[英]How can we Enable HSTS(HTTP Strict-Transport-Security) in weblogic server
I want to convert http request to https for my website.我想将我的网站的 http 请求转换为 https。 I have already taken SSL Certificate but there may be chance of bypass my Application's enabled encryption and after having certificate my application is not able to prevent accessing over unsecure connection
我已经获得了 SSL 证书,但可能有机会绕过我的应用程序启用的加密,并且在获得证书后,我的应用程序无法阻止通过不安全连接进行访问
Unfortunately there is no easy way to enable this in weblogic (easy in form of a simple checkbox).不幸的是,在 weblogic 中没有简单的方法来启用它(简单的复选框形式)。
Your best option is probably to add your own filter to add the HSTS header.您最好的选择可能是添加您自己的过滤器来添加 HSTS 标头。 Have a look at this answer on how to do that: https://stackoverflow.com/a/30455120/1391209
看看这个答案如何做到这一点: https : //stackoverflow.com/a/30455120/1391209
Here the relevant answer text for easier reference (and in case that answer gets deleted):这里是相关的答案文本,以便于参考(以防答案被删除):
You can add it using a filter.
您可以使用过滤器添加它。 Add the following snippet to web.xml:
将以下代码段添加到 web.xml:
<filter>
<filter-name>HSTSFilter</filter-name>
<filter-class>security.HSTSFilter</filter-class>
</filter>
And then create a filter in your webapp:
然后在你的 webapp 中创建一个过滤器:
package security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class HSTSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) res;
if (req.isSecure())
resp.setHeader("Strict-Transport-Security", "max-age=31622400; includeSubDomains");
chain.doFilter(req, resp);
}
}
use this code in your web.config在您的 web.config 中使用此代码
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
</customHeaders>
</httpProtocol>
</system.webServer>
Use -Dweblogic.http.headers.enableHSTS=true
JVM system property for Oracle Weblogic Server 12.2.1.4 or more recent versions.对 Oracle Weblogic Server 12.2.1.4 或更新版本使用
-Dweblogic.http.headers.enableHSTS=true
JVM 系统属性。 Older patch sets/releases with applied October 2019 patch set update also have this functionality backported.应用了 2019 年 10 月补丁集更新的旧补丁集/版本也向后移植了此功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.