我使用Spring Boot 1.0.2实现了一个REST服务器。我无法阻止Spring设置禁用HTTP缓存的HTTP标头。
我的控制器如下:
@Controller
public class MyRestController {
@RequestMapping(value = "/someUrl", method = RequestMethod.GET)
public @ResponseBody ResponseEntity<String> myMethod(
HttpServletResponse httpResponse) throws SQLException {
return new ResponseEntity<String>("{}", HttpStatus.OK);
}
}
所有HTTP响应都包含以下标题:
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: 0
Pragma: no-cache
我已尝试以下方法删除或更改这些标题:
setCacheSeconds(-1)
。httpResponse.setHeader("Cache-Control", "max-age=123")
。@Bean
,返回WebContentInterceptor
,我称之为setCacheSeconds(-1)
。spring.resources.cache-period
设置为-1或application.properties
中的正值。以上都没有任何影响。如何在Spring Boot中为所有或单个请求禁用或更改这些标头?
答案 0 :(得分:49)
原则上,Spring Security设置了无缓存HTTP标头。这在http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers中进行了讨论。
以下禁用HTTP响应标头Pragma: no-cache
,但不能解决问题:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// Prevent the HTTP response header of "Pragma: no-cache".
http.headers().cacheControl().disable();
}
}
我最终完全禁用了Spring Security for public static resources,如下所示(与上面相同的类):
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/static/public/**");
}
这需要配置两个资源处理程序才能正确获取缓存控制标头:
@Configuration
public class MvcConfigurer extends WebMvcConfigurerAdapter
implements EmbeddedServletContainerCustomizer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
// Resources without Spring Security. No cache control response headers.
registry.addResourceHandler("/static/public/**")
.addResourceLocations("classpath:/static/public/");
// Resources controlled by Spring Security, which
// adds "Cache-Control: must-revalidate".
registry.addResourceHandler("/static/**")
.addResourceLocations("classpath:/static/")
.setCachePeriod(3600*24);
}
}
另见Serving static web resources in Spring Boot & Spring Security application。
答案 1 :(得分:5)
我找到了这个Spring扩展名:https://github.com/foo4u/spring-mvc-cache-control。
你只需要做三个步骤。
第1步(pom.xml):
<dependency>
<groupId>net.rossillo.mvc.cache</groupId>
<artifactId>spring-mvc-cache-control</artifactId>
<version>1.1.1-RELEASE</version>
<scope>compile</scope>
</dependency>
第2步(WebMvcConfiguration.java):
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new CacheControlHandlerInterceptor());
}
}
步骤3(控制器):
@Controller
public class MyRestController {
@CacheControl(maxAge=31556926)
@RequestMapping(value = "/someUrl", method = RequestMethod.GET)
public @ResponseBody ResponseEntity<String> myMethod(
HttpServletResponse httpResponse) throws SQLException {
return new ResponseEntity<String>("{}", HttpStatus.OK);
}
}
答案 2 :(得分:4)
spring boot中有很多方法可以进行http缓存。使用Spring Boot 2.1.1和额外的Spring Security 5.1.1。
1。对于在代码中使用resourcehandler的资源:
您可以通过这种方式添加自定义资源扩展。
registry.addResourceHandler
用于将uri路径添加到获取资源的位置
.addResourceLocations
用于设置文件系统中资源所在的位置( 给出的是具有classpath的相对路径,但也可以使用file :: //的绝对路径。)
.setCacheControl
用于设置缓存头(说明)。
Resourcechain和resolver是可选的(在这种情况下,与默认值完全相同)。
@Configuration
public class CustomWebMVCConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/*.js", "/*.css", "/*.ttf", "/*.woff", "/*.woff2", "/*.eot",
"/*.svg")
.addResourceLocations("classpath:/static/")
.setCacheControl(CacheControl.maxAge(365, TimeUnit.DAYS)
.cachePrivate()
.mustRevalidate())
.resourceChain(true)
.addResolver(new PathResourceResolver());
}
}
2。对于使用应用程序属性配置文件的资源
与上面相同,减去了特定的模式,但现在是config。 此配置将应用于列出的静态位置中的所有资源。
spring.resources.cache.cachecontrol.cache-private=true
spring.resources.cache.cachecontrol.must-revalidate=true
spring.resources.cache.cachecontrol.max-age=31536000
spring.resources.static-locations=classpath:/static/
3。在控制器级别
这里的响应是作为参数注入到控制器方法中的HttpServletResponse。
no-cache, must-revalidate, private
getHeaderValue将缓存选项输出为字符串。例如
response.setHeader(HttpHeaders.CACHE_CONTROL,
CacheControl.noCache()
.cachePrivate()
.mustRevalidate()
.getHeaderValue());
答案 3 :(得分:4)
可以通过以下方式覆盖特定方法的默认缓存行为:
@Controller
public class MyRestController {
@RequestMapping(value = "/someUrl", method = RequestMethod.GET)
public @ResponseBody ResponseEntity<String> myMethod(
HttpServletResponse httpResponse) throws SQLException {
return new ResponseEntity.ok().cacheControl(CacheControl.maxAge(100, TimeUnit.SECONDS)).body(T)
}
}
答案 4 :(得分:2)
CacheControl 类是一个流畅的构建器,它使我们可以轻松创建不同类型的缓存:
@GetMapping("/users/{name}")
public ResponseEntity<UserDto> getUser(@PathVariable String name) {
return ResponseEntity.ok()
.cacheControl(CacheControl.maxAge(60, TimeUnit.SECONDS))
.body(new UserDto(name));
}
让我们在测试中点击这个端点,并断言我们已经更改了标头:
given()
.when()
.get(getBaseUrl() + "/users/Michael")
.then()
.header("Cache-Control", "max-age=60");
答案 5 :(得分:0)
我遇到了类似的问题。我想获得一些在浏览器中缓存的动态资源(图像)。如果图像改变(不经常),我改变了uri的部分...这是我的解决方案
http.headers().cacheControl().disable();
http.headers().addHeaderWriter(new HeaderWriter() {
CacheControlHeadersWriter originalWriter = new CacheControlHeadersWriter();
@Override
public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
Collection<String> headerNames = response.getHeaderNames();
String requestUri = request.getRequestURI();
if(!requestUri.startsWith("/web/eventImage")) {
originalWriter.writeHeaders(request, response);
} else {
//write header here or do nothing if it was set in the code
}
}
});
答案 6 :(得分:0)
@Configuration
@EnableAutoConfiguration
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/resources/")
.setCachePeriod(31556926);
}
}
答案 7 :(得分:0)
如果您不希望对静态资源进行身份验证,则可以执行以下操作:
import static org.springframework.boot.autoconfigure.security.servlet.PathRequest.toStaticResources;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
...
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity
.ignoring()
.requestMatchers(toStaticResources().atCommonLocations());
}
...
}
并在您的application.properties
中:
spring.resources.cache.cachecontrol.max-age=43200
请参阅ResourceProperties.java,以了解更多可以设置的属性。
答案 8 :(得分:0)
我在控制器的下面几行使用了
ResponseEntity.ok().cacheControl(CacheControl.maxAge(secondWeWantTobeCached, TimeUnit.SECONDS)).body(objToReturnInResponse);
请注意,Response将具有标题Cache-Control,其值为secondWeWantTobeCached。但是,如果我们在地址栏中输入url并按Enter,则请求将始终从Chrome发送到服务器。但是,如果我们从某个链接中访问url,浏览器将不会发送新请求,而是从缓存中获取。