6

泽西客户端没有为我设置“原点”标题,我想知道我是否遗漏了什么。

String origin="http://www.localhost.com";
ClientResponse response= webResourceBuilder("my/endpoint")
            .header( "origin" , origin)
            .header("Access-Control-Request-Method", "POST")
            .header("xorigin", origin)
            .header("whatever", "test")
            .accept("application/xml")
            .get(ClientResponse.class);

当我在运行时检查服务器端的请求标头时,我发现“xorigin”和“whatever”标头,但没有“origin”和“Access-Control-Request-Method”

如何设置这些标题?

4

2 回答 2

15

默认 Jersey 客户端使用HttpURLConnection向服务器发送请求。HttpUrlConnection限制在请求中发送的一些标头,请参阅:

/*
 * Restrict setting of request headers through the public api
 * consistent with JavaScript XMLHttpRequest2 with a few
 * exceptions. Disallowed headers are silently ignored for
 * backwards compatibility reasons rather than throwing a
 * SecurityException. For example, some applets set the
 * Host header since old JREs did not implement HTTP 1.1.
 * Additionally, any header starting with Sec- is
 * disallowed.
 *
 * The following headers are allowed for historical reasons:
 *
 * Accept-Charset, Accept-Encoding, Cookie, Cookie2, Date,
 * Referer, TE, User-Agent, headers beginning with Proxy-.
 *
 * The following headers are allowed in a limited form:
 *
 * Connection: close
 *
 * See http://www.w3.org/TR/XMLHttpRequest2.
 */
private static final boolean allowRestrictedHeaders;
private static final Set<String> restrictedHeaderSet;
private static final String[] restrictedHeaders = {
    /* Restricted by XMLHttpRequest2 */
    //"Accept-Charset",
    //"Accept-Encoding",
    "Access-Control-Request-Headers",
    "Access-Control-Request-Method",
    "Connection", /* close is allowed */
    "Content-Length",
    //"Cookie",
    //"Cookie2",
    "Content-Transfer-Encoding",
    //"Date",
    //"Expect",
    "Host",
    "Keep-Alive",
    "Origin",
    // "Referer",
    // "TE",
    "Trailer",
    "Transfer-Encoding",
    "Upgrade",
    //"User-Agent",
    "Via"
};

您有两种选择如何处理这种情况:

  1. 使用默认 Jersey 客户端,您需要设置系统属性

    -Dsun.net.http.allowRestrictedHeaders=true
    

    它禁止从请求中删除受限制的标头。

  2. 使用似乎没有此限制的ApacheHttpClient / ApacheHttpClient4 。只需将以下依赖项之一添加到您的项目中:

    <dependency>
        <groupId>com.sun.jersey.contribs</groupId>
        <artifactId>jersey-apache-client</artifactId>
        <version>1.15</version>
    </dependency>
    

    或者

    <dependency>
        <groupId>com.sun.jersey.contribs</groupId>
        <artifactId>jersey-apache-client4</artifactId>
        <version>1.15</version>
    </dependency>
    

    然后创建您的客户,例如:

    ApacheHttpClient.create(com.sun.jersey.api.client.config.ClientConfig);
    

    或者

    ApacheHttpClient4.create(com.sun.jersey.api.client.config.ClientConfig);
    
于 2012-11-07T09:21:01.713 回答
8

或者只是在设置标题之前动态设置此属性(如果您不想将其设置为全局设置):

System.setProperty("sun.net.http.allowRestrictedHeaders", "true");
于 2013-09-26T12:30:43.520 回答