英文:
Advice on passing HTTP Headers in a thread safe manner
问题
期望的行为:
有一个Spring Boot应用程序,其中有一个控制器,托管一个端点,该端点将通过单独的服务检索数据(通过HTTP调用)。但是,它需要将原始请求中的原始标记(Bearer token)传递给此服务。
当前的实现:
A. 有一个GenericFilter,它将“Authorization”标头保存到一个bean实例中。
@Component
public class exampleFilter extends OncePerRequestFilter {
@Autowired
private POJO pojo;
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
pojo.setAuthorization(httpServletRequest.getHeader("Authorization"));
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
问题:
由于Authorization值存储在一个bean中,因此它不是线程安全的。根据在线研究,模式是在HTTPServlet类的“doGet()”或“service()”方法中使用方法变量;但是,这对于此问题并未正确工作。
这种模式是否仍然是解决此问题的正确方法?对于此问题有什么建议吗?
提前感谢!
英文:
Desired behaviour:
There is a Spring Boot Application that has a Controller which hosts an endpoint which will retrieve data (via HTTP call) through a separate service. However, it will need to pass along the Bearer token from the original headers in the original request.
Current Implementation:
A. There is a GenericFilter which will save the "Authorization" header into a bean instance.
@Component
public class exampleFilter extends OncePerRequestFilter {
@Autowired
private POJO pojo;
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
pojo.setAuthorization(httpServletRequest.getHeader("Authorization"));
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
Issue:
Since the Authorization value is stored in a bean, it is not thread safe.
From online research, the pattern is to use a method variable in an HTTPServlet class' "doGet()" or "service()" method; however, this has not worked correctly for this issue.
Is that pattern still the right solution for this problem ? any suggestions on what should be ?
Thanks in advance!
专注分享java语言的经验与见解,让所有开发者获益!
评论