Tomcat安全约束影响缓存 [英] tomcat security-constraint impact cache
问题描述
我在缓存我的应用程序时遇到问题.
I have a problem in caching my application.
将此代码添加到tomcat的web.xml中时:
when this code is added to web.xml of tomcat :
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
我收到此回复:
Cache-Control private
Date Tue, 18 Feb 2014 01:18:17 GMT
Etag W/"200-1391558564593"
Expires Thu, 01 Jan 1970 00:00:00 WET
Server Apache-Coyote/1.1
没有此代码,一切都很好:
Without this code everything is fine :
Accept-Ranges bytes
Cache-Control max-age=604800
Content-Length 1496
Content-Type text/css
Date Tue, 18 Feb 2014 01:21:26 GMT
Etag W/"1496-1391558561359"
Expires Tue, 25 Feb 2014 01:21:27 GMT
Last-Modified Wed, 05 Feb 2014 00:02:41 GMT
Server Apache-Coyote/1.1
任何人都可以找出导致问题的原因吗?以及为什么此代码将缓存控件更改为我的应用程序私有.非常感谢
Anyone can tell what cause the problem? and why this code change the cache-controle to private of my application. thanks a lot
Tomcat 7.0
JDK : 1.6
推荐答案
According to the Oracle Java EE 6 tutorial, specifying a user-data-constraint
of "CONFIDENTIAL" is to be used
当应用程序要求传输数据以防止其他实体观察传输内容时.
when the application requires that data be transmitted so as to prevent other entities from observing the contents of the transmission.
对于HTTP响应,这意味着确保在从服务器到客户端的过程中,没有代理/缓存能够缓存该响应并提供给任何其他发出请求的客户端.因此使用:
For HTTP responses, that would mean ensuring that no proxies/caches along the way, from the server back to the client, would be able to cache that response and provide to any other requesting client. Thus the use of:
Cache-Control: private
虽然您可能会倾向于使用整数"而不是机密",但是同一教程指出,许多Java EE服务器对这两个值的处理相同.
While you might be tempted to use "INTEGRAL" instead of "CONFIDENTIAL", the same tutorial points out that many Java EE servers treat these two values identically.
如果您的应用程序需要允许缓存,我怀疑您需要从web.xml
文件中删除<user-data-constraint>
元素.
If your application needs to allow caching, I suspect that you would need to remove the <user-data-constraint>
element from your web.xml
file.
希望这会有所帮助!
这篇关于Tomcat安全约束影响缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!