Enable caching.

ewoerner · ewoerner · commit bcd8c4a7781d · 2024-10-04T09:03:53.000+02:00
This removes the predefined Spring headers
- Cache-Control: no-cache, no-store, max-age=0, must-revalidate
- Pragma: no-cache
- Expires: 0
and adds the header
- Cache-Control: must-revalidate
diff --git a/src/main/java/com/bannergress/backend/security/KeycloakSecurityConfig.java b/src/main/java/com/bannergress/backend/security/KeycloakSecurityConfig.java
@@ -3,27 +3,38 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
+import org.springframework.http.HttpHeaders;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.header.writers.StaticHeadersWriter;
 
 /** Keycloak security configuration. */
 @Configuration
 @EnableMethodSecurity(jsr250Enabled = true, prePostEnabled = true)
 @Profile("!dev")
 public class KeycloakSecurityConfig {
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http //
             .csrf(CsrfConfigurer::disable) //
+            .headers(this::customizeHeaders)
             .oauth2ResourceServer(
                 oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))) //
             .authorizeHttpRequests(auth -> auth.anyRequest().permitAll()) //
             .build();
     }
 
+    private HeadersConfigurer<HttpSecurity> customizeHeaders(HeadersConfigurer<HttpSecurity> customizer) {
+        return customizer //
+            .cacheControl(CacheControlConfig::disable)
+            .addHeaderWriter(new StaticHeadersWriter(HttpHeaders.CACHE_CONTROL, "must-revalidate"));
+    }
+
     private JwtAuthenticationConverter jwtAuthenticationConverter() {
         JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter();
         jwtConverter.setJwtGrantedAuthoritiesConverter(new KeycloakRealmRoleConverter());
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -16,11 +16,6 @@ spring:
       hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
       hibernate.search.backend.directory.root: searchindex/
       hibernate.id.db_structure_naming_strategy: single
-  web:
-    resources:
-      cache:
-        cachecontrol:
-          no-store: false
   sql:
     init:
       platform: postgresql
