" />

欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

SpringBoot實現(xiàn)多個子域共享cookie的示例

 更新時間:2023年04月10日 09:12:22   作者:modelmd  
本文主要介紹了SpringBoot實現(xiàn)多個子域共享cookie的示例,文中通過示例代碼介紹的非常詳細(xì),對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值,需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧

項目信息

使用SpringBoot web框架,版本號 2.7.10

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

cookie 共享

需求

現(xiàn)在有兩個域名 dev.scd.com.cn,test.scd.com.cn 的服務(wù),登錄驗證之后,服務(wù)器寫入 cookie 到響應(yīng)頭,用戶只需要登錄一次,訪問任意一個域都攜帶cookie 信息

如何實現(xiàn)

后端服務(wù)寫入cookie 指定domain為二級域名 .scd.com.cn
cookie基礎(chǔ)知識

環(huán)境配置

配置域

本地模擬多個域的環(huán)境,需要在host 上配置域名,增加如下配置

127.0.0.1 dev.scd.com.cn
127.0.0.1 test.scd.com.cn

SpringBoot 配置 https 訪問

application.properties 文件增加如下配置

# https
server.ssl.key-store=F:/keytool/https.p12
server.ssl.key-alias=tomcathttps
server.ssl.key-store-password=shootercheng

執(zhí)行jdk 自帶的命令行工具 keytool 生成證書

keytool -genkey -alias tomcathttps -keyalg RSA -keysize 4096 -keystore https.p12 -validity 365

參考地址

SpringBoot Https配置

后端代碼

在 httpResponse 響應(yīng)中增加 cookie

package com.scd.cookie.controller;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseCookie;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.Duration;

/**
 * @author James
 * @date 2023/4/8
 */
@RestController
@RequestMapping(value = "/cookie")
public class CookieController {
    private static final Logger LOGGER = LoggerFactory.getLogger(CookieController.class);

    private static final String COOKIE_DOMAIN = ".scd.com.cn";

    private static final int COOKIE_MAX_AGE_DAY = 7;

    private static final String COOKIE_KEY = "test_key";

    @GetMapping("/set")
    public String cookieSet(HttpServletResponse response) {
        Cookie cookie = new Cookie(COOKIE_KEY, "scd");
        cookie.setDomain(COOKIE_DOMAIN);
        cookie.setHttpOnly(true);
        cookie.setPath("/");
        cookie.setSecure(true);
        cookie.setMaxAge((int) Duration.ofDays(COOKIE_MAX_AGE_DAY).getSeconds());
        response.addCookie(cookie);
        return "OK";
    }

    @GetMapping("/get")
    public String cookieGet(HttpServletRequest request) {
        Cookie[] cookies = request.getCookies();
        for (Cookie cookie : cookies) {
            if (COOKIE_KEY.equals(cookie.getName())) {
                LOGGER.info("cookie name {} value {}", COOKIE_KEY, cookie.getValue());
            }
            return cookie.getValue();
        }
        return "OK";
    }
}

啟動服務(wù),訪問 https://dev.scd.com.cn:8080/cookie/set

后端服務(wù)報錯信息如下 An invalid domain [.scd.com.cn] was specified for this cookie

java.lang.IllegalArgumentException: An invalid domain [.scd.com.cn] was specified for this cookie
	at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:218) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.connector.Response.generateCookieString(Response.java:970) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.connector.Response.addCookie(Response.java:923) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:314) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57) ~[tomcat-embed-core-9.0.73.jar:4.0.FR]
	at com.scd.cookie.controller.CookieController.cookieSet(CookieController.java:39) ~[classes/:na]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_77]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_77]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_77]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_77]
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.26.jar:5.3.26]
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:502) ~[tomcat-embed-core-9.0.73.jar:4.0.FR]
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.26.jar:5.3.26]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:596) ~[tomcat-embed-core-9.0.73.jar:4.0.FR]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.26.jar:5.3.26]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.26.jar:5.3.26]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:142) ~[spring-session-core-2.7.1.jar:2.7.1]
	at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82) ~[spring-session-core-2.7.1.jar:2.7.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.26.jar:5.3.26]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-9.0.73.jar:9.0.73]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.73.jar:9.0.73]

