我在 Web 应用程序中使用 Spring Security 框架。我已经安装了 SSL 证书并且能够通过以下方式访问我的应用程序https
。
现在,当我添加requires-channel="https"
归属于所有人intercept-url
指令服务器响应:
Error 310 (net::ERR_TOO_MANY_REDIRECTS) to many connections
spring 每次都会运行此代码:
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - / at position 1 of 12 in additional filter chain; firing Filter: 'ChannelProcessingFilter'
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/'; against '/'
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.access.channel.ChannelProcessingFilter - Request: FilterInvocation: URL: /; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint - Redirecting to: https://sky-handling.ejl-group.com/
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'https://sub.domain.com/'
我该如何解决这个问题?
谢谢
UPD #1:
<http use-expressions="true">
<form-login login-page="/wellcome/" login-processing-url="/login" default-target-url="/" always-use-default-target="false"
authentication-failure-url="/wellcome/?error=1" username-parameter="email" password-parameter="password" />
<remember-me key="temp" token-validity-seconds="-1" />
<logout invalidate-session="true" logout-success-url="/" logout-url="/logout"/>
<intercept-url pattern="/" access="authenticated"/>
<intercept-url pattern="/administration/**" access="authenticated"/>
<intercept-url pattern="/wellcome/" access="permitAll"/>
<intercept-url pattern="/login" access="permitAll"/>
<custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
</http>
我将现有证书导入到密钥库并配置了 tomcat,但是如果我添加这样的行:
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateKeyFile /usr/local/ssl/private/*.ejl-group.com.key
SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt
ServerName sub.domain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/
</VirtualHost>
它失败了503 Service Temporarily Unavailable
error
我通过在 security.xml 文件中添加端口映射来修复此问题:
<http>
<port-mappings>
<port-mapping http="8088" https="8443"/>
<port-mapping http="80" https="443"/>
</port-mappings>
</http>
这个博客帮助了我:http://consultingblogs.emc.com/richardtiffin/archive/2010/10/15/applying-ssl-to-a-spring-web-application-on-tomcat.aspx http://consultingblogs.emc.com/richardtiffin/archive/2010/10/15/applying-ssl-to-a-spring-web-application-on-tomcat.aspx
如果您位于负载均衡器后面,则必须添加一些代码:使用 Spring Security 将 https 卸载到负载均衡器 https://stackoverflow.com/questions/8002272/offloading-https-to-load-balancers-with-spring-security/16083089#16083089
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)