An HTTP header is an additional content that is independent of the request content and response content.
Many of the features in the HTTP protocol are implemented through header information interaction, such as content encoding and decoding, caching, connection keepalive, and so on.
As one of the following request responses:
Request
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q= 0.8accept-encoding:gzip, Deflateaccept-language:zh-cn,zh;q=0.9cache-control:max-age=0connection:keep-alivehost: www.cnblogs.comIf-Modified-Since:Wed, 2018 13:47:45 gmtupgrade-insecure-requests:1user-agent:mozilla/5.0 ( Windows NT 6.1; Win64; x64) applewebkit/537.36 (khtml, like Gecko) chrome/65.0.3325.181 safari/537.36
| name | Use |
|---|---|
| Accept | List of MIME types expected by the client |
| Accept-encoding | How the client expects to encode and decode |
| Accept-language | Language expected by the client |
| Cache-control | Cache control |
| Connection | Connection behavior (keep-alive) |
| Host | Host requested for Access |
| If-modified-since | Cache control |
| Upgrade-insecure-requests | Support for secure cryptographic tokens |
| User-agent | User agent (Client identity) |
Response
cache-control:private, max-age=10connection:keep-alivecontent-encoding:gzipcontent-type:text/html; charset=utf-8date:wed, Jul 2018 13:47:51 gmtexpires:wed, Jul 2018 13:48:01 gmtlast-modified:wed, 2018 13:4 7:51 gmttransfer-encoding:chunkedvary:accept-encodingx-frame-options:sameoriginx-ua-compatible:ie=10
| name | Use |
|---|---|
| Cache-control | Cache control |
| Connection | Connection behavior (keep-alive) |
| Content-encoding | Encoding and decoding method |
| Content-type | Content Type (MIME) |
| Date | Current response time |
| Expires | Document Expiration Time |
| Last-modified | Last Update time |
| Transfer-encoding | Transmission Encoding Method |
| Vary | Requests that need to be refreshed header |
| X-frame-options | Frame display strategy (for homologous control) |
| X-ua-compatible | IE Compatibility properties |
More * * Http Header * * Can be found from here
Second, springboot processing head informationThe previous section has already talked about how to complete the Controller method and the request mapping.
The springboot can be annotated by @RequestHeader
Map the request header information to the parameters, such as the following fragment:
@GetMapping("/some") @ResponseBody public String someHeader(@RequestHeader(value = "Host") String host, @RequestHeader(value = "User-Agent") String userAgent, @RequestHeader(value = "Cache-Control", required = false) String cacheControl, HttpServletResponse response) { logger.info("host:{}", host); logger.info("User-Agent:{}", userAgent); logger.info("Cache-Control:{}", cacheControl); // 设置响应头 response.setHeader("Cache-Control", "no-cache,no-store,must-revalidate"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", 0); return "OK"; }
Instead of the response header, you can declare a httpservletresponse parameter,
By setting this object, the code above is very easy to understand.
If you want to get all the request headers, you can use the httpheaders object:
@GetMapping("/all") public ResponseEntity<Map<String, List<String>>> allHeaders(@RequestHeader HttpHeaders headers) { Map<String, List<String>> valueMap = new HashMap<String, List<String>>(); for (String header : headers.keySet()) { valueMap.put(header, headers.get(header)); logger.info("header[{}]={}", header, headers.get(header)); } // 通过ResponseEntity设置响应头 ResponseEntity<Map<String, List<String>>> entity = ResponseEntity.status(HttpStatus.OK) .header("new header", UUID.randomUUID().toString()).body(valueMap); return entity; }
In the preceding section of the code, all the request header information can be printed out.
Also note that the return response uses the responseentity object, which is a direct representation of the
In response to the information header, the content of the object, the use of responseentity can easily set the response header information.
A Cookie begins when a server uses information that is recorded on a browser to identify user information.
So far, there have been a lot of application scenarios for cookies as client-side storage.
Springboot provides @CookieValue to support parameter injection, as follows:
@GetMapping("/some") @ResponseBody public String someCookie(@CookieValue(value = "counter", defaultValue = "0") int counter, HttpServletResponse response) { logger.info("counter:{}", counter); counter += 1; String newValue = counter + ""; // 设置Cookie response.addCookie(new Cookie("counter", newValue)); return newValue; }
In the above code, Access/some can obtain a counter cookie value,
And it is incremented once per visit, which is a simple access counter function.
If you want to get all the cookies, you can refer to the following code:
@GetMapping("/all") public ResponseEntity<Map<String, String>>allCookies(HttpServletRequest request, HttpServletResponse response) { Map<String, String> valueMap = new HashMap<String, String>(); for (Cookie cookie : request.getCookies()) { valueMap.put(cookie.getName(), cookie.getValue()); logger.info("cookie[{}]={}", cookie.getName(), cookie.getValue()); } // 设置Cookie response.addCookie(new Cookie("key", UUID.randomUUID().toString())); return new ResponseEntity<Map<String, String>>(valueMap, HttpStatus.OK); }
Clean up All Cookies
@GetMapping("/clear") public ResponseEntity<Map<String, String>> clearCookies(HttpServletRequest request, HttpServletResponse response) { Map<String, String> valueMap = new HashMap<String, String>(); for (Cookie cookie : request.getCookies()) { valueMap.put(cookie.getName(), cookie.getValue()); logger.info("cookie[{}]={}", cookie.getName(), cookie.getValue()); // 清除 cookie.setMaxAge(0); response.addCookie(cookie); } return new ResponseEntity<Map<String, String>>(valueMap, HttpStatus.OK); }
There is a certain flaw in the cookie mechanism, as far as possible after considering some risk to use
Session refers to a conversation, which is based on the cookie mechanism of a form of identity recognition.
