在 Spring Boot MVC 中添加 ShallowEtagHeaderFilter [英] Add ShallowEtagHeaderFilter in Spring Boot MVC

查看:108
本文介绍了在 Spring Boot MVC 中添加 ShallowEtagHeaderFilter的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试调整我的应用程序配置以设置 ETag 支持.

我刚刚检查了这个所以问题,让我说我的代码与它的不同之处:

  1. 我不使用任何 xml 配置文件.
  2. 我正在为系统的每个方面使用不同的配置类.我的 WebConfig 看起来像这样:

<前><代码>@配置@EnableAutoConfiguration@ComponentScan(basePackages = { "xxx", "yyy" })公共类 WebConfig 扩展了 WebMvcConfigurerAdapter {@豆角,扁豆公共过滤器shallowETagHeaderFilter() {返回新的 ShallowEtagHeaderFilter();}...}

  1. 我的 SecurityConfig 如下所示:

<前><代码>@配置@启用网络安全公共类 SecurityConfig 扩展了 WebSecurityConfigurerAdapter {...@覆盖protected void configure(final HttpSecurity http) 抛出异常 {http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().authorizeRequests().antMatchers(HttpMethod.GET, "/**").authenticated().antMatchers(HttpMethod.POST, "/**").authenticated().antMatchers(HttpMethod.HEAD, "/**").authenticated().and().csrf().disable().addFilterBefore(authenticationTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class);}}

  1. 我还有一个初始化器类,它是空的:

<前><代码>@订单(值=1)公共类 SecurityWebAppInitializer 扩展 AbstractSecurityWebApplicationInitializer {}

我没有看到任何地方将 ShallowEtagHeaderFilter 添加到默认链或任何东西中,我该如何在此设置中使用它?

解决方案

好的,

根据这个帖子:

<块引用>

[...] 为了帮助缓解这种情况,Spring Security 添加了缓存控制支持,它将在您的响应中插入以下标头.

缓存控制:无缓存、无存储、max-age=0、必须重新验证

编译指示:无缓存

过期时间:0

所以,发生的事情是添加了 ETag 支持,但 Spring Security 在响应中使其无效.看来如果要同时使用 Spring Security 和 ETag 支持,则需要声明以下代码行(用箭头突出显示):

@Configuration@启用网络安全公共类 SecurityConfig 扩展了 WebSecurityConfigurerAdapter {...@覆盖protected void configure(final HttpSecurity http) 抛出异常 {http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().authorizeRequests().antMatchers(HttpMethod.GET, "/**").authenticated().antMatchers(HttpMethod.POST, "/**").authenticated().antMatchers(HttpMethod.HEAD, "/**").authenticated().and().csrf().disable().addFilterBefore(authenticationTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class);===>http.headers().cacheControl().disable();}}

I'm trying to adjust my application configuration in order to setup ETag support.

I have just checked this SO question, so let me say where my code is different from it:

  1. I don't use any xml configuration file whatsoever.
  2. I'm using different configuration classes for each aspect of the system. My WebConfig looks like this:


@Configuration
@EnableAutoConfiguration
@ComponentScan(basePackages = { "xxx", "yyy" })
public class WebConfig extends WebMvcConfigurerAdapter {

   @Bean
   public Filter shallowETagHeaderFilter() {
        return new ShallowEtagHeaderFilter();
   }
      ...
}

  1. And my SecurityConfig looks like this:


    @Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
        ...

        @Override
        protected void configure(final HttpSecurity http) throws Exception {
            http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().exceptionHandling()
                        .authenticationEntryPoint(authenticationEntryPoint())
                .and().authorizeRequests()
                        .antMatchers(HttpMethod.GET, "/**").authenticated()
                        .antMatchers(HttpMethod.POST, "/**").authenticated()
                        .antMatchers(HttpMethod.HEAD, "/**").authenticated()
            .and().csrf().disable()    
            .addFilterBefore(authenticationTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
        }

    }

  1. I also have an initializer class, which is empty:


    @Order(value=1)
    public class SecurityWebAppInitializer extends AbstractSecurityWebApplicationInitializer {

    }

I don't see anywhere the ShallowEtagHeaderFilter been added to the default chain or anything, how can I use it in this setup?

解决方案

Alright,

According to this post:

[...] To help mitigate this Spring Security has added cache control support which will insert the following headers into you response.

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: 0

So, what happened is that ETag support was added, but Spring Security invalidated it in the response. It seems that if you want to use both Spring Security and ETag support, you need to declare the following code line (highlighted by the arrow):

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    ...

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().exceptionHandling()
                    .authenticationEntryPoint(authenticationEntryPoint())
            .and().authorizeRequests()
                    .antMatchers(HttpMethod.GET, "/**").authenticated()
                    .antMatchers(HttpMethod.POST, "/**").authenticated()
                    .antMatchers(HttpMethod.HEAD, "/**").authenticated()
        .and().csrf().disable()    
        .addFilterBefore(authenticationTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
        ===> http.headers().cacheControl().disable();
    }

}

这篇关于在 Spring Boot MVC 中添加 ShallowEtagHeaderFilter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