我正在尝试调整我的应用程序配置以设置 ETag 支持。
我刚刚检查了this所以问题,所以让我说一下我的代码与它的不同之处:
- 我不使用任何 xml 配置文件。
- 我为系统的各个方面使用了不同的配置类。我的
WebConfig
如下所示:
@Configuration
@EnableAutoConfiguration
@ComponentScan(basePackages = { "xxx", "yyy" })
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public Filter shallowETagHeaderFilter() {
return new ShallowEtagHeaderFilter();
}
...
}
- 我的 SecurityConfig 如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
...
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint())
.and().authorizeRequests()
.antMatchers(HttpMethod.GET, "/**").authenticated()
.antMatchers(HttpMethod.POST, "/**").authenticated()
.antMatchers(HttpMethod.HEAD, "/**").authenticated()
.and().csrf().disable()
.addFilterBefore(authenticationTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
- 我还有一个初始化器类,它是空的:
@Order(value=1)
public class SecurityWebAppInitializer extends AbstractSecurityWebApplicationInitializer {
}
我没有看到 ShallowEtagHeaderFilter
被添加到默认链或任何东西的任何地方,我如何在此设置中使用它?
最佳答案
好的,
根据this帖子:
[...] To help mitigate this Spring Security has added cache control support which will insert the following headers into you response.
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
所以,发生的事情是添加了 ETag 支持,但 Spring Security 在响应中使其无效。看来如果要同时使用 Spring Security 和 ETag 支持,则需要声明以下代码行(箭头突出显示):
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
...
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint())
.and().authorizeRequests()
.antMatchers(HttpMethod.GET, "/**").authenticated()
.antMatchers(HttpMethod.POST, "/**").authenticated()
.antMatchers(HttpMethod.HEAD, "/**").authenticated()
.and().csrf().disable()
.addFilterBefore(authenticationTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
===> http.headers().cacheControl().disable();
}
}
关于spring - 在 Spring Boot MVC 中添加 ShallowEtagHeaderFilter,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26742207/