问题
I am trying to filter some url pattern to caching.
What I have attempted is put some codes into WebSecurityConfigurerAdapter implementation.
@Override
protected void configure(HttpSecurity http) throws Exception {
initSecurityConfigService();
// For cache
http.headers().defaultsDisabled()
.cacheControl()
.and().frameOptions();
securityConfigService.configure(http,this);
}
However this code will effect all of the web application. How can I apply this to certain URL or Content-Type like images.
I have already tried with RegexRequestMatcher, but it does not work for me.
// For cache
http.requestMatcher(new RegexRequestMatcher("/page/", "GET"))
.headers().defaultsDisabled()
.cacheControl()
.and().frameOptions();
I read this article : SpringSecurityResponseHeaders, but there is no sample for this case.
Thanks.
P.S. In short, I want to remove SpringSecurity defaults for certain url and resources.
回答1:
What about having multiple WebSecurityConfigurerAdapters? One adapter could have cache controls for certain URLs and another one will not have cache control enabled for those URLs.
回答2:
I solved this with Filter.
Below is part of my implementation of AbstractAnnotationConfigDispatcherServletInitializer. In onStartup method override.
FilterRegistration.Dynamic springSecurityFilterChain = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
if(springSecurityFilterChain != null){
springSecurityFilterChain.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/render/*", "/service/*");
// I removed pattern url "/image/*" :)
}
What I have done is remove /image/* from MappingUrlPatterns.
Thanks for your answers!
来源:https://stackoverflow.com/questions/42638687/spring-security-how-to-remove-cache-control-in-certain-url-pattern