[英]disable caching for specific url in spring security
在我的情况下,我有四种方法可以解决我的问题:
index.html
写元配置并禁用缓存(对我不起作用) index.html
更改为index.jsp
并禁用此处的缓存(对我来说index.jsp
,但是我的客户组需要index.html) web.xml
使用过滤器并区分所需的请求并禁用缓存 我的问题是我如何使用Spring Security禁用index.html
缓存(也许在http
标记中使用intercept-url
)
您可以使用Spring Security xml配置有选择地将没有缓存头仅添加到index.html,如下所示:
<security:http>
[intercept-url, etc omitted...]
<security:headers>
<!-- selectively applied to dynamic pages only via pattern matching, -->
<security:header ref="noCacheHeaders"/>
</security:headers>
</security:http>
<bean id="noCacheHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/index.html"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.CacheControlHeadersWriter"/>
</constructor-arg>
</bean>
但是,如果使用Spring Security,通常的模式是默认情况下不对所有页面设置缓存,然后有选择地为那些静态资源关闭这些页眉
要完成此功能,您必须显式定义两种情况下都希望应用的所有标头,并通过互补的请求匹配器模式选择页面。 例如,在一个应用程序中,在/static
及其子目录下找到静态的可缓存资源,并且映射到控制器的所有动态页面均具有.htm
扩展名,您可以使用以下配置:
<security:http>
[...]
<security:headers>
<!-- selectively applied to static pages only via pattern matching, see DelegatingRequestMatcherHeaderWriter below-->
<security:header ref="cacheStaticsHeaders" />
<!-- selectively applied to dynamic pages only via pattern matching, as above, see below -->
<security:header ref="xXssProtectionHeader" />
<security:header ref="noCacheHeaders"/>
<security:header ref="xContentHeader"/>
<security:header ref="hstsHeader"/>
<security:header ref="xFrameHeader"/>
</security:headers>
</security:http>
<!-- set far future caching on static resources -->
<bean id="cacheStaticsHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/static/**"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.StaticHeadersWriter">
<constructor-arg name="headers">
<list>
<bean class="org.springframework.security.web.header.Header">
<constructor-arg name="headerName" value="cache-control"></constructor-arg>
<constructor-arg name="headerValues" value="max-age=31536000"/>
</bean>
<bean class="org.springframework.security.web.header.Header">
<constructor-arg name="headerName" value="Expires"></constructor-arg>
<constructor-arg name="headerValues" value="31536000"/>
</bean>
</list>
</constructor-arg>
</bean>
</constructor-arg>
</bean>
<!-- all the following header writers applied to dynamic, shouldn't be cached pages -->
<bean id="xXssProtectionHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.XXssProtectionHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="noCacheHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.CacheControlHeadersWriter"/>
</constructor-arg>
</bean>
<bean id="xContentHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="hstsHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.HstsHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="xFrameHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter"/>
</constructor-arg>
</bean>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.