使用containerresponsefilter添加自定义hsts筛选器

qc6wkl3g  于 2021-06-27  发布在  Java
关注(0)|答案(0)|浏览(217)

我尝试使用自定义筛选器(使用containterresponsefilter)更新hsts头值
这是我的类,我在其中设置hsts头值,但有一些未知的问题,阻止更新服务器上的这些值。我已经在本地检查过了,正在更新,但服务器上没有。

import java.util.ArrayList;
import java.util.List;

import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;

import org.glassfish.jersey.server.ContainerRequest;
@Provider
public class HSTSFilter implements ContainerResponseFilter {
  private static final String HEADER_NAME = "Strict-Transport-Security";
  private static final String MAX_AGE_DIRECTIVE = "max-age=%s";
  private static final String INCLUDE_SUB_DOMAINS_DIRECTIVE = "includeSubDomains";
  private static final String HTTPS = "https";

  private int maxAgeSeconds = 31536000;
  private String hstsHeaderValues = "";

  private final EnhancedLocLogger LOGGER;

  @Inject
  public HSTSFilter(final EnhancedLocLoggerFactory locLoggerFactory) {
    this.LOGGER = locLoggerFactory.getLogger(HSTSFilter.class);
    this.init();
  }

  @Override
  public void filter(final ContainerRequestContext requestContext, final ContainerResponseContext responseContext) {
    if (((ContainerRequest) requestContext).getRequestUri().getScheme().equalsIgnoreCase("https")) {
      MultivaluedMap<String, Object> headers = responseContext.getHeaders();
      headers.putSingle(HEADER_NAME, hstsHeaderValues);
    }
  }

  public void init() {
    final List<String> hstsValues = new ArrayList<>();
    hstsValues.add(String.format(MAX_AGE_DIRECTIVE, this.maxAgeSeconds));
    hstsValues.add(INCLUDE_SUB_DOMAINS_DIRECTIVE);
    hstsHeaderValues = String.join("; ", hstsValues);
  }

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题