将HSTS功能添加到Tomcat [英] Add HSTS feature to Tomcat
问题描述
非常信任你。
我的网络应用程序在tomcat 6.0.43上运行,不要在前面使用apache或nginx。
My web application run on tomcat 6.0.43 and do not use apache or nginx at front.
我已经使用以下方式将我的网址从http重定向强制执行到https:
I'm already enforce my web from http redirect to https using:
- URL重定向位于../ webapps / ROOT / index.jsp
<%response.sendRedirect( https://www.epi.com.my/portal/); %>
- ../ webapps / myapp / WEB-INF / web。 xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint></security-constraint>
在何处添加以下代码
标题添加Strict-Transport-Securitymax-age = 15768000
Header add Strict-Transport-Security "max-age=15768000"
OR
tomcat没有这个功能吗?
或者我需要修改我的每个java web app控制器。
OR Is tomcat did not have this feature? Or I need to modify in every my java web app controller.
推荐答案
您可以使用过滤器添加它。将以下代码段添加到web.xml:
You can add it using a filter. Add the following snippet to web.xml:
<filter>
<filter-name>HSTSFilter</filter-name>
<filter-class>security.HSTSFilter</filter-class>
</filter>
然后在您的网络应用中创建一个过滤器:
And then create a filter in your webapp:
package security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class HSTSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) res;
if (req.isSecure())
resp.setHeader("Strict-Transport-Security", "max-age=31622400; includeSubDomains");
chain.doFilter(req, resp);
}
}
还可以使用全球网络添加过滤器.xml(conf / web.xml)。
Its also possible to add the filter using the global web.xml (conf/web.xml).
这篇关于将HSTS功能添加到Tomcat的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!