WildFly 10上的JAX-RS REST服务+ EJB始终在响应中添加无缓存HTTP标头 [英] JAX-RS REST service + EJB on WildFly 10, always adds no-cache HTTP header in responses

问题描述

我写了一个提供休息服务的无状态EJB. 我正在使用Wildfly 10应用程序服务器，并正在使用Netbeans IDE进行开发.

我试图通过在服务方法的http响应中添加max-age标头来将几个方法的返回值缓存几个小时.请考虑这是我的bean的简化版本:

    @Stateless
    @DeclareRoles({"role1","role2"})
    @RolesAllowed({"role1","role2"})
    @Path("api-dummy")
    public class DummyApiREST {

        @EJB
        private StuffFacade stuffFacade;

        @GET
        @Path("get-stuff")
        @Produces({MediaType.APPLICATION_JSON})
        public Response findStuff() {
            Stuff stuff = stuffFacade.getStuff();
            Response.ResponseBuilder builder = Response.status(Response.Status.OK).entity(stuff);
            Utils.setCacheHeader(maxAgeSeconds, builder);
            return builder.build();
        }
   }

和setCacheHeader方法:

private static Response.ResponseBuilder setCacheHeader(int maxAgeSeconds, Response.ResponseBuilder builder) {
        CacheControl cc = new CacheControl();
        cc.setNoCache(false);
        cc.setNoStore(false);
        cc.setMaxAge(maxAgeSeconds);
        cc.setPrivate(true);
        builder.cacheControl(cc);
        return builder;
 }

但是返回的"get-stuff"响应始终包含Cache-Control标头的重复项；重复标头包含no-cache指令(这也是Pragma标头):

HTTP/1.1 200 OK
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: no-transform, max-age=60, private
X-Powered-By: Undertow/1
Server: WildFly/10
Pragma: no-cache
Date: Thu, 13 Apr 2017 15:11:17 GMT
Connection: keep-alive
Content-Type: application/json

我认为问题是由EJB中JAX-RS服务的默认行为(或过滤器)引起的.我的问题是:

• 是否有更好的方法来设置max-age并在JAX-RS + EJB中启用缓存?
• 是否有办法禁用此无缓存默认行为? (或者换句话说，通常在哪里配置?)
• .. and ..我的解决方案出了什么问题? :-)

注意:也许没有关系，我已经配置了一个jdbc安全域，并且用户身份验证和主体工作正常.

致谢

解决方案

我找到了解决方案. 默认情况下，Wildfly(我也认为JBoss也是)将 no-cache 指令添加到 all 私有资源(需要身份验证的资源)中. /p>

您必须通过在 server-container 中添加属性 disable-caching -*来更改 standalone.xml 文件中的配置.标签:

<servlet-container name="default" disable-caching-for-secured-pages="false">
                    <jsp-config/>
                    <websockets/>
</servlet-container>

通过这种方式，不再将 Pragma 和 nocache 指令添加到响应中，并且我在问题中发布的代码也按预期工作.

编辑:提醒一下，当在同一URL上请求私有资源时，必须将不同的内容返回给必须具有的不同用户:

• 在该响应中添加 private 标头，以使您的反向代理能够 不会缓存该内容，或者替代..
• ..在其中留下 nocache 标头以获取响应

I have wrote a stateless EJB that provides a rest service. I am working with the Wildfly 10 application server and developing with the Netbeans IDE.

I have tried to cache the return values of few methods for few hours by adding a max-age header in the http-response of the service methods. Please consider this is a simplified version of my bean:

    @Stateless
    @DeclareRoles({"role1","role2"})
    @RolesAllowed({"role1","role2"})
    @Path("api-dummy")
    public class DummyApiREST {

        @EJB
        private StuffFacade stuffFacade;

        @GET
        @Path("get-stuff")
        @Produces({MediaType.APPLICATION_JSON})
        public Response findStuff() {
            Stuff stuff = stuffFacade.getStuff();
            Response.ResponseBuilder builder = Response.status(Response.Status.OK).entity(stuff);
            Utils.setCacheHeader(maxAgeSeconds, builder);
            return builder.build();
        }
   }

And the setCacheHeader method:

private static Response.ResponseBuilder setCacheHeader(int maxAgeSeconds, Response.ResponseBuilder builder) {
        CacheControl cc = new CacheControl();
        cc.setNoCache(false);
        cc.setNoStore(false);
        cc.setMaxAge(maxAgeSeconds);
        cc.setPrivate(true);
        builder.cacheControl(cc);
        return builder;
 }

But the returned response of "get-stuff" always contains a duplicate of the Cache-Control header; the duplicate header contains no-cache directives (the is also a Pragma header):

HTTP/1.1 200 OK
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: no-transform, max-age=60, private
X-Powered-By: Undertow/1
Server: WildFly/10
Pragma: no-cache
Date: Thu, 13 Apr 2017 15:11:17 GMT
Connection: keep-alive
Content-Type: application/json

I suppose the problem is caused by a default behaviour--or filter-- for the JAX-RS services in my EJBs. My questions are:

• Is there a better way to set the max-age and enable caching in JAX-RS + EJB?
• Is there a way to disable this no-cache default behaviour? (OR in other words, where is this usually configured?)
• ..and..what is wrong in my solution? :-)

NOTE: Perhaps it is not related, I have configured a jdbc security-domain and users authenticate and principal(s) work well.

Regards

解决方案

I have found the solution. By default Wildfly (and I think JBoss too) adds the no-cache directives to all the private resources (resources that needs authentication).

You have to change the configuration in standalone.xml file, by adding an attribute disable-caching-* to the server-container tag:

<servlet-container name="default" disable-caching-for-secured-pages="false">
                    <jsp-config/>
                    <websockets/>
</servlet-container>

In this way no more Pragma and nocache directives will be added to responses and the code I posted in my question, it simply works as expected.

EDIT: Remind, when requests for private resources, at the same URL, have to return different contents to different users you have to:

• add the private header to that responses, for your reverse proxy to not cache that content OR in alternative..
• ..left the nocache header there for that responses

这篇关于WildFly 10上的JAX-RS REST服务+ EJB始终在响应中添加无缓存HTTP标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！