将Tomcat与ApacheforSpringMVC一起使用ERR_TOO_MANY_重定向错误_Spring_Apache_Tomcat_Spring Security_Reverse Proxy

将Tomcat与ApacheforSpringMVC一起使用ERR_TOO_MANY_重定向错误

spring apache tomcat spring-security

将Tomcat与ApacheforSpringMVC一起使用ERR_TOO_MANY_重定向错误,spring,apache,tomcat,spring-security,reverse-proxy,Spring,Apache,Tomcat,Spring Security,Reverse Proxy,我有一个SpringMVC（v4.3.1）Web应用程序在Tomcat服务器（v8.5）上运行，该服务器前面有一个用作反向代理的Apache（v2.4）应用程序服务器我在Apache上安装了SSL证书，以便它处理所有安全（：443）和非安全（：80）传入请求，并将它们重定向到Tomcat实例我想处理所有与外部世界的安全通信（SSL）。但是在Apache和Tomcat之间，不需要通过安全端口进行通信。这就是为什么Apache将所有HTTP请求重定向到HTTPS 我还使用SpringSecuri

我有一个SpringMVC（v4.3.1）Web应用程序在Tomcat服务器（v8.5）上运行，该服务器前面有一个用作反向代理的Apache（v2.4）应用程序服务器

我在Apache上安装了SSL证书，以便它处理所有安全（：443）和非安全（：80）传入请求，并将它们重定向到Tomcat实例

我想处理所有与外部世界的安全通信（SSL）。但是在Apache和Tomcat之间，不需要通过安全端口进行通信。这就是为什么Apache将所有HTTP请求重定向到HTTPS

我还使用SpringSecurity（v4）来处理所有用户授权/身份验证工作，所以我甚至可以注册/登录/注销等

我当前的服务器架构如下所示

总结之后，问题是，
每当我试图访问我的登录页面时，我都会从Chrome中得到错误重定向
此外当我访问Tomcat Manager（）并单击我的应用程序URL（/MyApp-1.0.0）时，**我可以成功地查看**我的登录页面，而不使用https。（单击部署在tomcat上的应用程序链接后，它将打开页面：）我相信这表明当我的web应用程序在tomcat实例上运行时没有问题。他们相处得很好。它怀疑我的问题是从带有SSL的Apache开始的
虚拟主机的Apache配置：

Listen 80 Listen 443 <VirtualHost *:80> ServerAdmin emrecaglar@gmail.com ServerName myapp.net ServerAlias www.myapp.net Redirect / https://www.myapp.net/ </VirtualHost> <VirtualHost *:443> ServerName myapp.net ServerAlias www.myapp.net ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/MyApp-1.0.0/ ProxyPassReverse / http://127.0.0.1:8080/MyApp-1.0.0/ SSLEngine on SSLCertificateFile /root/WWW.myapp.NET.crt SSLCertificateKeyFile /root/www.myapp.net.key SSLCertificateChainFile /root/dv_chain.txt ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/static/**").permitAll() .antMatchers("/register*").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .failureUrl("/login?error=true") .defaultSuccessUrl("/view/home") .permitAll() .and() .logout().logoutUrl("/logout").logoutSuccessUrl("/login? logout").invalidateHttpSession(true).deleteCookies("auth_code", "JSESSIONID").permitAll(); } }

@RequestMapping(value = "/", method = RequestMethod.GET) public String homePage(Principal principal) { /** * Initialize session user if not initialized */ return "redirect:/view/home"; }
我也读过一些关于permitAll（）的帖子，anonymous（）是不同的，所以permitAll（）甚至可能触发重定向循环，所以对于登录页面，它应该是anonymous（），但我无法验证它。我认为，从spring安全的角度来看，它还需要额外的角色
我的Spring控制器：

