{"id":406,"date":"2023-04-28T16:06:24","date_gmt":"2023-04-28T07:06:24","guid":{"rendered":"https:\/\/software.satoshis.jp\/?p=406"},"modified":"2023-09-04T17:32:41","modified_gmt":"2023-09-04T08:32:41","slug":"google-app-engine%e3%81%a7http%e3%82%92https%e3%81%ab%e3%83%aa%e3%83%80%e3%82%a4%e3%83%ac%e3%82%af%e3%83%88%e3%81%99%e3%82%8b%e3%81%ab%e3%81%af","status":"publish","type":"post","link":"https:\/\/software.satoshis.jp\/?p=406","title":{"rendered":"Google App Engine\u306eSpring boot\u3067http\u3092https\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3059\u308b\u306b\u306f"},"content":{"rendered":"

GAE\/Java\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u3066\u3001\u72ec\u81ea\u30c9\u30e1\u30a4\u30f3\u3082\u5272\u308a\u5f53\u3066\u3066\u3001\u52d5\u304b\u3057\u3066\u307f\u305f\u306e\u3067\u3059\u3002<\/p>\n

\u3068\u308a\u3042\u3048\u305a\u52d5\u304f\u306e\u3067\u3059\u304c\u3001https\u3067\u306f\u306a\u3044\u306e\u3067\u3001Chrome\u304c\u300c\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u300d\u3068\u6587\u53e5\u3092\u8a00\u3044\u307e\u3059\u3002<\/p>\n

\u306a\u306e\u3067\u3001http\u63a5\u7d9a\u3060\u3063\u305f\u3089https\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u305f\u304b\u3063\u305f\u306e\u3067\u3059\u3002<\/p>\n

Spring Security\u3092\u6709\u52b9\u5316\u3059\u308b<\/h3>\n

Spring Security\u3092\u6709\u52b9\u5316\u3059\u308b\u3068\u30c7\u30d5\u30a9\u30eb\u30c8\u3067http\u3092https\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3059\u308b\u3089\u3057\u3044\u3067\u3059\u3002
\n\u5f53\u7136\u3067\u3059\u304c\u3001Spring Security \u306f\u6709\u52b9\u5316\u3057\u3066\u3044\u308b\u3064\u3082\u308a\u3067\u3059\u3002
\n\u3082\u3057\u304b\u3057\u3066\u3001\u3053\u308c\u3060\u3051\u3058\u3083\u6709\u52b9\u5316\u3067\u304d\u3066\u306a\u304b\u3063\u305f\u308a\u3057\u307e\u3059\uff1f\uff1f\uff1f<\/p>\n

