HTTPS请求头缺少HttpOnly和Secure属性解决方案

问题描述:



建立Filter拦截器类

java 复制代码
package com.ruoyi.framework.security.filter;

import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.web.service.TokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * token过滤器 验证token有效性
 *
 * @author ruoyi
 */
@Component
public class JwtAuthenticationTokenFilter implements Filter {
    @Autowired
    private TokenService tokenService;

    @Value("${token.expireTime}")
    private int expireTime;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        LoginUser loginUser = tokenService.getLoginUser(request);
        if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) {
            tokenService.verifyToken(loginUser);
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            Cookie[] cookies = request.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    String value = cookie.getValue();
                    String builder = "JSESSIONID=" + value + "; " +
                            "Secure; " +
                            "HttpOnly; " +
                            "Expires=" + expireTime;
                    response.setHeader("Set-Cookie", builder);
                }
            }
        }
        filterChain.doFilter(request, response);
    }

    @Override
    public void destroy() {

    }
    
}
相关推荐
白山云北诗6 分钟前
什么是 DDoS 攻击?高防 IP 如何有效防护?2025全面解析与方案推荐
网络协议·tcp/ip·ddos·高防ip·ddos攻击怎么防·高防ip是什么
只因只因爆16 分钟前
如何在idea中写spark程序
java·spark·intellij-idea
mxbb.21 分钟前
我的HTTP和HTTPS
网络协议·http·https
你憨厚的老父亲突然22 分钟前
从码云上拉取项目并在idea配置npm时完整步骤
java·npm·intellij-idea
全栈凯哥35 分钟前
桥接模式(Bridge Pattern)详解
java·设计模式·桥接模式
PXM的算法星球38 分钟前
【软件工程】面向对象编程(OOP)概念详解
java·python·软件工程
两点王爷38 分钟前
springboot项目文件上传到服务器本机,返回访问地址
java·服务器·spring boot·文件上传
小吕学编程41 分钟前
ES练习册
java·前端·elasticsearch
Zz_waiting.1 小时前
网络原理 - 10(HTTP/HTTPS - 1)
网络·http·https
qsmyhsgcs1 小时前
Java程序员转人工智能入门学习路线图(2025版)
java·人工智能·学习·机器学习·算法工程师·人工智能入门·ai算法工程师