设置“原点”和“访问控制请求法”头与Jersey客户端

Question

Jersey客户端没有设置为我的“原点”头，我不知道如果我错过什么。

String origin="http://www.localhost.com"; 
ClientResponse response= webResourceBuilder("my/endpoint") 
      .header("origin" , origin) 
      .header("Access-Control-Request-Method", "POST") 
      .header("xorigin", origin) 
      .header("whatever", "test") 
      .accept("application/xml") 
      .get(ClientResponse.class); 

当我在运行时检查服务器端的请求头，我发现“xorigin”和“无所谓”头，但不是“出身”和“访问控制请求法”

我怎样才能设置这些标题？

Answer 1

默认Jersey客户端使用HttpURLConnection发送请求到服务器。 HttpUrlConnection限制一些头在请求被发送，请参阅：

/* 
* Restrict setting of request headers through the public api 
* consistent with JavaScript XMLHttpRequest2 with a few 
* exceptions. Disallowed headers are silently ignored for 
* backwards compatibility reasons rather than throwing a 
* SecurityException. For example, some applets set the 
* Host header since old JREs did not implement HTTP 1.1. 
* Additionally, any header starting with Sec- is 
* disallowed. 
* 
* The following headers are allowed for historical reasons: 
* 
* Accept-Charset, Accept-Encoding, Cookie, Cookie2, Date, 
* Referer, TE, User-Agent, headers beginning with Proxy-. 
* 
* The following headers are allowed in a limited form: 
* 
* Connection: close 
* 
* See http://www.w3.org/TR/XMLHttpRequest2. 
*/ 
private static final boolean allowRestrictedHeaders; 
private static final Set<String> restrictedHeaderSet; 
private static final String[] restrictedHeaders = { 
    /* Restricted by XMLHttpRequest2 */ 
    //"Accept-Charset", 
    //"Accept-Encoding", 
    "Access-Control-Request-Headers", 
    "Access-Control-Request-Method", 
    "Connection", /* close is allowed */ 
    "Content-Length", 
    //"Cookie", 
    //"Cookie2", 
    "Content-Transfer-Encoding", 
    //"Date", 
    //"Expect", 
    "Host", 
    "Keep-Alive", 
    "Origin", 
    // "Referer", 
    // "TE", 
    "Trailer", 
    "Transfer-Encoding", 
    "Upgrade", 
    //"User-Agent", 
    "Via" 
}; 

你有两个选择如何处理这种情况：

1. 在默认Jersey客户端，你需要设置系统属性

   -Dsun.net.http.allowRestrictedHeaders=true 
   

   它抑制从请求中删除受限制的标题。

2. 使用ApacheHttpClient/ApacheHttpClient4似乎没有这个限制。只需添加下面的一个依赖于你的项目：

   <dependency> 
       <groupId>com.sun.jersey.contribs</groupId> 
       <artifactId>jersey-apache-client</artifactId> 
       <version>1.15</version> 
   </dependency> 
   

   或

   <dependency> 
       <groupId>com.sun.jersey.contribs</groupId> 
       <artifactId>jersey-apache-client4</artifactId> 
       <version>1.15</version> 
   </dependency> 
   

   ，然后创建你的客户，如：

   ApacheHttpClient.create(com.sun.jersey.api.client.config.ClientConfig); 
   

   或

   ApacheHttpClient4.create(com.sun.jersey.api.client.config.ClientConfig); 
   

Answer 2

或者只是设置你的头（如果你不想把它设置为全局设置）之前设置该属性动态：

System.setProperty("sun.net.http.allowRestrictedHeaders", "true");