How do I set cache control to css and js files in SpringBoot?

Question

I'm new to SpringBoot.

I make my project based on a sample project of Springboot. I'd like to control the http headers for cache just for js/css files.

I've added a js file test.js under src/resources/static then reference it in greeting.html.

Then I follow some answers on StackOverflow and add the WebMvcConfiguration.java and WebSecurityConfig.java as such but it doesn't work for me.

I'm sure whether WebMvcConfiguration and WebSecurityConfig should not be used together or I've configured something wrong. I prefer a solution with Java Config, not XML.

I open ChromeDevTool to check the response from server. The reponse http header is

Accept-Ranges:bytes
Cache-Control:no-store
Content-Length:20
Content-Type:application/javascript
Date:Thu, 02 Feb 2017 10:53:14 GMT
Expires:
Last-Modified:Thu, 02 Feb 2017 10:52:49 GMT
Pragma:

Thanks!

UPDATE: When I removed WebSecurityConfig, I got the following header

Accept-Ranges:bytes
Cache-Control:no-store
Content-Length:20
Content-Type:application/javascript
Date:Thu, 02 Feb 2017 11:14:51 GMT
Last-Modified:Thu, 02 Feb 2017 11:14:20 GMT

greeting.html

<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head> 
    <title>Getting Started: Serving Web Content</title> 
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <script th:src="@{/test.js}"></script>
</head>
<body>
    <p th:text="'Hello, ' + ${name} + '!'" />
</body>
</html>

WebMvcConfiguration.java

@EnableWebMvc
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/test.js").addResourceLocations("classpath:/resources/").setCachePeriod(31556926);
    }
}

WebSecurityConfig.java

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable()
              .headers()
              .defaultsDisabled()
              .cacheControl();
  }
}

Answer 1

Modern SpringBoot (at least in 2018, not sure when it got added), has properties for managing this:

spring.resources.cache.cachecontrol.cache-private= # Indicate that the response message is intended for a single user and must not be stored by a shared cache.
spring.resources.cache.cachecontrol.cache-public= # Indicate that any cache may store the response.
spring.resources.cache.cachecontrol.max-age= # Maximum time the response should be cached, in seconds if no duration suffix is not specified.
spring.resources.cache.cachecontrol.must-revalidate= # Indicate that once it has become stale, a cache must not use the response without re-validating it with the server.
spring.resources.cache.cachecontrol.no-cache= # Indicate that the cached response can be reused only if re-validated with the server.
spring.resources.cache.cachecontrol.no-store= # Indicate to not cache the response in any case.
spring.resources.cache.cachecontrol.no-transform= # Indicate intermediaries (caches and others) that they should not transform the response content.
spring.resources.cache.cachecontrol.proxy-revalidate= # Same meaning as the "must-revalidate" directive, except that it does not apply to private caches.
spring.resources.cache.cachecontrol.s-max-age= # Maximum time the response should be cached by shared caches, in seconds if no duration suffix is not specified.
spring.resources.cache.cachecontrol.stale-if-error= # Maximum time the response may be used when errors are encountered, in seconds if no duration suffix is not specified.
spring.resources.cache.cachecontrol.stale-while-revalidate= # Maximum time the response can be served after it becomes stale, in seconds if no duration suffix is not specified.

https://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html