3

I am trying to filter some url pattern to caching. What I have attempted is put some codes into WebSecurityConfigurerAdapter implementation.

 @Override
protected void configure(HttpSecurity http) throws Exception {
    initSecurityConfigService();

    // For cache
    http.headers().defaultsDisabled()
            .cacheControl()
            .and().frameOptions();

    securityConfigService.configure(http,this);
}

However this code will effect all of the web application. How can I apply this to certain URL or Content-Type like images.

I have already tried with RegexRequestMatcher, but it does not work for me.

// For cache
        http.requestMatcher(new RegexRequestMatcher("/page/", "GET"))
                .headers().defaultsDisabled()
                .cacheControl()
                .and().frameOptions();

I read this article : SpringSecurityResponseHeaders, but there is no sample for this case.

Thanks.

P.S. In short, I want to remove SpringSecurity defaults for certain url and resources.

Improve this question
4
  • maybe I don't understand your question well. Since you want to add cache control for general requests, why is Spring Security involved in this? Can you try to add a filter for this? Commented Mar 7, 2017 at 6:09
  • @Simon Security default settings should valid for general calls, but I want to that option for only image/* Types. That is why I want to separate those options. Commented Mar 7, 2017 at 7:26
  • I understand this point, but to me, this is very simple with a filter, you can set up some url pattern(in your case image/*) to filter. You just set some headers in the response, then everything should be set. If you relly prefer Spring Security, it has the filter chain, you just add one filter after the last one and set the response Commented Mar 7, 2017 at 7:57
  • Thanks for your answers, Simon, dur. I solved this with Filter like Simon said. Commented Mar 8, 2017 at 4:23

2 Answers 2

Reset to default
1

What about having multiple WebSecurityConfigurerAdapters? One adapter could have cache controls for certain URLs and another one will not have cache control enabled for those URLs.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is additional information to help others. To having multiple WebSecurityConfigurerAdapter, have to alter the @Order of the implements. Default is hidden, but value is 100 and it must not be duplicated. can refer this doc
0

I solved this with Filter. Below is part of my implementation of AbstractAnnotationConfigDispatcherServletInitializer. In onStartup method override.

FilterRegistration.Dynamic springSecurityFilterChain = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
if(springSecurityFilterChain != null){
    springSecurityFilterChain.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/render/*", "/service/*");
    // I removed pattern url "/image/*" :)
}

What I have done is remove /image/* from MappingUrlPatterns. Thanks for your answers!

Improve this answer

2 Comments

There is another regular way to do this. Use WebSecurity#ignoring.
@dur Thanks. That was what I looking for. bb

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.