[keycloak-user] Spring Boot Adapter - change Cache-Control : private header

Scott Hezzell Scotthezzell at benefex.co.uk
Sat Apr 7 10:06:01 EDT 2018 

Thanks Chris.


I wasn't using sprint security but I have included and added the configuration below to disable the cache control headers and this makes no difference. I also tried a similar configuration with the KeycloakWebSecurityConfigurerAdapter and still the same result. I still get the Cache-Control header set to private. I am using the spring boot keycloak adaptor to secure a rest api using keycloak JWT tokens.


If I make the controller action unsecured I get the ResponseEntity CacheControl configuration as expected.


Cheers
Scott

________________________________
From: Chris Savory <chris.savory at edlogics.com>
Sent: 06 April 2018 20:05:00
To: Scott Hezzell; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Spring Boot Adapter - change Cache-Control : private header

Have you disabled cache control headers via Spring Security?

@Override
protected void configure( HttpSecurity http ) throws Exception {

        // @formatter:off
        http
        .cors().and()
        .headers()
                .cacheControl().disable()


Then enabled via your controller?

       return ResponseEntity.ok().cacheControl( CacheControl.maxAge( 600, TimeUnit.SECONDS) ).body( response) );

--
Christopher Savory
Software Engineer | EdLogics

On 4/6/18, 11:59 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Scott Hezzell" <keycloak-user-bounces at lists.jboss.org on behalf of Scotthezzell at benefex.co.uk> wrote:

    Hi


    Spring Boot Version: 1.5.10.RELEASE

    Keycloak Spring Boot Adapter Version: 3.4.3.Final


    Is there any way to update the Cache-Control header set to private? Any Cache-Control headers set in my controller are always overridden by the settings set by the keycloak adapter.


    Thanks
    Scott



     [Benefex Logo]

    Scott Hezzell
    Senior Developer




    hellobenefex.com<https://www.benefex.co.uk>
    [https://bfx-media.com/img/social%20LinkedIn.png]<https://www.linkedin.com/company/hellobenefex> [Twitter] <https://twitter.com/hellobenefex>

    Benefex Ltd, Mountbatten House, Grosvenor Square, Southampton, SO15 2JU. Registered Number: 04768546
    As the sender of this email, we hope that you are the intended addressee and that you are having a nice day. Please take a moment to note that this message may contain information that is confidential or privileged and exempt from disclosure under applicable law. If this wasn't meant for your eyes, please do take the time to let us know and delete this message from all data storage systems. You should also note that the disclosure or copying of this email, or the use of its contents, is prohibited. Thank you!


    This message has been scanned for malware by Websense. www.websense.com<http://www.websense.com>
    _______________________________________________
    keycloak-user mailing list
    keycloak-user at lists.jboss.org
    https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list