Java 通过https提供某些URL和通过http提供rest时的无限循环
我正试图让我的spring应用程序在Nginx后面工作。SSL在nginx端终止。来自nginx的所有请求都通过8080端口发送到Tomcat。/profil/中的Url必须通过ssl安全,rest Url不应安全。我决定使用“proxy\u set\u header X-Forwarded-Proto”通知我的应用程序有关协议的信息。在应用程序方面,我创建了自定义的Java 通过https提供某些URL和通过http提供rest时的无限循环,java,spring,ssl,nginx,tomcat7,Java,Spring,Ssl,Nginx,Tomcat7,我正试图让我的spring应用程序在Nginx后面工作。SSL在nginx端终止。来自nginx的所有请求都通过8080端口发送到Tomcat。/profil/中的Url必须通过ssl安全,rest Url不应安全。我决定使用“proxy\u set\u header X-Forwarded-Proto”通知我的应用程序有关协议的信息。在应用程序方面,我创建了自定义的通道处理器,就像这里一样 问题是当我想从https://some.domain.com/profil/至主页https://som
通道处理器https://some.domain.com/profil/https://some.domain.comhttp://some.domain.com# HTTPS server
#
server {
listen 443;
server_name some.domain.com;
root /srv/www/;
ssl on;
ssl_certificate /etc/nginx/ssl/server.cer;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
listen 80;
server_name some.domain.com;
root /srv/www/;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://127.0.0.1:8080/;
}
}
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
proxyName="some.domain.com"
redirectPort="8443"
URIEncoding="UTF-8" />
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
</Host>
</Engine>
</Service>
</Server>
@Configuration
public class LoadBalancerHack implements BeanPostProcessor {
final static Logger LOGGER = Logger.getLogger(LoadBalancerHack.class);
@Autowired
SecureChannelProcessorHack secureChannelProcessorHack;
@Autowired
InsecureChannelProcessorHack insecureChannelProcessorHack;
@Value("#{'${behind.loadbalancer}'}")
boolean behindLoadBalancer;
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (behindLoadBalancer && bean instanceof ChannelDecisionManagerImpl) {
LOGGER.info("********* Post-processing " + beanName);
((ChannelDecisionManagerImpl) bean).setChannelProcessors(newArrayList(
insecureChannelProcessorHack,
secureChannelProcessorHack
));
}
return bean;
}
}
@Component
public class InsecureChannelProcessorHack extends InsecureChannelProcessor {
@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
for (ConfigAttribute attribute : config) {
if (supports(attribute)) {
if ("https".equals(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
getEntryPoint().commence(invocation.getRequest(),
invocation.getResponse());
}
}
}
}
}
@Component
public class SecureChannelProcessorHack extends SecureChannelProcessor {
@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
for (ConfigAttribute attribute : config) {
if (supports(attribute)) {
if ("http".equals(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
getEntryPoint().commence(invocation.getRequest(),
invocation.getResponse());
}
}
}
}
}
@组件
公共类UnsecureChannelProcessorHack扩展了UnsecureChannelProcessor{
@凌驾
public void decise(FilterInvocation调用、集合配置)抛出IOException、ServletException{
for(ConfigAttribute:config){
if(支持(属性)){
if(“https”.equals(invocation.getHttpRequest().getHeader(“X-Forwarded-Proto”)){
getEntryPoint().Start(调用.getRequest(),
getResponse());
}
}
}
}
}
@Component
public class InsecureChannelProcessorHack extends InsecureChannelProcessor {
@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
for (ConfigAttribute attribute : config) {
if (supports(attribute)) {
if ("https".equals(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
getEntryPoint().commence(invocation.getRequest(),
invocation.getResponse());
}
}
}
}
}
@Component
public class SecureChannelProcessorHack extends SecureChannelProcessor {
@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
for (ConfigAttribute attribute : config) {
if (supports(attribute)) {
if ("http".equals(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
getEntryPoint().commence(invocation.getRequest(),
invocation.getResponse());
}
}
}
}
}
@组件
公共类SecureChannelProcessorHack扩展SecureChannelProcessor{
@凌驾
public void decise(FilterInvocation调用、集合配置)抛出IOException、ServletException{
for(ConfigAttribute:config){
if(支持(属性)){
if(“http”.equals(invocation.getHttpRequest().getHeader(“X-Forwarded-Proto”)){
getEntryPoint().Start(调用.getRequest(),
getResponse());
}
}
}
}
}
redirectPort=“8443”proxyPort=“443”scheme=“HTTPS”