Fatal编程技术网
  • java/
  • Java 在请求头中修改JSESSIONID cookie

Java 在请求头中修改JSESSIONID cookie

java spring spring-boot spring-security

Java 在请求头中修改JSESSIONID cookie,java,spring,spring-boot,spring-security,wildfly,Java,Spring,Spring Boot,Spring Security,Wildfly,我正在将Spring安全性与Spring引导一起使用,我想修改JSESSIONID cookie名称和值。我在网上搜索,但找不到任何合适的解决方案。我正在使用Wildfly服务器。我是spring框架的新手 RequestFilter.java @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class RequestFilter implements Filter { public void doFilter(ServletR

我正在将Spring安全性与Spring引导一起使用,我想修改JSESSIONID cookie名称和值。我在网上搜索,但找不到任何合适的解决方案。我正在使用Wildfly服务器。我是spring框架的新手

RequestFilter.java

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class RequestFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;

//        Cookie[] cookies = request.getCookies();
//        for (Cookie cookie : cookies) {
//            cookie.setMaxAge(0);
//            cookie.setValue(null);
//            cookie.setPath("/");
//            response.addCookie(cookie);
//        }
        response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
        response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Set-Cookie", null);
        response.setHeader("X-Powered-By", null);
        response.setHeader("Server", null);
        if (!(request.getMethod().equalsIgnoreCase("OPTIONS"))) {
            try {

                chain.doFilter(req, res);
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else {
            System.out.println("Pre-flight");
            response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "authorization, content-type," +
                    "access-control-request-headers,access-control-request-method,accept,origin,authorization,x-requested-with");
            response.setStatus(HttpServletResponse.SC_OK);
        }

    }

    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }

}
请建议我在spring security中重命名JSESSIONID cookie的最佳方法。

您可以在application.properties文件中设置cookie名称:

server.session.cookie.name = MYSESSIONID
参考资料:

我使用的是JBoss应用服务器,通过上面的方法,我可以更改会话cookie的名称,但对JBoss不起作用。我观察到重写SpringBootOnStartup方法在JBoss上会出现403错误,但它在tomcat上运行良好。