事实证明,Spring Security设置了无缓存HTTP标头。
以下内容禁用了HTTP响应标头
Pragma: no-cache,但不能解决该问题:
import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;@Configuration@EnableWebMvcSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // Prevent the HTTP response header of "Pragma: no-cache". http.headers().cacheControl().disable(); }}我最终完全为公共静态资源禁用了Spring Security,如下所示(与上述相同):
@Overridepublic void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/static/public/**");}这需要配置两个资源处理程序以正确获取缓存控制标头:
@Configurationpublic class MvcConfigurer extends WebMvcConfigurerAdapter implements EmbeddedServletContainerCustomizer { @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { // Resources without Spring Security. No cache control response headers. registry.addResourceHandler("/static/public/**") .addResourceLocations("classpath:/static/public/"); // Resources controlled by Spring Security, which // adds "Cache-Control: must-revalidate". registry.addResourceHandler("/static/**") .addResourceLocations("classpath:/static/") .setCachePeriod(3600*24); }}
