java 如何使用 Spring MVC 和 Spring Security 为资源处理程序启用 HTTP 缓存
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25113154/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to enable HTTP caching for the resource handler with Spring MVC and Spring Security
提问by Samuli Pahaoja
I wish to enable HTTP caching for some static resources such as images, for which access is restricted by Spring Security. (These resources are not security critical, but shouldn't be publicly accessible either). How do I avoid having Spring Security add HTTP response headers that disable caching?
我希望为某些静态资源(例如图像)启用 HTTP 缓存,这些资源的访问受到 Spring Security 的限制。(这些资源不是安全关键,但也不应公开访问)。如何避免让 Spring Security 添加禁用缓存的 HTTP 响应标头?
If I add setCachePeriod()into my resource handler registration in WebMvcConfigurerAdapter.addResourceHandlers()as following:
如果我添加setCachePeriod()到我的资源处理程序注册WebMvcConfigurerAdapter.addResourceHandlers()如下:
registry.addResourceHandler("/static/**")
.addResourceLocations("classpath:/static/").setCachePeriod(3600);
The resources are still returned with following headers that disable caching:
资源仍然返回,并带有以下禁用缓存的标头:
Cache-Control: max-age=3600, must-revalidate
Expires: Mon, 04 Aug 2014 07:45:36 GMT
Pragma: no-cache
I want to avoid introducing any XML configuration into the project, which currently uses only Java annotation configuration.
我想避免在项目中引入任何 XML 配置,该项目目前仅使用 Java 注释配置。
Are there better solutions than extending the Spring resource handler?
有没有比扩展 Spring 资源处理程序更好的解决方案?
回答by Jeevan Patil
You can use webContentInterceptor resource to allow static resource caching.
您可以使用 webContentInterceptor 资源来允许静态资源缓存。
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/static/*"/>
<bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="31556926"/>
<property name="useExpiresHeader" value="true"/>
<property name="useCacheControlHeader" value="true"/>
<property name="useCacheControlNoStore" value="true"/>
</bean>
</mvc:interceptor>
</mvc:interceptors>
Using annotations to configure cache interceptors is done following way.
In your web config class you can add a bean for WebContentInterceptorclass and add it into interceptors list.
使用注解配置缓存拦截器是通过以下方式完成的。在您的 web 配置类中,您可以为WebContentInterceptor类添加一个 bean并将其添加到拦截器列表中。
@Bean
public WebContentInterceptor webContentInterceptor() {
WebContentInterceptor interceptor = new WebContentInterceptor();
interceptor.setCacheSeconds(31556926);
interceptor.setUseExpiresHeader(true);;
interceptor.setUseCacheControlHeader(true);
interceptor.setUseCacheControlNoStore(true);
return interceptor;
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(webContentInterceptor());
}
Refer this siteto see how it's done.
请参阅此站点以了解它是如何完成的。
回答by SunilGiri
Spring 4 documentation has this solution, "If you actually want to cache specific responses, your application can selectively invoke HttpServletResponse.setHeader(String,String)to override the header set by Spring Security". This is useful to ensure things like CSS, JavaScript, and images are properly cached.
Spring 4 文档有这个解决方案,“如果你真的想要缓存特定的响应,你的应用程序可以有选择地调用HttpServletResponse.setHeader(String,String)以覆盖 Spring Security 设置的标头”。这有助于确保正确缓存 CSS、JavaScript 和图像等内容。
Below snippet can be used for springmvc configuration,
下面的代码片段可用于 springmvc 配置,
@EnableWebMvc
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/resources/**")
.addResourceLocations("/resources/")
.setCachePeriod(31556926);
}
// ...
}
For reference: http://docs.spring.io/spring-security/site/docs/4.0.0.CI-SNAPSHOT/reference/htmlsingle/#headers-cache-control
供参考:http: //docs.spring.io/spring-security/site/docs/4.0.0.CI-SNAPSHOT/reference/htmlsingle/#headers-cache-control
回答by JimB
You are already setup for caching. must-revalidatemeans once the cache expires (3600 seconds) do not use it anymore so your response headers, i think, are correct for what you want.
您已经设置了缓存。 must-revalidate意味着一旦缓存过期(3600 秒)不再使用它,因此我认为您的响应标头对于您想要的内容是正确的。
