您可以使用过滤器添加它。将以下代码段添加到web.xml:
<filter> <filter-name>HSTSFilter</filter-name> <filter-class>security.HSTSFilter</filter-class></filter>
然后在您的Web应用程序中创建一个过滤器:
package security;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletResponse;public class HSTSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse resp = (HttpServletResponse) res; if (req.isSecure()) resp.setHeader("Strict-Transport-Security", "max-age=31622400; includeSubDomains"); chain.doFilter(req, resp); }}也可以使用全局web.xml(conf / web.xml)添加过滤器。