Due to the security and capacity limitations of the cookie itself, most applications hold a unique credential in the cookie;
The service side passes the credential again to access the identity information, this is the origin of the conversation.
Different languages, frameworks adopted some differences in implementation, such as Java EE with jsession_id, and PHP is PHPSESSID
The interactive principle of the session can be referenced in the following diagram:
Springboot the servlet container is embedded, it is the jsession_idof the continuation. This cookie is therefore found when browsing some javaweb sites.
Use @SessionAttribute to map attributes in a session to method parameters;
If you want to manipulate the session property, you can declare @SessionAttributes annotations on the controller to specify the attributes you want to change;
After that, the model parameter is written (the session is automatically detected and modified by the framework)
@SessionAttributes("seed")public class SessionController { private static final Logger logger = LoggerFactory.getLogger(SessionController.class); @GetMapping("/some") @ResponseBody public String someSession(@SessionAttribute(value = "seed", required = false) Integer seed, Model model) { logger.info("seed:{}", seed); if (seed == null) { seed = (int) (Math.random() * 10000); } else { seed += 1; } model.addAttribute("seed", seed); return seed + ""; }
The above example has the same function as the cookie to implement the access counter !
If you want to get all the sessions, you can use HttpSession
@GetMapping("/all") public ResponseEntity<Map<String, Object>> allSessions(HttpSession session) { Map<String, Object> valueMap = new HashMap<String, Object>(); Enumeration<String> iSession = session.getAttributeNames(); while (iSession.hasMoreElements()) { String sessionName = iSession.nextElement(); Object sessionValue = session.getAttribute(sessionName); valueMap.put(sessionName, sessionValue); logger.info("sessoin[{}]={}", sessionName, sessionValue); } // 写入session session.setAttribute("timestmap", new Date()); return new ResponseEntity<Map<String, Object>>(valueMap, HttpStatus.OK); }
Clear session
Five, flash parameter delivery@GetMapping("/clear") public ResponseEntity<Map<String, Object>> clearSessions(HttpSession session) { Map<String, Object> valueMap = new HashMap<String, Object>(); Enumeration<String> iSession = session.getAttributeNames(); while (iSession.hasMoreElements()) { String sessionName = iSession.nextElement(); Object sessionValue = session.getAttribute(sessionName); valueMap.put(sessionName, sessionValue); logger.info("sessoin[{}]={}", sessionName, sessionValue); session.removeAttribute(sessionName); } return new ResponseEntity<Map<String, Object>>(valueMap, HttpStatus.OK); }
Flash means an instant, a flash , so it's good to understand that this is a class of parameters used only once, some similar to burn after reading .
Imagine this scenario, you confirm the shopping cart, complete the order payment after the order to enter the management interface, and the interface prompts you to "order success, please wait for delivery."
This can be achieved by using Flash to send parameters.
Flash is meant to be used as a transient parameter transfer between requests, and is no longer used once consumed.
The following is an example:
/** * 执行跳转,并设置传值 * * @param counter * @param response * @return */ @GetMapping("/first") public String first(final RedirectAttributes redirectAttrs) { logger.info("redirect start:{}"); redirectAttrs.addFlashAttribute("flash", UUID.randomUUID().toString()); return "redirect:/flash/second"; } /** * 获取传值 * * @param session * @param response * @return */ @GetMapping("/second") @ResponseBody public String second(@ModelAttribute("flash") String flash) { logger.info("redirect receive {}", flash); return flash; }
Interaction principle
The flash mechanism in Sprintboot is also realized by using session , in which the Flashmapmanager interface realizes the management of flash parameters.
The default implementation is Sessionflashmapmanager, which allows you to obtain Flashmapmanager objects in the context by Requestcontextutils .
SummaryRequestcontextutils accessing objects by requesting Scope (Request context)
This is also a scope domain not mentioned in this article, where the request context is implemented using thread variables and is typically used for data interactions within a thread's business processing.
The HTTP header information is an additional content that implements the various features in the HTTP protocol, and describes the common header information definitions at the beginning.
This article mainly introduces several common methods of accessing HTTP scope information, including how to read and modify headers and cookies.
Springboot embedded the Servlet container, the session processing mechanism is followed by the Jsessionid, through the code example to introduce the session processing methods;
Flash parameter is a kind of data that Burn after reading , its bottom realization also uses the implementation of the session.
Welcome to continue to pay attention to "American Code Master's Tutorial series-springboot", look forward to more exciting content ^-^
Several scopes in the tutorial series-springboot
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
