springmvc 如何在使用SSL时始终将Cookie的secure属性设置为true设置 SameSite属性为lax
可以通过配置Spring Security来实现在使用SSL时始终将Cookie的“secure”属性设置为“true”,设置SameSite属性为lax。
- 配置SecurityConfig
在SecurityConfig中添加以下代码:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requiresChannel()
.anyRequest().requiresSecure() // 启用HTTPS
.and()
.csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated();
}
@Bean
public HttpSessionIdResolver httpSessionIdResolver() {
return HeaderHttpSessionIdResolver.xAuthToken();
}
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setUseSecureCookie(true); // 将Cookie的“secure”属性设置为“true”
serializer.setSameSite("lax"); // 设置SameSite属性为lax
return serializer;
}
}
- 配置SessionConfig
在SessionConfig中添加以下代码:
@Configuration
public class SessionConfig {
@Bean
public HttpSessionIdResolver httpSessionIdResolver() {
return HeaderHttpSessionIdResolver.xAuthToken();
}
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setUseSecureCookie(true); // 将Cookie的“secure”属性设置为“true”
serializer.setSameSite("lax"); // 设置SameSite属性为lax
return serializer;
}
}
- 配置application.properties
在application.properties中添加以下配置:
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=keystore.jks
server.ssl.key-store-password=changeit
server.ssl.key-alias=tomcat
- 测试
部署应用后,可以通过浏览器访问应用,检查Cookie的“secure”属性和SameSite属性是否被正确设置
原文地址: https://www.cveoy.top/t/topic/feBo 著作权归作者所有。请勿转载和采集!