\r\n\t<dependency>\r\n\t\t<groupId>org.springframework.boot<\/groupId>\r\n\t\t<artifactId>spring-boot-starter-security<\/artifactId>\r\n\t<\/dependency>\r\n<\/pre>\n
\u305d\u3082\u305d\u3082\u3001Http Strict Transport Security\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u6709\u52b9\u5316\u3055\u308c\u3066\u3044\u308b\u3068\u3001Spring Security\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\u306e\u306b\u3001
\n\u30b5\u30a4\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3082Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u3093\u3067\u3059\u3088\u306d\u3002
\npom.xml\u306b\u4e0a\u8a18\u306edependency\u3092\u8ffd\u52a0\u3059\u308b\u3060\u3051\u3067\u306fStrict Transport Security\u30d8\u30c3\u30c0\u30fc\u304c\u8ffd\u52a0\u3055\u308c\u306a\u3044\u3093\u3067\u3057\u3087\u3046\u304b\uff1f<\/p>\n
\u306a\u305c\u306a\u306e\u304b\u3002<\/p>\n
app.yaml\u3067\u8a2d\u5b9a\u3059\u308b<\/h3>\n
\u3067\u3001\u300capp engine http https redirect\u300d\u3050\u3050\u3063\u305f\u3089\u3001\u4e00\u756a\u305f\u304f\u3055\u3093\u3067\u3066\u304d\u308b\u306e\u304c\u3001app.yaml\u3067\u306e\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n
\u226b https:\/\/cloud.google.com\/appengine\/docs\/standard\/reference\/app-yaml?hl=ja&tab=java<\/a><\/p>\n
src\/main\/appengine\/app.yaml<\/p>\n
\r\nhandlers:\r\n- url: \/.*\r\n  secure: always\r\n  script: auto\r\n<\/pre>\n
\u3084\u3063\u3066\u307f\u305f\u3093\u3067\u3059\u304c\u3001\u30c7\u30d7\u30ed\u30a4\u3067\u30a8\u30e9\u30fc\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n
\r\nERROR: (gcloud.app.deploy) INVALID_ARGUMENT: WEB-INF\/appengine-web.xml is required for this runtime.\r\n<\/pre>\n
appengine-web.xml \u3092\u4f5c\u3063\u3066\u30c7\u30d7\u30ed\u30a4\u3057\u306a\u304a\u3057\u305f\u3089\u3001\u300c404 not found\u300d\u30a8\u30e9\u30fc\u3067\u3059\u3002<\/p>\n
\u306a\u305c\u306a\u306e\u304b\u3002<\/p>\n
\u306a\u3093\u3068\u306a\u304f\u3001appengine-web.xml\u3092\u8a2d\u7f6e\u3059\u308b\u3068\u3001web.xml\u3092\u53c2\u7167\u3057\u3066\u3001URL\u3068\u30b5\u30fc\u30d6\u30ec\u30c3\u30c8\u306e\u5bfe\u5fdc\u3067\u51e6\u7406\u3057\u3066\u308b\u3063\u307d\u3044\u52d5\u304d\u3067\u3059\u3002
\nSpring Boot\u306a\u306e\u3067\u30a2\u30ce\u30c6\u30fc\u30b7\u30e7\u30f3\u3067URL\u3068\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u306e\u30e1\u30bd\u30c3\u30c9\u3092\u5bfe\u5fdc\u4ed8\u3051\u3066\u3044\u307e\u3059\u304c\u3001\u305d\u308c\u304c\u5168\u90e8\u7121\u8996\u3055\u308c\u3066\u3057\u307e\u3063\u3066\u308b\uff1f<\/p>\n
SecurityConfig\u3067Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u3092\u8a2d\u5b9a\u3059\u308b<\/h3>\n
Spring Security\u306e\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u3057\u305f\u304c\u3063\u3066\u3001Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u3092\u4ed8\u52a0\u3059\u308b\u30b3\u30fc\u30c9\u3092\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n
https:\/\/docs.spring.io\/spring-security\/site\/docs\/5.3.9.RELEASE\/reference\/html5\/#headers-hsts<\/a><\/p>\n
\r\n@Configuration\r\n@EnableWebSecurity\r\npublic class SecurityConfig {\r\n    @Bean\r\n    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {\r\n        http.headers(\r\n            headers -> \r\n            headers\r\n            .httpStrictTransportSecurity(\r\n                hsts -> \r\n                hsts\r\n                .includeSubDomains(false)\r\n                .maxAgeInSeconds(31536000)\r\n                .preload(true)));\r\n        return http.build();\r\n    }\r\n}\r\n<\/pre>\n
\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u66f8\u3044\u3066\u3042\u308b\u3068\u304a\u308a\u306b\u3084\u3063\u3066\u307f\u305f\u3093\u3067\u3059\u304c\u3001Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u306f\u8ffd\u52a0\u3055\u308c\u3066\u307e\u305b\u3093\u3002<\/p>\n
\u306a\u305c\u306a\u306e\u304b\u3002<\/p>\n
\u5225\u306e\u65b9\u6cd5\u3092\u3050\u3050\u3063\u3066\u307f\u307e\u3059\u3002<\/p>\n
web.xml\u3067Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u3092\u8a2d\u5b9a\u3059\u308b<\/h3>\n
web.xml\u30d5\u30a1\u30a4\u30eb\u3067\u305d\u308c\u3092\u6307\u5b9a\u3059\u308b\u65b9\u6cd5\u3082\u3042\u308b\u307f\u305f\u3044\u3067\u3059\u3002<\/p>\n
https:\/\/stackoverflow.com\/questions\/63851254\/spring-boot-application-http-to-https-redirect-in-google-app-engine<\/a><\/p>\n
\r\n<?xml version="1.0" encoding="utf-8"?>                                                                                                                                                                                    \r\n<web-app xmlns="http:\/\/xmlns.jcp.org\/xml\/ns\/javaee"                                                                                                                                                                                    \r\n         xmlns:xsi="http:\/\/www.w3.org\/2001\/XMLSchema-instance"                                                                                                                                                                         \r\n         xsi:schemaLocation="http:\/\/xmlns.jcp.org\/xml\/ns\/javaee                                                                                                                                                                        \r\n                             http:\/\/xmlns.jcp.org\/xml\/ns\/javaee\/web-app_3_1.xsd"                                                                                                                                                       \r\n                             version="3.1">                                                                                                                                                                                            \r\n  <security-constraint>                                                                                                                                                                                                                \r\n    <web-resource-collection>                                                                                                                                                                                                          \r\n      <web-resource-name>HTTPS Redirect<\/web-resource-name>                                                                                                                                                                            \r\n      <url-pattern>\/*<\/url-pattern>                                                                                                                                                                                                    \r\n    <\/web-resource-collection>                                                                                                                                                                                                         \r\n    <user-data-constraint>                                                                                                                                                                                                             \r\n      <transport-guarantee>CONFIDENTIAL<\/transport-guarantee>                                                                                                                                                                          \r\n    <\/user-data-constraint>                                                                                                                                                                                                            \r\n  <\/security-constraint>                                                                                                                                                                                                               \r\n<\/web-app>\r\n<\/pre>\n
\u3084\u3063\u3066\u307f\u305f\u3051\u3069\u3001\u4f55\u3082\u5909\u308f\u3089\u306a\u3044\u3093\u3067\u3059\u3088\u306d\u3002<\/p>\n
Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u3092\u8a2d\u5b9a\u3059\u308b<\/h3>\n
Spring Security\u306e\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u65b9\u6cd5\u3082\u66f8\u304b\u308c\u3066\u307e\u3059
\nStrict Transport Security\u30d8\u30c3\u30c0\u30fc\u3092\u8ffd\u52a0\u3059\u308b\u65b9\u6cd5\u3067\u3059\u3002<\/p>\n
\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u63b2\u8f09\u3055\u308c\u3066\u3044\u308b\u3053\u306e\u30b3\u30fc\u30c9\u3092\u8ffd\u52a0\u3057\u3066\u307f\u305f\u3089\u3001HTTPS\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u307e\u3057\u305f\uff01\uff01<\/p>\n
\u305d\u3057\u3066\u3001ERR_TOO_MANY_REDIRECTS\u304c\u767a\u751f\u3002<\/p>\n
\u306a\u305c\u304b\u306e\u304b\u3002<\/p>\n
https:\/\/spring.pleiades.io\/spring-security\/reference\/servlet\/exploits\/http.html<\/a><\/p>\n
\r\n@Configuration\r\n@EnableWebSecurity\r\npublic class WebSecurityConfig {\r\n    @Bean\r\n    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {\r\n        http\r\n            \/\/ ...\r\n            .requiresChannel(channel -> channel\r\n                .anyRequest().requiresSecure()\r\n            );\r\n        return http.build();\r\n    }\r\n}\r\n<\/pre>\n
\u89e3\u6c7a<\/h3>\n
\u30b7\u30f3\u30d7\u30eb\u306b\u8003\u3048\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n
\u8981\u3059\u308b\u306b\u3001Strict Transport Security\u30d8\u30c3\u30c0\u30fc\u304c\u4ed8\u3051\u3070\u3044\u3044\u3093\u3060\u304b\u3089\u3001\u666e\u901a\u306e\u624b\u9806\u3067\u30d8\u30c3\u30c0\u30fc\u3092\u8ffd\u52a0\u3059\u308c\u3070\u3044\u3044\u306e\u3067\u306f\uff1f<\/p>\n
https:\/\/www.techiedelight.com\/ja\/add-custom-header-to-all-responses-spring-boot\/<\/a><\/p>\n
\r\n@Component\r\npublic class HstsFilter extends OncePerRequestFilter {\r\n\r\n    @Override\r\n    protected void doFilterInternal(HttpServletRequest request,\r\n                                    HttpServletResponse response,\r\n                                    FilterChain filterChain) throws ServletException, IOException {\r\n        response.addHeader("Strict-Transport-Security", "max-age=31536000");\r\n        filterChain.doFilter(request, response);\r\n    }\r\n}\r\n<\/pre>\n
\u3053\u308c\u3067\u3001\u3044\u3044\u611f\u3058\u306b\u52d5\u3044\u3066\u304f\u308c\u307e\u3057\u305f\u3002<\/p>\n
\u3066\u3044\u3046\u304b\u3001Spring Security\u306e\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304c\u4fe1\u7528\u3067\u304d\u306a\u3044\u3063\u3066\u3069\u3046\u3088\u3002
\n\u306a\u306b\u304b\u5927\u5207\u306a\u3053\u3068\u3092\u8aad\u307f\u843d\u3068\u3057\u3066\u308b\u53ef\u80fd\u6027\u306f\u3042\u308b\u3093\u3060\u3051\u3069\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
GAE\/Java\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u3066\u3001\u72ec\u81ea\u30c9\u30e1\u30a4\u30f3\u3082\u5272\u308a\u5f53\u3066\u3066\u3001\u52d5\u304b\u3057\u3066\u307f\u305f\u306e\u3067\u3059\u3002 \u3068\u308a\u3042\u3048\u305a\u52d5\u304f\u306e\u3067\u3059\u304c\u3001https\u3067\u306f\u306a\u3044\u306e\u3067\u3001Chrome\u304c\u300c\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u300d\u3068\u6587\u53e5\u3092\u8a00\u3044\u307e\u3059\u3002 … <\/p>\n","protected":false},"author":1,"featured_media":386,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146,71,102,162],"tags":[147,161,159,160,83],"class_list":["post-406","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gae","category-java","category-security","category-spring-boot","tag-gae","tag-google-app-engine","tag-https","tag-redirect","tag-spring-boot"],"nelio_content":{"autoShareEndMode":"never","automationSources":{"useCustomSentences":false,"customSentences":[]},"efiAlt":"","efiUrl":"","followers":[1],"highlights":[],"isAutoShareEnabled":true,"networkImageIds":[],"permalinkQueryArgs":[],"series":[],"suggestedReferences":[]},"views":2463,"_links":{"self":[{"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/posts\/406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=406"}],"version-history":[{"count":7,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/posts\/406\/revisions"}],"predecessor-version":[{"id":443,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/posts\/406\/revisions\/443"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=\/wp\/v2\/media\/386"}],"wp:attachment":[{"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/software.satoshis.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}