【发布时间】:2021-01-11 02:19:21
【问题描述】:
我正在使用 Spring Boot 1.5.22,但我遇到了 cookie samesite=none proporty 的问题。我无法为 cookie 设置 samesite 属性,因此 oauth 身份验证不适用于 chrome,但它正在其他浏览器上运行。所以,我尝试了一些这样的解决方案。
@Component
public class CustomizationBean implements EmbeddedServletContainerCustomizer {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container instanceof TomcatEmbeddedServletContainerFactory) {
TomcatEmbeddedServletContainerFactory factory = TomcatEmbeddedServletContainerFactory.class.cast(container);
factory.addContextCustomizers(new TomcatContextCustomizer() {
@Override
void customize(Context context) {
Rfc6265CookieProcessor cookieProcessor = new Rfc6265CookieProcessor()
cookieProcessor.setSameSiteCookies("None")
context.setCookieProcessor(cookieProcessor)
}
})
}
}
}
这并没有帮助。所以我尝试添加自定义过滤器
@Component
public class SameSiteFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
addSameSiteCookieAttribute((HttpServletResponse) response);
}
private void addSameSiteCookieAttribute(HttpServletResponse response) {
Collection<String> headers = response.getHeaders(HttpHeaders.SET_COOKIE);
boolean firstHeader = true;
for (String header : headers)
{
if (firstHeader) {
response.setHeader(HttpHeaders.SET_COOKIE, String.format("%s; %s", header, "SameSite=None;"));
firstHeader = false;
continue;
}
response.addHeader(HttpHeaders.SET_COOKIE, String.format("%s; %s", header, "SameSite=None;"));
}
}
@Override
public void destroy() {
}
}
我将此添加为 addFilterBefore(new SameSiteFilter(),BasicAuthenticationFilter.class) 和 addFilterAfter(new SameSiteFilter(),BasicAuthencticationFilter.class) 在 HttpSecurity 中配置
无论如何都要为 jsessionid 设置 SameSite=None
【问题讨论】:
标签: spring-boot spring-security-oauth2 samesite