Thanks Chris.
I wasn't using sprint security but I have included and added the configuration below
to disable the cache control headers and this makes no difference. I also tried a similar
configuration with the KeycloakWebSecurityConfigurerAdapter and still the same result. I
still get the Cache-Control header set to private. I am using the spring boot keycloak
adaptor to secure a rest api using keycloak JWT tokens.
If I make the controller action unsecured I get the ResponseEntity CacheControl
configuration as expected.
Cheers
Scott
________________________________
From: Chris Savory <chris.savory(a)edlogics.com>
Sent: 06 April 2018 20:05:00
To: Scott Hezzell; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Spring Boot Adapter - change Cache-Control : private header
Have you disabled cache control headers via Spring Security?
@Override
protected void configure( HttpSecurity http ) throws Exception {
// @formatter:off
http
.cors().and()
.headers()
.cacheControl().disable()
Then enabled via your controller?
return ResponseEntity.ok().cacheControl( CacheControl.maxAge( 600,
TimeUnit.SECONDS) ).body( response) );
--
Christopher Savory
Software Engineer | EdLogics
On 4/6/18, 11:59 AM, "keycloak-user-bounces(a)lists.jboss.org on behalf of Scott
Hezzell" <keycloak-user-bounces(a)lists.jboss.org on behalf of
Scotthezzell(a)benefex.co.uk> wrote:
Hi
Spring Boot Version: 1.5.10.RELEASE
Keycloak Spring Boot Adapter Version: 3.4.3.Final
Is there any way to update the Cache-Control header set to private? Any Cache-Control
headers set in my controller are always overridden by the settings set by the keycloak
adapter.
Thanks
Scott
[Benefex Logo]
Scott Hezzell
Senior Developer
hellobenefex.com<https://www.benefex.co.uk>
[
https://bfx-media.com/img/social%20LinkedIn.png]<https://www.linkedin....
[Twitter] <
https://twitter.com/hellobenefex>
Benefex Ltd, Mountbatten House, Grosvenor Square, Southampton, SO15 2JU. Registered
Number: 04768546
As the sender of this email, we hope that you are the intended addressee and that you
are having a nice day. Please take a moment to note that this message may contain
information that is confidential or privileged and exempt from disclosure under applicable
law. If this wasn't meant for your eyes, please do take the time to let us know and
delete this message from all data storage systems. You should also note that the
disclosure or copying of this email, or the use of its contents, is prohibited. Thank
you!
This message has been scanned for malware by Websense.
www.websense.com<http://www.websense.com>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user