (!StringUtils.isEmpty(cookie)) {
if (cookie.toLowerCase().startsWith(AuthenticatedURL.AUTH_COOKIE.toLowerCase()) && cookie.contains("u=")) {
String[] split = cookie.split(";");
if (split != null) {
for (String s : split) {
if (!StringUtils.isEmpty(s) && s.toLowerCase().startsWith(AuthenticatedURL.AUTH_COOKIE.toLowerCase())) {
int ustr = s.indexOf("u=");
if (ustr != -1) {
int andStr = s.indexOf("&", ustr);
if (andStr != -1) {
try {
userName = s.substring(ustr + 2, andStr);
break;
} catch (Exception e) {
userName = null;
}
}
}
}
}
}
}
}
}
}
}
return userName;
}
public static void addSecurityHeaders(final HttpServletResponse resp) {
if (resp.containsHeader("X-Content-Type-Options")) {
resp.setHeader("X-Content-Type-Options", "nosniff");
} else {
resp.addHeader("X-Content-Type-Options", "nosniff");
}
if (resp.containsHeader("X-XSS-Protection")) {
resp.setHeader("X-XSS-Protection", "1;mode=block");
} else {
resp.addHeader("X-XSS-Protection", "1;mode=block");
}
}
/**
* Set the HTTP Cache-Control header according to the given settings.
* @param response current HTTP response
* @param cacheControl the pre-configured cache control settings
* @since 4.2
*/
protected final void applyCacheControl(HttpServletResponse response, CacheControl cacheControl) {
String ccValue = cacheControl.getHeaderValue();
if (ccValue != null) {
// Set computed HTTP 1.1 Cache-Control header
response.setHeader(HEADER_CACHE_CONTROL, ccValue);
if (response.containsHeader(HEADER_PRAGMA)) {
// Reset HTTP 1.0 Pragma header if present
response.setHeader(HEADER_PRAGMA, "");
}
}
}
/**
* Fetches an avatar at a given URL.
* @param url image URL
* @param res response
* @return the content of the image or null
*/
public static void getAvatar(String url, HttpServletResponse res) {
if (StringUtils.isBlank(url)) {
getDefaultAvatarImage(res);
return;
}
HttpGet get = new HttpGet(url);
get.setHeader(HttpHeaders.USER_AGENT, "Scoold Image Validator, https://scoold.com");
try (CloseableHttpResponse img = HttpUtils.getHttpClient().execute(get)) {
if (img.getStatusLine().getStatusCode() == HttpStatus.SC_OK && img.getEntity() != null) {
String contentType = img.getEntity().getContentType().getValue();
if (StringUtils.equalsAnyIgnoreCase(contentType, "image/gif", "image/jpeg", "image/jpg", "image/png",
"image/webp", "image/bmp", "image/svg+xml")) {
for (Header header : img.getAllHeaders()) {
res.setHeader(header.getName(), header.getValue());
}
if (!res.containsHeader(org.apache.http.HttpHeaders.CACHE_CONTROL)) {
res.setHeader(org.apache.http.HttpHeaders.CACHE_CONTROL, "max-age=" + TimeUnit.HOURS.toSeconds(24));
}
IOUtils.copy(img.getEntity().getContent(), res.getOutputStream());
}
} else {
LoggerFactory.getLogger(HttpUtils.class).debug("Failed to get user avatar from {}, status: {} {}", url,
img.getStatusLine().getStatusCode(), img.getStatusLine().getReasonPhrase());
getDefaultAvatarImage(res);
}
} catch (IOException ex) {
getDefaultAvatarImage(res);
LoggerFactory.getLogger(HttpUtils.class).debug("Failed to get user avatar from {}: {}", url, ex.getMessage());
}
}
public static void writeResponseContent(HttpServletResponse response, String content) throws IOException {
// check to see if this is chunked
boolean chunked = false;
if (response.containsHeader(PluginHelper.STRING_TRANSFER_ENCODING)
&& response.getHeader(PluginHelper.STRING_TRANSFER_ENCODING).compareTo("chunked") == 0) {
response.setHeader(PluginHelper.STRING_CONNECTION, PluginHelper.STRING_CHUNKED);
chunked = true;
}
// check to see if this content is supposed to be compressed
// if so recompress it
boolean isEncoded = false;
ByteArrayOutputStream out = new ByteArrayOutputStream();
if (response.getHeader("content-encoding") != null &&
response.getHeader("content-encoding").equals("gzip")) {
// GZIP the data
isEncoded = true;
GZIPOutputStream gzip = new GZIPOutputStream(out);
gzip.write(content.getBytes());
gzip.close();
out.close();
} else if (response.getHeader("content-encoding") != null &&
response.getHeader("content-encoding").equals("deflate")) {
// Deflate the data
isEncoded = true;
Deflater compressor = new Deflater();
compressor.setInput(content.getBytes());
compressor.finish();
byte[] buffer = new byte[1024];
while (!compressor.finished()) {
int count = compressor.deflate(buffer);
out.write(buffer, 0, count);
}
out.close();
compressor.end();
}
// don't do this if we got a HTTP 304 since there is no data to send back
if (response.getStatus() != HttpServletResponse.SC_NOT_MODIFIED) {
if (!chunked) {
// change the content length header to the new length
if (content != null && !isEncoded) {
response.setContentLength(content.getBytes().length);
} else if (isEncoded) {
response.setContentLength(out.toByteArray().length);
}
}
OutputStream outputStreamClientResponse = response.getOutputStream();
response.resetBuffer();
if (content != null && !isEncoded) {
outputStreamClientResponse.write(content.getBytes());
} else if (isEncoded) {
outputStreamClientResponse.write(out.toByteArray());
}
}
}
/**
* 跨域攻击处理
*
* @param response
*/
private void filterClickJack ( HttpServletResponse response ) {
if ( ! response.containsHeader( X_FRAME_HEADER ) ) {
/** 使用 X-Frame-Options 防止被iframe 造成跨域iframe 提交挂掉 **/
response.addHeader( X_FRAME_HEADER , X_FRAME_VALUE );
}
}
@Bean
public Filter addMissingHeadersFilter()
{
return new Filter()
{
@Override
public void init(final FilterConfig filterConfig) throws ServletException
{
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException
{
try
{
chain.doFilter(request, response);
}
finally
{
if (response instanceof HttpServletResponse)
{
final HttpServletResponse httpResponse = (HttpServletResponse)response;
//
// If the Cache-Control is not set then set it to no-cache.
// In this way we precisely tell to browser that it shall not cache our REST calls.
// The Cache-Control is usually defined by features like ETag
if (!httpResponse.containsHeader("Cache-Control"))
{
httpResponse.setHeader("Cache-Control", "no-cache");
}
}
}
}
@Override
public void destroy()
{
}
};
}
/**
* Adds the gzip HTTP header to the response.
* <p/>
* <p>
* This is need when a gzipped body is returned so that browsers can properly decompress it.
* </p>
*
* @param response the response which will have a header added to it. I.e this method changes its parameter
* @throws GzipResponseHeadersNotModifiableException Either the response is committed or we were called using the include method
* from a {@link javax.servlet.RequestDispatcher#include(javax.servlet.ServletRequest, javax.servlet.ServletResponse)}
* method and the set header is ignored.
*/
public static void addGzipHeader(HttpServletResponse response) throws GzipResponseHeadersNotModifiableException {
response.setHeader("Content-Encoding", "gzip");
boolean containsEncoding = response.containsHeader("Content-Encoding");
if (!containsEncoding) {
throw new GzipResponseHeadersNotModifiableException("Failure when attempting to set "
+ "Content-Encoding: gzip");
}
}