我尝试使用自定义筛选器(使用containterresponsefilter)更新hsts头值
这是我的类,我在其中设置hsts头值,但有一些未知的问题,阻止更新服务器上的这些值。我已经在本地检查过了,正在更新,但服务器上没有。
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import org.glassfish.jersey.server.ContainerRequest;
@Provider
public class HSTSFilter implements ContainerResponseFilter {
private static final String HEADER_NAME = "Strict-Transport-Security";
private static final String MAX_AGE_DIRECTIVE = "max-age=%s";
private static final String INCLUDE_SUB_DOMAINS_DIRECTIVE = "includeSubDomains";
private static final String HTTPS = "https";
private int maxAgeSeconds = 31536000;
private String hstsHeaderValues = "";
private final EnhancedLocLogger LOGGER;
@Inject
public HSTSFilter(final EnhancedLocLoggerFactory locLoggerFactory) {
this.LOGGER = locLoggerFactory.getLogger(HSTSFilter.class);
this.init();
}
@Override
public void filter(final ContainerRequestContext requestContext, final ContainerResponseContext responseContext) {
if (((ContainerRequest) requestContext).getRequestUri().getScheme().equalsIgnoreCase("https")) {
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.putSingle(HEADER_NAME, hstsHeaderValues);
}
}
public void init() {
final List<String> hstsValues = new ArrayList<>();
hstsValues.add(String.format(MAX_AGE_DIRECTIVE, this.maxAgeSeconds));
hstsValues.add(INCLUDE_SUB_DOMAINS_DIRECTIVE);
hstsHeaderValues = String.join("; ", hstsValues);
}
暂无答案!
目前还没有任何答案,快来回答吧!