我创建了一个自定义过滤器,并在web.xml
添加了一个条目:
<filter>
<filter-name>Content Security Policy</filter-name>
<filter-class>net.myapp.security.csp.CSPFilter</filter-class>
<init-param>
<param-name>CONTENT_SECURITY_POLICY</param-name>
<param-value>some_policy:here</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Content Security Policy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
当我检查WEB-INF/classes/net/myapp/security/csp
路径时,类文件存在。当unzip
WAR文件时也是如此。但是,Tomcat仍然在日志文件中抱怨:
SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.filterStart异常启动过滤器[内容安全策略] java.lang.ClassNotFoundException:net.myapp.security.csp.CSPFilter 在org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1308) 在org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1136) at org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:544) 在org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:525) 在org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:150) 在org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:264) 在org.apache.catalina.core.ApplicationFilterConfig。(ApplicationFilterConfig.java:108) 在org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4637) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5282) 在org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) 在org.apache.catalina.core.ContainerBase $ StartChild.call(ContainerBase.java:1421) 在org.apache.catalina.core.ContainerBase $ StartChild.call(ContainerBase.java:1411) 在java.base / java.util.concurrent.FutureTask.run(FutureTask.java:264) 在java.base / java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) at java.base / java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:641) 在java.base / java.lang.Thread.run(Thread.java:844)
我尝试过的其他步骤:
maven
Tomcat/webapps
中的WAR文件和其他文件,然后重试。CSPFilter.java:
package net.myapp.security.csp;
import java.io.IOException;
import java.util.StringTokenizer;
import javax.servlet.*;
import javax.servlet.http.*;
public class CSPFilter
implements Filter {
private FilterConfig config;
private String csp_;
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
csp_ = config.getInitParameter("CONTENT_SECURITY_POLICY");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Content-Security-Policy", csp_);
chain.doFilter(request, response);
}
@Override
public void destroy(){}
}
修改
澄清:过滤器有效!但是,Tomcat仍然抱怨没有找到Class。因此我的Context
也未被加载。
19-Jun-2018 12:11:45.198 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal一个或多个过滤器无法启动。完整的详细信息将在相应的容器日志文件中找到
19-Jun-2018 12:11:45.199 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/ dev]启动由于先前的错误而失败