3
这将是非常有益的,如果有人建议我,使HSTS(HTTP严格传输安全)头如何给Tomcat +启用HSTS(HTTP严格传输安全)JIRA
我JIRA应用Tomcat上运行并前面没有Apache或NGINX。
我想为JIRA应用程序设置HSTS响应头,请提出如何在Tomcat中实现它。
在此先感谢。
A
回答
2
我想这就是你要找的。 我把它从https://bz.apache.org/bugzilla/attachment.cgi?id=30003&action=edit
<filter>
<filter-name>HstsFilter</filter-name>
<filter-class>org.apache.catalina.filters.HstsFilter</filter-class>
<init-param>
<param-name>maxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>includeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HstsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
package org.apache.catalina.filters;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
public class HstsFilter extends FilterBase {
private static final String HEADER_NAME = "Strict-Transport-Security";
private static final String MAX_AGE_DIRECTIVE = "max-age=%s";
private static final String INCLUDE_SUB_DOMAINS_DIRECTIVE = "includeSubDomains";
private static final Log log = LogFactory.getLog(HstsFilter.class);
// The default is "0" like recommended in section 11.2 of RFC 6797
private int maxAgeSeconds = 0;
private boolean includeSubDomains = false;
private String directives;
public void setMaxAgeSeconds(int maxAgeSeconds) {
this.maxAgeSeconds = maxAgeSeconds;
}
public void setIncludeSubDomains(boolean includeSubDomains) {
this.includeSubDomains = includeSubDomains;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
// Note that the HSTS header must not be included in HTTP responses
// conveyed over non-secure transport
if (request.isSecure() && response instanceof HttpServletResponse) {
HttpServletResponse res = (HttpServletResponse) response;
res.addHeader(HEADER_NAME, this.directives);
}
}
@SuppressWarnings("boxing")
@Override
public void init(FilterConfig filterConfig) throws ServletException {
super.init(filterConfig);
if (this.maxAgeSeconds < 0) {
throw new ServletException(sm.getString(
"hsts.invalidParameterValue", this.maxAgeSeconds,
"maxAgeSeconds"));
}
this.directives = String.format(MAX_AGE_DIRECTIVE, this.maxAgeSeconds);
if (this.includeSubDomains) {
this.directives += (" ; " + INCLUDE_SUB_DOMAINS_DIRECTIVE);
}
}
@Override
protected Log getLogger() {
return log;
}
}
检查我附加的链接的代码。
相关问题
- 1. 如何使用node-http-proxy启用HSTS?
- 2. 如何使用HTTP禁用HSTS标头?
- 3. 如何安全传输
- 4. 如何在全球范围内启用ECMAScript“严格使用”?
- 5. 如何启用WCF会话与wsHttpBidning仅传输安全
- 6. 如何在全局启用mysql严格模式,并保持它?
- 7. 如何在AngularJS中全局启用严格模式?
- 8. Apache Tomcat启用HTTP
- 9. WCF传输安全
- 10. WCF传输安全
- 11. ATS应用程序传输安全:Webview内部的HTTP网址
- 12. WCF安全传输安全问题
- 13. 如何安全地传输文件
- 14. 启用HSTS后是否可以从非安全连接重定向到安全连接?
- 15. 应用传输安全:NSURLSession/NSURLConnection的HTTP加载失败
- 16. graph.facebook.com - 传输安全块
- 17. 如何为嵌入式jetty/spring安全启用HTTP摘要?
- 18. 如何将(Claim)安全令牌传递给WIF启用WCF服务
- 19. 安全文件传输
- 20. 我们如何在weblogic服务器中启用HSTS(HTTP Strict-Transport-Security)
- 21. 安全:TOMCAT
- 22. AppFabric缓存传输安全
- 23. Magento - 如何启用SMTP服务器身份验证和安全传输?
- 24. 安全文件传输
- 25. 安全的数据传输
- 26. SSL和WCF传输安全
- 27. 设置传输级安全
- 28. 添加的应用传输安全,仍然给错误
- 29. 传输安全已阻止明文HTTP(XCode 8)
- 30. jsf安全传输机制