HTTPS请求头缺少HttpOnly和Secure属性解决方案

李木子QQ2024-07-17 11:49

问题描述:



建立Filter拦截器类

java 复制代码 
package com.ruoyi.framework.security.filter;

import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.web.service.TokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * token过滤器 验证token有效性
 *
 * @author ruoyi
 */
@Component
public class JwtAuthenticationTokenFilter implements Filter {
    @Autowired
    private TokenService tokenService;

    @Value("${token.expireTime}")
    private int expireTime;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        LoginUser loginUser = tokenService.getLoginUser(request);
        if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) {
            tokenService.verifyToken(loginUser);
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            Cookie[] cookies = request.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    String value = cookie.getValue();
                    String builder = "JSESSIONID=" + value + "; " +
                            "Secure; " +
                            "HttpOnly; " +
                            "Expires=" + expireTime;
                    response.setHeader("Set-Cookie", builder);
                }
            }
        }
        filterChain.doFilter(request, response);
    }

    @Override
    public void destroy() {

    }
    
}
相关推荐
永远有缘13 分钟前
Java、Python、C# 和 C++ 在函数定义语法上的主要区别
java·c++·python·c#
瑞禧生物ruixibio14 分钟前
CAS号:868141-12-2,UDP-6-N3-Galactose ,分子特点
网络·网络协议·udp
任风雨2 小时前
13.2.3.Tomcat
java·tomcat
qq_336313935 小时前
java基础-字符串
java
二进制person7 小时前
Java EE初阶 --多线程2
java·开发语言
007php0078 小时前
某游戏大厂 Java 面试题深度解析(四)
java·开发语言·python·面试·职场和发展·golang·php
西西学代码8 小时前
Flutter---个人信息(5)---持久化存储
java·javascript·flutter
陈果然DeepVersion8 小时前
Java大厂面试真题:Spring Boot+Kafka+AI智能客服场景全流程解析(五)
java·spring boot·kafka·向量数据库·大厂面试·rag·ai智能客服
FAFU_kyp9 小时前
Spring Boot 邮件发送系统 - 从零到精通教程
java·网络·spring boot
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03BongoCat - 跨平台键盘猫动画工具04《大数据技术原理与应用》实验报告三 熟悉HBase常用操作05Linux下V2Ray安装配置指南06安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)07NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南08GitLab 零基础入门指南:从安装到项目管理全流程09jdk21下载、安装(Windows、Linux、macOS)10在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)