Listen 80 Listen 443 <VirtualHost *:80> ServerAdmin emrecaglar@gmail.com ServerName myapp.net ServerAlias www.myapp.net Redirect / https://www.myapp.net/ </VirtualHost> <VirtualHost *:443> ServerName myapp.net ServerAlias www.myapp.net ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/MyApp-1.0.0/ ProxyPassReverse / http://127.0.0.1:8080/MyApp-1.0.0/ SSLEngine on SSLCertificateFile /root/WWW.myapp.NET.crt SSLCertificateKeyFile /root/www.myapp.net.key SSLCertificateChainFile /root/dv_chain.txt ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/static/**").permitAll() .antMatchers("/register*").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .failureUrl("/login?error=true") .defaultSuccessUrl("/view/home") .permitAll() .and() .logout().logoutUrl("/logout").logoutSuccessUrl("/login? logout").invalidateHttpSession(true).deleteCookies("auth_code", "JSESSIONID").permitAll(); } }

@RequestMapping(value = "/", method = RequestMethod.GET) public String homePage(Principal principal) { /** * Initialize session user if not initialized */ return "redirect:/view/home"; }
另一个：

@Controller @RequestMapping(value = "/view") public class ViewController { @RequestMapping(value = "/home") public String getHomePage(Model model, Principal principal) { //some logic return "home"; } }
用于登录的Web MVC配置：

@Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login"); }
我有相关的视图解析器和视图（home.jsp、login.jsp）
Chrome开发者控制台调试重定向输出

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />

General Request URL: http://www.myapp.net/MyApp-1.0.0/login Request Method: GET Status Code: 302 Found Remote Address: 207.154.208.158:80 Referrer Policy: no-referrer-when-downgrade Response Header HTTP/1.1 302 Found Date: Sat, 17 Nov 2018 08:40:04 GMT Server: Apache/2.4.18 (Ubuntu) Location: https://www.myapp.net/MyApp-1.0.0/login Content-Length: 314 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Request Header Content-Type: text/html; charset=iso-8859-1 GET /MyApp-1.0.0/login HTTP/1.1 Host: www.myapp.net Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=8A4E001A841DBC4D55509605FF3E7E23 General Request URL: https://www.myapp.net/MyApp-1.0.0/login Request Method: GET Status Code: 302 Remote Address: 207.154.208.158:443 Referrer Policy: no-referrer-when-downgrade Response Header Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: Keep-Alive Content-Length: 0 Date: Sat, 17 Nov 2018 08:40:04 GMT Expires: 0 Keep-Alive: timeout=5, max=92 Location: http://www.myapp.net/MyApp-1.0.0/login Pragma: no-cache Server: Apache/2.4.18 (Ubuntu) X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Request Header Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cache-Control: no-cache Connection: keep-alive Cookie: JSESSIONID=8A4E001A841DBC4D55509605FF3E7E23 Host: www.myapp.net Pragma: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

[Sat Nov 17 08:37:59.376633 2018] [mpm_event:notice] [pid 20673:tid 140534533293952] AH00489: Apache/2.4.18 (Ubuntu) mod_jk/1.2.41 OpenSSL/1.0.2g configured -- resuming normal operations [Sat Nov 17 08:37:59.376707 2018] [core:notice] [pid 20673:tid 140534533293952] AH00094: Command line: '/usr/sbin/apache2'
请求再次在这两个从HTTPS到HTTP和HTPPS的请求之间循环

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />

General Request URL: http://www.myapp.net/MyApp-1.0.0/login Request Method: GET Status Code: 302 Found Remote Address: 207.154.208.158:80 Referrer Policy: no-referrer-when-downgrade Response Header HTTP/1.1 302 Found Date: Sat, 17 Nov 2018 08:40:04 GMT Server: Apache/2.4.18 (Ubuntu) Location: https://www.myapp.net/MyApp-1.0.0/login Content-Length: 314 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Request Header Content-Type: text/html; charset=iso-8859-1 GET /MyApp-1.0.0/login HTTP/1.1 Host: www.myapp.net Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=8A4E001A841DBC4D55509605FF3E7E23 General Request URL: https://www.myapp.net/MyApp-1.0.0/login Request Method: GET Status Code: 302 Remote Address: 207.154.208.158:443 Referrer Policy: no-referrer-when-downgrade Response Header Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: Keep-Alive Content-Length: 0 Date: Sat, 17 Nov 2018 08:40:04 GMT Expires: 0 Keep-Alive: timeout=5, max=92 Location: http://www.myapp.net/MyApp-1.0.0/login Pragma: no-cache Server: Apache/2.4.18 (Ubuntu) X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Request Header Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cache-Control: no-cache Connection: keep-alive Cookie: JSESSIONID=8A4E001A841DBC4D55509605FF3E7E23 Host: www.myapp.net Pragma: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

