如何创建cookie并从我的服务层内添加到http响应？

Question

我在spring mvc应用程序中创建自定义身份验证服务:

@Service
public class AuthenticationServiceImpl implements AuthenticationService {

   @Autowired
   UserService userService;

   @Override
   public void login(String email, String password) {

      boolean isValid = userService.isValidLogin(email, password);

      if(isValid) {
          // ??? create a session cookie and add to http response
      }

   }

}

如何创建cookie并将其添加到响应中？

Answer 1

关注@ Aravind的回答以及更多细节

@RequestMapping("/myPath.htm")
public ModelAndView add(HttpServletRequest request, HttpServletResponse response) throws Exception{
    myServiceMethodSettingCookie(request, response);        //Do service call passing the response
    return new ModelAndView("CustomerAddView");
}

// service method
void myServiceMethodSettingCookie(HttpServletRequest request, HttpServletResponse response){
    final String cookieName = "my_cool_cookie";
    final String cookieValue = "my cool value here !";  // you could assign it some encoded value
    final Boolean useSecureCookie = false;
    final int expiryTime = 60 * 60 * 24;  // 24h in seconds
    final String cookiePath = "/";

    Cookie cookie = new Cookie(cookieName, cookieValue);

    cookie.setSecure(useSecureCookie);  // determines whether the cookie should only be sent using a secure protocol, such as HTTPS or SSL

    cookie.setMaxAge(expiryTime);  // A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.

    cookie.setPath(cookiePath);  // The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories

    response.addCookie(cookie);
}

相关文档:

http://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html

http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity.html

Answer 2

在Spring MVC中,默认情况下会获得HtppServletResponce对象.

   @RequestMapping("/myPath.htm")
    public ModelAndView add(HttpServletRequest request,
         HttpServletResponse response) throws Exception{
            //Do service call passing the response
    return new ModelAndView("CustomerAddView");
    }

//Service code
Cookie myCookie =
  new Cookie("name", "val");
  response.addCookie(myCookie);

Answer 3

Cookie是具有键值对的对象,用于存储与客户相关的信息.主要目标是个性化客户的体验.

可以创建一个实用方法

private Cookie createCookie(String cookieName, String cookieValue) {
    Cookie cookie = new Cookie(cookieName, cookieValue);
    cookie.setPath("/");
    cookie.setMaxAge(MAX_AGE_SECONDS);
    cookie.setHttpOnly(true);
    cookie.setSecure(true);
    return cookie;
}

如果存储重要信息,那么我们应该放置setHttpOnly,以便无法通过javascript访问/修改cookie.如果您希望仅通过https协议访问cookie,则setSecure适用.

使用上面的实用工具方法,你可以添加cookie作为响应

Cookie cookie = createCookie("name","value");
response.addCookie(cookie);