那些遇到过的问题

相关疑难解决方法(0)

如何处理 Spring Boot 2.2.0 中的 x-forwarded-headers?(反向代理背后的Spring Web MVC)

我的带有 Spring Web MVC 的 Spring Boot 2.2.0 应用程序在反向代理后面运行。Spring 如何正确处理X-Forwarded-{Prefix,Host,Proto}-headers 以识别向服务器发出的实际请求?

spring-mvc spring-boot

phi*_*611
2019 12-01
19
推荐指数
1
解决办法
2万
查看次数

登录后Spring安全切换到http.我该如何保留https?

我正在使用Spring MVC和Spring Security.我的重定向是将https切换到http,直到找到这篇文章.Spring MVC"redirect:"前缀总是重定向到http - 如何让它保持在https?.我还必须在我的AjaxUrlBasedViewResolver中将redirectHttp10Compatible属性设置为false.

问题是https在登录后仍然会切换到http.登录后,我可以将我的应用程序设置回地址栏中的https,它会坚持下去.此外,我正在为大多数用户使用IP身份验证,在这种情况下,由于上面的解决方案,https仍然存在.

我正在尝试将redirectHtp10Compatible添加到login_security_check或类似的东西,但我被卡住了.这是我的security-config.xml.

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:util="http://www.springframework.org/schema/util"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:context="http://www.springframework.org/schema/context"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<global-method-security pre-post-annotations="enabled" />

<http auto-config='true' access-denied-page="/login">
    <intercept-url pattern="/static/styles/**" filters="none" />
    <intercept-url pattern="/static/scripts/**" filters="none" />

    <intercept-url pattern="/login/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/error/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/api/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/ajaxTimeOut" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/checkSystem" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/adminUser/**" access="ROLE_SSADMIN" />
    <intercept-url pattern="/**" access="ROLE_USER" />

    <form-login login-page="/ajaxTimeOut" login-processing-url="/login_security_check" authentication-failure-url="/login?login_error=t" default-target-url="/" always-use-default-target="true" />
    <logout logout-url="/logout" logout-success-url="/"/>
    <custom-filter …
Run Code Online (Sandbox Code Playgroud)

https redirect spring spring-security

Mar*_*arc
2017 05-23
5
推荐指数
1
解决办法
3661
查看次数

标签 统计

https ×1

redirect ×1

spring ×1

spring-boot ×1

spring-mvc ×1

spring-security ×1