您的位置:首页 > 文旅 > 美景 > HTTPS请求头缺少HttpOnly和Secure属性解决方案

HTTPS请求头缺少HttpOnly和Secure属性解决方案

2024/12/22 18:27:52 来源:https://blog.csdn.net/qq_33715866/article/details/140458820  浏览:    关键词:HTTPS请求头缺少HttpOnly和Secure属性解决方案

问题描述:
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
建立Filter拦截器类

package com.ruoyi.framework.security.filter;import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.web.service.TokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;/*** token过滤器 验证token有效性** @author ruoyi*/
@Component
public class JwtAuthenticationTokenFilter implements Filter {@Autowiredprivate TokenService tokenService;@Value("${token.expireTime}")private int expireTime;@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) servletRequest;HttpServletResponse response = (HttpServletResponse) servletResponse;LoginUser loginUser = tokenService.getLoginUser(request);if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) {tokenService.verifyToken(loginUser);UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));SecurityContextHolder.getContext().setAuthentication(authenticationToken);Cookie[] cookies = request.getCookies();if (cookies != null) {for (Cookie cookie : cookies) {String value = cookie.getValue();String builder = "JSESSIONID=" + value + "; " +"Secure; " +"HttpOnly; " +"Expires=" + expireTime;response.setHeader("Set-Cookie", builder);}}}filterChain.doFilter(request, response);}@Overridepublic void destroy() {}}

在这里插入图片描述

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com