ie中 https(SSL)不能下载问题解决方案 - javaee

前几天在把几个web应用配置为https (SSL)时出现了一个问题　搞了几天　查了资料才解决

我在csdn的论坛上也提了这个问题可以没有人回答，这里就不详细描述问题了　问题查看:http://topic.csdn.net/u/20120320/11/7bdeb2a1-231c-4302-b051-4e02d139d572.html

问题剖析:这是ie的一个bug,详见:http://support.microsoft.com/kb/323308

大概就是ie在https上当服务器返回的文档头Header里设置的缓存(Cache-Control)t和Pragma为private时下载资源文件就有问题了　，但是设置为public了就没有问题了

我这里就以我出现的问题说明解决方法,我的问题是flex项目使用https后flash加载不成功

在web.xml中加filter对swf过滤,设置Cache-Control和Pragma为public 

filter 如下:

public class SwfSSLFilter implements Filter {

	public void destroy() {

	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {

		HttpServletRequest httpServletRequest = (HttpServletRequest) request;
		HttpServletResponse httpServletResponse = (HttpServletResponse) response;

		// 通过https访问swf时
		if (httpServletRequest.getScheme() == "https"
				&& httpServletRequest.getRequestURI().endsWith(".swf")) {
			httpServletResponse.setHeader("Expires", "0");
			httpServletResponse.setHeader("Pragma", "public");
			httpServletResponse.setHeader("Cache-Control",
					"must-revalidate, post-check=0, pre-check=0");
			httpServletResponse.setHeader("Cache-Control", "public");
		}

		chain.doFilter(request, response);

	}

	public void init(FilterConfig filterConfig) throws ServletException {

	}

}

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	<filter>
		<display-name>SwfSSLFilter</display-name>
		<filter-name>SwfSSLFilter</filter-name>
		<filter-class>com.the4thcity.mg.filters.SwfSSLFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>SwfSSLFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<login-config>
		<!-- Authorization setting for SSL -->
		<auth-method>CLIENT-CERT</auth-method>
		<realm-name>Client Cert Users-only Area</realm-name>
	</login-config>
	<security-constraint>
		<!-- Authorization setting for SSL -->
		<web-resource-collection>
			<web-resource-name>SSL</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

</web-app>

主要是以下处理

		httpServletResponse.setHeader("Expires", "0");
		httpServletResponse.setHeader("Pragma", "public");
		httpServletResponse.setHeader("Cache-Control",
					"must-revalidate, post-check=0, pre-check=0");
		httpServletResponse.setHeader("Cache-Control", "public");

如时其它语言的程序，就是在响应(Response)中设置header的以上几个属性