[keycloak-user] Cache-Control set to private

Dana Danet Dana.Danet at Evisions.com
Tue Jun 13 20:19:41 EDT 2017 

Using a vanilla Spring Boot / Keycloak implementation.

springBootVersion = '1.5.2.RELEASE’

keycloakAdminClient         : "org.keycloak:keycloak-admin-client:3.0.0.Final”,

keycloakSpringBootAdapter   : "org.keycloak:keycloak-spring-boot-adapter:3.0.0.Final”,

keycloakTomcatAdapter       : "org.keycloak:keycloak-tomcat8-adapter:3.0.0.Final",

I’m having difficulty updating the Cache-Control from private to anything else.  It appears that this is a Tomcat setting that usually is set via Spring Security.  Unfortunately I cannot find anyway to affect this value unless I listen for the lifecycle event and then configure the KeycloakAuthenticatorValve.

What am I doing wrong here?




@Configuration
public class KeycloakAuthenticatorValveCustomizerConfig implements EmbeddedServletContainerCustomizer, LifecycleListener
{
    private TomcatEmbeddedServletContainerFactory container;

    @Override
    public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer)
    {
        container = (TomcatEmbeddedServletContainerFactory) configurableEmbeddedServletContainer;
        container.addContextLifecycleListeners(this);
    }

    @Override
    public void lifecycleEvent(LifecycleEvent event)
    {
        if (event.getLifecycle().getState() == INITIALIZED) {
            configureKeycloakValve();
        }
    }

    private void configureKeycloakValve() {
        for (Valve valve : container.getContextValves()) {
            if (valve instanceof KeycloakAuthenticatorValve) {
                KeycloakAuthenticatorValve keycloakAuthenticatorValve = (KeycloakAuthenticatorValve) valve;
                keycloakAuthenticatorValve.setSecurePagesWithPragma(true);
            }
        }
    }
}

Within org.apache.catalina.authenticator.AuthenticatorBase securePagesWithPragma is now set to true.

if (constraints != null && disableProxyCaching &&
        !"POST".equalsIgnoreCase(request.getMethod())) {
    if (securePagesWithPragma) {
        // Note: These can cause problems with downloading files with IE
        response.setHeader("Pragma", "No-cache");
        response.setHeader("Cache-Control", "no-cache");
    } else {
        response.setHeader("Cache-Control", "private");
    }
    response.setHeader("Expires", DATE_ONE);
}

-dana

More information about the keycloak-user mailing list