根據(jù)堆棧信息,發(fā)現(xiàn)報錯的方法在校驗域名時候產(chǎn)生的org.apache.tomcat.util.http.Rfc6265CookieProcessor#generateHeader(javax.servlet.http.Cookie, javax.servlet.http.HttpServletRequest)
org.apache.tomcat.util.http.Rfc6265CookieProcessor#validateDomain

	private void validateDomain(String domain) {
        int i = 0;
        int prev = true;
        int cur = -1;

        for(char[] chars = domain.toCharArray(); i < chars.length; ++i) {
            int prev = cur;
            cur = chars[i];
            if (!domainValid.get(cur)) {
                throw new IllegalArgumentException(sm.getString("rfc6265CookieProcessor.invalidDomain", new Object[]{domain}));
            }

            if ((prev == 46 || prev == -1) && (cur == 46 || cur == 45)) {
                throw new IllegalArgumentException(sm.getString("rfc6265CookieProcessor.invalidDomain", new Object[]{domain}));
            }

            if (prev == 45 && cur == 46) {
                throw new IllegalArgumentException(sm.getString("rfc6265CookieProcessor.invalidDomain", new Object[]{domain}));
            }
        }

如何繞過校驗了,跟蹤代碼發(fā)現(xiàn)最終添加 cookie 的代碼方法為
org.apache.catalina.connector.Response#addCookie

org.apache.catalina.connector.Response#addHeader(java.lang.String, java.lang.String, java.nio.charset.Charset)

最終是轉(zhuǎn)換為字符串設(shè)置到 “Set-Cookie” 字符串的,可以使用如下方法直接設(shè)置

ResponseCookie cookie = ResponseCookie.from(COOKIE_KEY, "scd")
                .httpOnly(true)
                .secure(true)
                .domain(COOKIE_DOMAIN)
                .path("/")
                .sameSite("Lax")
                .maxAge(Duration.ofDays(COOKIE_MAX_AGE_DAY))
                .build();
        response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());

這樣就繞過校驗了。調(diào)整之后的代碼如下:

package com.scd.cookie.controller;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseCookie;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.Duration;

/**
 * @author James
 * @date 2023/4/8
 */
@RestController
@RequestMapping(value = "/cookie")
public class CookieController {
    private static final Logger LOGGER = LoggerFactory.getLogger(CookieController.class);

    private static final String COOKIE_DOMAIN = ".scd.com.cn";

    private static final int COOKIE_MAX_AGE_DAY = 7;

    private static final String COOKIE_KEY = "test_key";

    @GetMapping("/set")
    public String cookieSet(HttpServletResponse response) {
//        Cookie cookie = new Cookie(COOKIE_KEY, "scd");
//        cookie.setDomain(COOKIE_DOMAIN);
//        cookie.setHttpOnly(true);
//        cookie.setPath("/");
//        cookie.setSecure(true);
//        cookie.setMaxAge((int) Duration.ofDays(COOKIE_MAX_AGE_DAY).getSeconds());
//        response.addCookie(cookie);
        ResponseCookie cookie = ResponseCookie.from(COOKIE_KEY, "scd")
                .httpOnly(true)
                .secure(true)
                .domain(COOKIE_DOMAIN)
                .path("/")
                .sameSite("Lax")
                .maxAge(Duration.ofDays(COOKIE_MAX_AGE_DAY))
                .build();
        response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
        return "OK";
    }

    @GetMapping("/get")
    public String cookieGet(HttpServletRequest request) {
        Cookie[] cookies = request.getCookies();
        for (Cookie cookie : cookies) {
            if (COOKIE_KEY.equals(cookie.getName())) {
                LOGGER.info("cookie name {} value {}", COOKIE_KEY, cookie.getValue());
            }
            return cookie.getValue();
        }
        return "OK";
    }
}

驗證

重啟服務(wù),之后訪問 https://dev.scd.com.cn:8080/cookie/set,發(fā)現(xiàn)響應(yīng)頭設(shè)置cookie 成功

