Fatal编程技术网
  • tomcat/
  • 如何在Tomcat+;吉拉

如何在Tomcat+;吉拉

tomcat jira

如何在Tomcat+;吉拉,tomcat,jira,Tomcat,Jira,如果有人建议我在Tomcat中启用HSTS(HTTP严格传输安全)头,那将非常有帮助 我的JIRA应用程序在tomcat上运行,前面没有Apache或NGINX 我想为JIRA应用程序设置HSTS响应头,请建议如何在Tomcat中实现 提前谢谢。我想这就是你要找的。 我是从你那儿拿的 HST滤波器 org.apache.catalina.filters.HstsFilter 最大秒数 31536000 包含子域 真的 HST滤波器 /* 包org.apache.catalina.filters

如果有人建议我在Tomcat中启用HSTS(HTTP严格传输安全)头,那将非常有帮助

我的JIRA应用程序在tomcat上运行,前面没有Apache或NGINX

我想为JIRA应用程序设置HSTS响应头,请建议如何在Tomcat中实现

提前谢谢。

我想这就是你要找的。 我是从你那儿拿的


HST滤波器
org.apache.catalina.filters.HstsFilter
最大秒数
31536000
包含子域
真的
HST滤波器
/*
包org.apache.catalina.filters;
导入java.io.IOException;
导入javax.servlet.FilterChain;
导入javax.servlet.FilterConfig;
导入javax.servlet.ServletException;
导入javax.servlet.ServletRequest;
导入javax.servlet.ServletResponse;
导入javax.servlet.http.HttpServletResponse;
导入org.apache.juli.logging.Log;
导入org.apache.juli.logging.LogFactory;
公共类HstsFilter扩展了FilterBase{
私有静态最终字符串头\u NAME=“严格传输安全”;
私有静态最终字符串MAX\u AGE\u指令=“MAX AGE=%s”;
私有静态最终字符串INCLUDE\u SUB\u DOMAINS\u DIRECTIVE=“includeSubDomains”;
私有静态最终日志日志=LogFactory.getLog(HstsFilter.class);
//默认值为“0”,与RFC 6797第11.2节中建议的值相同
private int maxagesonds=0;
私有布尔值includeSubDomains=false;
私有字符串指令;
公共无效设置maxAgeSeconds(int maxAgeSeconds){
this.maxagesonds=maxagesonds;
}
公共void集合includeSubDomains(布尔值includeSubDomains){
this.includeSubDomains=includeSubDomains;
}
@凌驾
public void doFilter(ServletRequest请求、ServletResponse响应、,
FilterChain链)抛出IOException、ServletException{
链式过滤器(请求、响应);
//请注意,HTTP响应中不得包含HSTS标头
//通过非安全运输进行运输
if(HttpServletResponse的request.isSecure()&&response实例){
HttpServletResponse res=(HttpServletResponse)响应;
res.addHeader(HEADER\u NAME,this.directives);
}
}
@抑制警告(“装箱”)
@凌驾
public void init(FilterConfig FilterConfig)抛出ServletException{
super.init(filterConfig);
如果(this.maxAgeSeconds<0){
抛出新的ServletException(sm.getString(
“hsts.invalidParameterValue”,this.maxAgeSeconds,
"最长时限);;
}
this.directives=String.format(MAX_AGE_指令,this.maxAgeSeconds);
如果(此。包括子域){
this.directives+=(“;”+包含子域指令);
}
}
@凌驾
受保护的日志记录器(){
返回日志;
}
}
检查我附加的链接上的代码

<filter>
    <filter-name>HstsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.HstsFilter</filter-class>
    <init-param>
       <param-name>maxAgeSeconds</param-name>
       <param-value>31536000</param-value>
    </init-param>
    <init-param>
       <param-name>includeSubDomains</param-name>
       <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>HstsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

package org.apache.catalina.filters;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

public class HstsFilter extends FilterBase {
    private static final String HEADER_NAME = "Strict-Transport-Security";
    private static final String MAX_AGE_DIRECTIVE = "max-age=%s";
    private static final String INCLUDE_SUB_DOMAINS_DIRECTIVE = "includeSubDomains";

    private static final Log log = LogFactory.getLog(HstsFilter.class);

    // The default is "0" like recommended in section 11.2 of RFC 6797
    private int maxAgeSeconds = 0;
    private boolean includeSubDomains = false;

    private String directives;

    public void setMaxAgeSeconds(int maxAgeSeconds) {
        this.maxAgeSeconds = maxAgeSeconds;
    }

    public void setIncludeSubDomains(boolean includeSubDomains) {
        this.includeSubDomains = includeSubDomains;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        chain.doFilter(request, response);

        // Note that the HSTS header must not be included in HTTP responses
        // conveyed over non-secure transport
        if (request.isSecure() && response instanceof HttpServletResponse) {
            HttpServletResponse res = (HttpServletResponse) response;
            res.addHeader(HEADER_NAME, this.directives);
        }
    }

    @SuppressWarnings("boxing")
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        if (this.maxAgeSeconds < 0) {
            throw new ServletException(sm.getString(
                    "hsts.invalidParameterValue", this.maxAgeSeconds,
                    "maxAgeSeconds"));
        }
        this.directives = String.format(MAX_AGE_DIRECTIVE, this.maxAgeSeconds);
        if (this.includeSubDomains) {
            this.directives += (" ; " + INCLUDE_SUB_DOMAINS_DIRECTIVE);
        }
    }

    @Override
    protected Log getLogger() {
        return log;
    }
}