[Sat Nov 17 08:37:59.376633 2018] [mpm_event:notice] [pid 20673:tid 140534533293952] AH00489: Apache/2.4.18 (Ubuntu) mod_jk/1.2.41 OpenSSL/1.0.2g configured -- resuming normal operations [Sat Nov 17 08:37:59.376707 2018] [core:notice] [pid 20673:tid 140534533293952] AH00094: Command line: '/usr/sbin/apache2'
apacheaccess.log

67.171.8.29 - - [17/Nov/2018:08:41:59 +0000] "GET /MyApp-1.0.0/login HTTP/1.1" 302 429 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
Apache错误.log

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />

General Request URL: http://www.myapp.net/MyApp-1.0.0/login Request Method: GET Status Code: 302 Found Remote Address: 207.154.208.158:80 Referrer Policy: no-referrer-when-downgrade Response Header HTTP/1.1 302 Found Date: Sat, 17 Nov 2018 08:40:04 GMT Server: Apache/2.4.18 (Ubuntu) Location: https://www.myapp.net/MyApp-1.0.0/login Content-Length: 314 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Request Header Content-Type: text/html; charset=iso-8859-1 GET /MyApp-1.0.0/login HTTP/1.1 Host: www.myapp.net Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=8A4E001A841DBC4D55509605FF3E7E23 General Request URL: https://www.myapp.net/MyApp-1.0.0/login Request Method: GET Status Code: 302 Remote Address: 207.154.208.158:443 Referrer Policy: no-referrer-when-downgrade Response Header Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: Keep-Alive Content-Length: 0 Date: Sat, 17 Nov 2018 08:40:04 GMT Expires: 0 Keep-Alive: timeout=5, max=92 Location: http://www.myapp.net/MyApp-1.0.0/login Pragma: no-cache Server: Apache/2.4.18 (Ubuntu) X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Request Header Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cache-Control: no-cache Connection: keep-alive Cookie: JSESSIONID=8A4E001A841DBC4D55509605FF3E7E23 Host: www.myapp.net Pragma: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

[Sat Nov 17 08:37:59.376633 2018] [mpm_event:notice] [pid 20673:tid 140534533293952] AH00489: Apache/2.4.18 (Ubuntu) mod_jk/1.2.41 OpenSSL/1.0.2g configured -- resuming normal operations [Sat Nov 17 08:37:59.376707 2018] [core:notice] [pid 20673:tid 140534533293952] AH00094: Command line: '/usr/sbin/apache2'
如您所见，我的SpringMVS应用程序和tomcat没有任何与SSL相关的代码/配置。他们不需要意识到这一点，因为我希望apache只负责SSL和处理https请求，并定向到Tomcat
我在这里遗漏了什么，导致了重定向循环

谢谢
您可以在浏览器的开发者控制台中查看请求，看看这些重定向到底是什么吗？我不确定，但请尝试一下<代码>代理保留主机关闭而不是打开。还请检查您正在侦听的这两个域的
/etc/hosts
文件中的内容。@EugèneAdell将proxypervehost设置为On就成功了。但为什么呢？因此，我可以访问登录页面，我现在可以注册用户。然而，当用户登录时，它应该指向主页。所发生的事情是，它被定向到，因此它无法找到。它在我的本地电脑上工作。知道为什么吗？对不起，我不清楚你的评论。你说它重定向到/view/home，这在你的spring配置中是正常的。谢谢你，Eugene。让我试着换一种说法。问题是，Apache虚拟主机在将其重定向到Tomcat时重复了Tomcat上下文名称（在我的例子中是MyApp-1.0.0）。因此，它不是/MyApp-1.0.0/view/home，而是作为/MyApp-1.0.0/MyApp-1.0.0/view/home传递。结果，tomcat给出了一个错误，因为没有这样的路径。我不确定是Apache在重复Tomcat contex还是Tomcat本身。你认为我应该把我的ProxyPass配置改为ProxyPass/MyApp-1.0.0还是更简单的？谢谢