再次請求這個地址,請求頭也攜帶了 cookie

訪問 https://test.scd.com.cn:8080/cookie/set, 請求頭也會攜帶cookie

驗證后端解析 cookie 使用無痕模式,先訪問 https://dev.scd.com.cn:8080/cookie/set再訪問地址 https://test.scd.com.cn:8080/cookie/get

可以看到 cookie 在多個子域的請求都可以攜帶

到此這篇關(guān)于SpringBoot實現(xiàn)多個子域共享cookie的示例的文章就介紹到這了,更多相關(guān)SpringBoot 子域共享cookie內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

  • Struts2實現(xiàn)上傳單個文件功能

    Struts2實現(xiàn)上傳單個文件功能

    這篇文章主要為大家詳細(xì)介紹了Struts2實現(xiàn)上傳單個文件功能,具有一定的參考價值,感興趣的小伙伴們可以參考一下
    2017-06-06
  • 關(guān)于Java異常處理的幾條建議_動力節(jié)點Java學(xué)院整理

    關(guān)于Java異常處理的幾條建議_動力節(jié)點Java學(xué)院整理

    Java提供了拋出異常、捕捉異常和finally語句的使用來處理程序異常,下面就來具體看一下關(guān)于Java異常處理的幾條建議
    2017-06-06
  • SpringMVC入門實例

    SpringMVC入門實例

    這篇文章主要介紹了SpringMVC入門實例,在springmvc入門教程里算是比較不錯的,結(jié)構(gòu)也比較完整,需要的朋友可以參考。
    2017-11-11
  • 詳解MyBatis工作原理

    詳解MyBatis工作原理

    近來想寫一個mybatis的分頁插件,但是在寫插件之前肯定要了解一下mybatis具體的工作原理吧,本文就詳細(xì)總結(jié)了MyBatis工作原理,,需要的朋友可以參考下
    2021-05-05
  • 透過Spring源碼查看Bean的命名轉(zhuǎn)換規(guī)則圖文詳解

    透過Spring源碼查看Bean的命名轉(zhuǎn)換規(guī)則圖文詳解

    Java Bean是一種 Java 編程語言編寫的可重用軟件組件,包括符合一定規(guī)范的Java 類、屬性和方法,用于描述和處理應(yīng)用程序中的數(shù)據(jù)對象,下面這篇文章主要給大家介紹了關(guān)于透過Spring源碼查看Bean的命名轉(zhuǎn)換規(guī)則的相關(guān)資料,需要的朋友可以參考下
    2023-06-06
  • 在mybatis執(zhí)行SQL語句之前進(jìn)行攔擊處理實例

    在mybatis執(zhí)行SQL語句之前進(jìn)行攔擊處理實例

    本篇文章主要介紹了在mybatis執(zhí)行SQL語句之前進(jìn)行攔擊處理實例,具有一定的參考價值,感興趣的小伙伴們可以參考一下。
    2017-04-04
  • Java基于IO流實現(xiàn)登錄和注冊功能

    Java基于IO流實現(xiàn)登錄和注冊功能

    這篇文章主要為大家詳細(xì)介紹了Java基于IO流實現(xiàn)登錄和注冊功能,文中示例代碼介紹的非常詳細(xì),具有一定的參考價值,感興趣的小伙伴們可以參考一下
    2022-04-04
  • Maven項目更換本地倉庫過程圖解

    Maven項目更換本地倉庫過程圖解

    這篇文章主要介紹了Maven項目更換本地倉庫過程圖解,文中通過示例代碼介紹的非常詳細(xì),對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值,需要的朋友可以參考下
    2020-07-07
  • Java中去除字符串中所有空格的幾種方法

    Java中去除字符串中所有空格的幾種方法

    這篇文章介紹了Java中去除字符串中所有空格的幾種方法,有需要的朋友可以參考一下
    2013-07-07
  • SpringBoot Session共享實現(xiàn)圖解

    SpringBoot Session共享實現(xiàn)圖解

    這篇文章主要介紹了SpringBoot Session共享實現(xiàn)圖解,文中通過示例代碼介紹的非常詳細(xì),對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值,需要的朋友可以參考下
    2020-01-01

最新評論