[英]disable caching for specific url in spring security
在我的情況下,我有四種方法可以解決我的問題:
index.html
寫元配置並禁用緩存(對我不起作用) index.html
更改為index.jsp
並禁用此處的緩存(對我來說index.jsp
,但是我的客戶組需要index.html) web.xml
使用過濾器並區分所需的請求並禁用緩存 我的問題是我如何使用Spring Security禁用index.html
緩存(也許在http
標記中使用intercept-url
)
您可以使用Spring Security xml配置有選擇地將沒有緩存頭僅添加到index.html,如下所示:
<security:http>
[intercept-url, etc omitted...]
<security:headers>
<!-- selectively applied to dynamic pages only via pattern matching, -->
<security:header ref="noCacheHeaders"/>
</security:headers>
</security:http>
<bean id="noCacheHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/index.html"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.CacheControlHeadersWriter"/>
</constructor-arg>
</bean>
但是,如果使用Spring Security,通常的模式是默認情況下不對所有頁面設置緩存,然后有選擇地為那些靜態資源關閉這些頁眉
要完成此功能,您必須顯式定義兩種情況下都希望應用的所有標頭,並通過互補的請求匹配器模式選擇頁面。 例如,在一個應用程序中,在/static
及其子目錄下找到靜態的可緩存資源,並且映射到控制器的所有動態頁面均具有.htm
擴展名,您可以使用以下配置:
<security:http>
[...]
<security:headers>
<!-- selectively applied to static pages only via pattern matching, see DelegatingRequestMatcherHeaderWriter below-->
<security:header ref="cacheStaticsHeaders" />
<!-- selectively applied to dynamic pages only via pattern matching, as above, see below -->
<security:header ref="xXssProtectionHeader" />
<security:header ref="noCacheHeaders"/>
<security:header ref="xContentHeader"/>
<security:header ref="hstsHeader"/>
<security:header ref="xFrameHeader"/>
</security:headers>
</security:http>
<!-- set far future caching on static resources -->
<bean id="cacheStaticsHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/static/**"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.StaticHeadersWriter">
<constructor-arg name="headers">
<list>
<bean class="org.springframework.security.web.header.Header">
<constructor-arg name="headerName" value="cache-control"></constructor-arg>
<constructor-arg name="headerValues" value="max-age=31536000"/>
</bean>
<bean class="org.springframework.security.web.header.Header">
<constructor-arg name="headerName" value="Expires"></constructor-arg>
<constructor-arg name="headerValues" value="31536000"/>
</bean>
</list>
</constructor-arg>
</bean>
</constructor-arg>
</bean>
<!-- all the following header writers applied to dynamic, shouldn't be cached pages -->
<bean id="xXssProtectionHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.XXssProtectionHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="noCacheHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.CacheControlHeadersWriter"/>
</constructor-arg>
</bean>
<bean id="xContentHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="hstsHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.HstsHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="xFrameHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter"/>
</constructor-arg>
</bean>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.