根据Transmission docs,您需要发送在第一个请求中生成的令牌.然后,服务器将使用409 HTTP代码以及包含令牌的标头进行响应.该令牌应在所有后续调用中发送:
2.3.1. CSRF Protection Most Transmission RPC servers require a X-Transmission-Session-Id header to be sent with requests,to prevent
CSRF attacks. When your request has the wrong id — such as when you
send your first request,or when the server expires the CSRF token —
the Transmission RPC server will return an HTTP 409 error with the
right X-Transmission-Session-Id in its own headers. So,the correct
way to handle a 409 response is to update your
X-Transmission-Session-Id and to resend the prevIoUs request.
我正在寻找使用CXF过滤器或拦截器的解决方案,它基本上将处理409响应并重试添加令牌头的初始请求.我认为客户端可以持续这个令牌,并在将来的电话中发送它.
我不太熟悉cxf,所以我想知道这是否可以完成和如何.任何提示都会有所帮助.
谢谢!
解决方法
在这种情况下,伪代码/逻辑看起来像下面
RetryTemplate template = new RetryTemplate();
Foo foo = template.execute(new RetryCallback<Foo>() {
public Foo doWithRetry(RetryContext context) {
/*
* 1. Check if RetryContext contains the token via hasAttribute. If available set the header else proceed
* 2. Call the transmission API
* 3.a. If API responds with 409,read the token
* 3.a.1. Store the token in RetryContext via setAttribute method
* 3.a.2. Throw a custom exception so that retry kicks in
* 3.b. If API response is non 409 handle according to business logic
* 4. Return result
*/
}
});
确保使用合理的重试和配置来配置RetryTemplate退货政策,以避免任何资源争用/惊喜.
N.B .: RetryContext的实现RetryContextSupport具有hasAttribute& setAttribute方法继承自Spring Core AttributeAccessor
