Tomcat安全约束影响缓存 [英] tomcat security-constraint impact cache
问题描述
我在缓存我的应用程序时遇到问题.
I have a problem in caching my application.
将此代码添加到tomcat的web.xml中时:
when this code is added to web.xml of tomcat :
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
我收到此回复:
Cache-Control private
Date Tue, 18 Feb 2014 01:18:17 GMT
Etag W/"200-1391558564593"
Expires Thu, 01 Jan 1970 00:00:00 WET
Server Apache-Coyote/1.1
没有此代码,一切都很好:
Without this code everything is fine :
Accept-Ranges bytes
Cache-Control max-age=604800
Content-Length 1496
Content-Type text/css
Date Tue, 18 Feb 2014 01:21:26 GMT
Etag W/"1496-1391558561359"
Expires Tue, 25 Feb 2014 01:21:27 GMT
Last-Modified Wed, 05 Feb 2014 00:02:41 GMT
Server Apache-Coyote/1.1
任何人都可以找出导致问题的原因吗?以及为什么此代码将缓存控件更改为我的应用程序私有.非常感谢
Anyone can tell what cause the problem? and why this code change the cache-controle to private of my application. thanks a lot
Tomcat 7.0
JDK : 1.6
推荐答案
According to the Oracle Java EE 6 tutorial, specifying a user-data-constraint of "CONFIDENTIAL" is to be used
当应用程序要求传输数据以防止其他实体观察传输内容时.
when the application requires that data be transmitted so as to prevent other entities from observing the contents of the transmission.
对于HTTP响应,这意味着确保在从服务器到客户端的过程中,没有代理/缓存能够缓存该响应并提供给任何其他发出请求的客户端.因此使用:
For HTTP responses, that would mean ensuring that no proxies/caches along the way, from the server back to the client, would be able to cache that response and provide to any other requesting client. Thus the use of:
Cache-Control: private
虽然您可能会倾向于使用整数"而不是机密",但是同一教程指出,许多Java EE服务器对这两个值的处理相同.
While you might be tempted to use "INTEGRAL" instead of "CONFIDENTIAL", the same tutorial points out that many Java EE servers treat these two values identically.
如果您的应用程序需要允许缓存,我怀疑您需要从web.xml文件中删除<user-data-constraint>元素.
If your application needs to allow caching, I suspect that you would need to remove the <user-data-constraint> element from your web.xml file.
希望这会有所帮助!
这篇关于Tomcat安全约束影响缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
