将HSTS功能添加到Tomcat

您可以使用过滤器添加它。将以下代码段添加到web.xml：

<filter>    <filter-name>HSTSFilter</filter-name>    <filter-class>security.HSTSFilter</filter-class></filter>

然后在您的Web应用程序中创建一个过滤器：

package security;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletResponse;public class HSTSFilter implements Filter {    public void doFilter(ServletRequest req, ServletResponse res,        FilterChain chain) throws IOException, ServletException {        HttpServletResponse resp = (HttpServletResponse) res;        if (req.isSecure()) resp.setHeader("Strict-Transport-Security", "max-age=31622400; includeSubDomains");        chain.doFilter(req, resp);    }}

也可以使用全局web.xml（conf / web.xml）添加过滤器。