如何从我的服务层内部创建一个 cookie 并添加到 http 响应?
Posted
技术标签:
【中文标题】如何从我的服务层内部创建一个 cookie 并添加到 http 响应?【英文标题】:how to create a cookie and add to http response from inside my service layer? 【发布时间】:2012-02-11 23:09:31 【问题描述】:我正在我的 spring mvc 应用程序中创建自定义身份验证服务:
@Service
public class AuthenticationServiceImpl implements AuthenticationService
@Autowired
UserService userService;
@Override
public void login(String email, String password)
boolean isValid = userService.isValidLogin(email, password);
if(isValid)
// ??? create a session cookie and add to http response
如何创建 cookie 并将其添加到响应中?
【问题讨论】:
【参考方案1】:要添加新的 cookie,请使用 HttpServletResponse.addCookie(Cookie)。 Cookie 几乎是一个键值对,将名称和值作为构造字符串。
【讨论】:
顺便说一句,我不建议您这样做来创建自己的身份验证方案。【参考方案2】:在 Spring MVC 中,默认情况下你会得到 HtppServletResponce 对象。
@RequestMapping("/myPath.htm")
public ModelAndView add(HttpServletRequest request,
HttpServletResponse response) throws Exception
//Do service call passing the response
return new ModelAndView("CustomerAddView");
//Service code
Cookie myCookie =
new Cookie("name", "val");
response.addCookie(myCookie);
【讨论】:
【参考方案3】:按照@Aravind 的回答了解更多详情
@RequestMapping("/myPath.htm")
public ModelAndView add(HttpServletRequest request, HttpServletResponse response) throws Exception
myServiceMethodSettingCookie(request, response); //Do service call passing the response
return new ModelAndView("CustomerAddView");
// service method
void myServiceMethodSettingCookie(HttpServletRequest request, HttpServletResponse response)
final String cookieName = "my_cool_cookie";
final String cookieValue = "my cool value here !"; // you could assign it some encoded value
final Boolean useSecureCookie = false;
final int expiryTime = 60 * 60 * 24; // 24h in seconds
final String cookiePath = "/";
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setSecure(useSecureCookie); // determines whether the cookie should only be sent using a secure protocol, such as HTTPS or SSL
cookie.setMaxAge(expiryTime); // A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.
cookie.setPath(cookiePath); // The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories
response.addCookie(cookie);
相关文档:
http://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity.html
【讨论】:
【参考方案4】:cookie 是具有键值对的对象,用于存储与客户相关的信息。主要目标是个性化客户体验。
可以像这样创建实用方法
private Cookie createCookie(String cookieName, String cookieValue)
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setPath("/");
cookie.setMaxAge(MAX_AGE_SECONDS);
cookie.setHttpOnly(true);
cookie.setSecure(true);
return cookie;
如果存储重要信息,那么我们应该始终设置 setHttpOnly 以便无法通过 javascript 访问/修改 cookie。如果您希望仅通过 https 协议访问 cookie,则 setSecure 是适用的。
使用上述实用方法,您可以将 cookie 添加到响应中
Cookie cookie = createCookie("name","value");
response.addCookie(cookie);
【讨论】:
以上是关于如何从我的服务层内部创建一个 cookie 并添加到 http 响应?的主要内容,如果未能解决你的问题,请参考以下文章
如何将 cookie 从我的 ios 应用程序共享到移动 safari?
如何从我的硬件(即 esp8266 模块)向 android 发送推送消息?没有在手机上安装应用程序,我可以使用内部服务吗?
如何在Asp.net Core的登录过程中为“记住我”设置单个cookie超时?