Spring boot 无法为spring boot 1.5.22设置cookie samesite=none
我正在使用spring boot 1.5.22,我面临cookies samesite=none Protopy的问题。我无法为cookies设置samesite属性,因为oauth身份验证在chrome上不起作用,但在其他浏览器上起作用。所以,我尝试了一些类似的解决方案Spring boot 无法为spring boot 1.5.22设置cookie samesite=none,spring-boot,spring-security-oauth2,samesite,Spring Boot,Spring Security Oauth2,Samesite,我正在使用spring boot 1.5.22,我面临cookies samesite=none Protopy的问题。我无法为cookies设置samesite属性,因为oauth身份验证在chrome上不起作用,但在其他浏览器上起作用。所以,我尝试了一些类似的解决方案 @Component public class CustomizationBean implements EmbeddedServletContainerCustomizer { @Override publ
@Component
public class CustomizationBean implements EmbeddedServletContainerCustomizer {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container instanceof TomcatEmbeddedServletContainerFactory) {
TomcatEmbeddedServletContainerFactory factory = TomcatEmbeddedServletContainerFactory.class.cast(container);
factory.addContextCustomizers(new TomcatContextCustomizer() {
@Override
void customize(Context context) {
Rfc6265CookieProcessor cookieProcessor = new Rfc6265CookieProcessor()
cookieProcessor.setSameSiteCookies("None")
context.setCookieProcessor(cookieProcessor)
}
})
}
}
}
但这没用,所以我试着添加一个自定义过滤器
@Component
public class SameSiteFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
addSameSiteCookieAttribute((HttpServletResponse) response);
}
private void addSameSiteCookieAttribute(HttpServletResponse response) {
Collection<String> headers = response.getHeaders(HttpHeaders.SET_COOKIE);
boolean firstHeader = true;
for (String header : headers)
{
if (firstHeader) {
response.setHeader(HttpHeaders.SET_COOKIE, String.format("%s; %s", header, "SameSite=None;"));
firstHeader = false;
continue;
}
response.addHeader(HttpHeaders.SET_COOKIE, String.format("%s; %s", header, "SameSite=None;"));
}
}
@Override
public void destroy() {
}
}
@组件
公共类SameSiteFilter实现过滤器{
@凌驾
public void init(FilterConfig FilterConfig)抛出ServletException{
}
@凌驾
public void doFilter(ServletRequest请求、ServletResponse响应、FilterChain链)抛出IOException、ServletException{
链式过滤器(请求、响应);
addSameSiteCookieAttribute((HttpServletResponse)响应);
}
私有void addSameSiteCookieAttribute(HttpServletResponse){
Collection headers=response.getHeaders(HttpHeaders.SET\u COOKIE);
布尔值firstHeader=true;
for(字符串标题:标题)
{
如果(第一个标题){
response.setHeader(HttpHeaders.SET_COOKIE,String.format(“%s;%s”,header,“SameSite=None;”);
firstHeader=false;
继续;
}
addHeader(HttpHeaders.SET_COOKIE,String.format(“%s;%s”,header,“SameSite=None;”);
}
}
@凌驾
公共空间销毁(){
}
}
我将其添加为addFilterBefore(new SameSiteFilter(),BasicAuthenticationFilter.class)和addFilterAfter(new SameSiteFilter(),BasicAuthenticationFilter.class)
在HttpSecurity中配置
无论如何,要为jsessionid设置SameSite=None,我使用的是嵌入式tomcat 8.54,它没有将SameSite设置为None,而是用于其他值,如lax、strict。所以更新了tomcat到8.58,我想他们在其中修复了这个bug。所以,更新tomcat版本解决了我的问题