在我的情况下,我有四种方法来解决我的问题:
index.html
中编写元配置并禁用缓存(对我不起作用)index.html
更改为index.jsp
并禁用here之类的缓存(为我工作,但我的客户群需要index.html)web.xml
中的过滤器并区分所需请求并禁用缓存我的问题是如何使用Spring Security禁用index.html
的缓存
(可能在intercept-url
代码中使用http
答案 0 :(得分:4)
您可以使用Spring Security xml configuartion选择性地不向index.html添加缓存标头,如下所示:
<security:http>
[intercept-url, etc omitted...]
<security:headers>
<!-- selectively applied to dynamic pages only via pattern matching, -->
<security:header ref="noCacheHeaders"/>
</security:headers>
</security:http>
<bean id="noCacheHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/index.html"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.CacheControlHeadersWriter"/>
</constructor-arg>
</bean>
但是,如果使用Spring Security,通常的模式是默认情况下不为所有页面设置缓存,然后选择关闭这些标头以获取静态资源
要完成此专长,您必须在两种情况下明确定义要应用的所有标头,并通过补充请求匹配器模式选择页面。例如,在/static
及其子目录下找到静态可缓存资源的应用程序中,以及映射到控制器的所有动态页面都具有.htm
扩展名,您可以使用此配置:
<security:http>
[...]
<security:headers>
<!-- selectively applied to static pages only via pattern matching, see DelegatingRequestMatcherHeaderWriter below-->
<security:header ref="cacheStaticsHeaders" />
<!-- selectively applied to dynamic pages only via pattern matching, as above, see below -->
<security:header ref="xXssProtectionHeader" />
<security:header ref="noCacheHeaders"/>
<security:header ref="xContentHeader"/>
<security:header ref="hstsHeader"/>
<security:header ref="xFrameHeader"/>
</security:headers>
</security:http>
<!-- set far future caching on static resources -->
<bean id="cacheStaticsHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/static/**"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.StaticHeadersWriter">
<constructor-arg name="headers">
<list>
<bean class="org.springframework.security.web.header.Header">
<constructor-arg name="headerName" value="cache-control"></constructor-arg>
<constructor-arg name="headerValues" value="max-age=31536000"/>
</bean>
<bean class="org.springframework.security.web.header.Header">
<constructor-arg name="headerName" value="Expires"></constructor-arg>
<constructor-arg name="headerValues" value="31536000"/>
</bean>
</list>
</constructor-arg>
</bean>
</constructor-arg>
</bean>
<!-- all the following header writers applied to dynamic, shouldn't be cached pages -->
<bean id="xXssProtectionHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.XXssProtectionHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="noCacheHeaders" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.CacheControlHeadersWriter"/>
</constructor-arg>
</bean>
<bean id="xContentHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="hstsHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.HstsHeaderWriter"/>
</constructor-arg>
</bean>
<bean id="xFrameHeader" class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg value="/**/*.htm"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter"/>
</constructor-arg>
</bean>