Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
HTTPS上的Spring登录在验证后重定向到HTTP_Spring_Spring Mvc_Ssl_Login_Https - Fatal编程技术网
Fatal编程技术网
  • spring/
  • HTTPS上的Spring登录在验证后重定向到HTTP

HTTPS上的Spring登录在验证后重定向到HTTP

spring spring-mvc ssl login https

HTTPS上的Spring登录在验证后重定向到HTTP,spring,spring-mvc,ssl,login,https,Spring,Spring Mvc,Ssl,Login,Https,出于某种原因,我的Spring登录表单加载并发布到https,但随后对http页面执行302操作,从而导致错误。为什么不使用https,并使用https设置cookie POST/j\u spring\u security\u check HTTP/1.1 HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=9F9847C75A448A14CF631DBBD2F0E6A1; Path=/; HttpOnly Lo

出于某种原因,我的Spring登录表单加载并发布到https,但随后对http页面执行302操作,从而导致错误。为什么不使用https,并使用https设置cookie

POST/j\u spring\u security\u check HTTP/1.1

HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9F9847C75A448A14CF631DBBD2F0E6A1; Path=/; HttpOnly
Location: http://example.com/
Content-Length: 0
Date: Fri, 24 Jan 2014 21:30:55 GMT
配置

<http pattern="/services/**" create-session="stateless" entry-point-ref="basicAuthAwareAuthenticationEntryPoint">
                    <http-basic/>
                    <intercept-url pattern="/services/**" access="ROLE_SERVICE" />
        </http>

       <http auto-config="true">
              <intercept-url pattern="/index.*" access="ROLE_USER" />
              <intercept-url pattern="/welcome.htm" access="ROLE_USER" />
              <intercept-url pattern="/changePassword.htm" access="ROLE_USER" />
              <intercept-url pattern="/admin/**" access="ROLE_USER" />
              <intercept-url pattern="/notifications/**" access="ROLE_ANONYMOUS,ROLE_USER" />
              <intercept-url pattern="/logging/**" access="ROLE_USER" />
              <form-login login-page="/login.htm" default-target-url="/admin/viewInstitutions.htm"
                     authentication-failure-url="/loginfailed.htm" />
              <logout logout-success-url="/logout.htm" />
       </http>
  • 您可以添加到intercept url标记
    requires channel=“https”
    属性中,或者只需在身份验证入口点上设置
    forceHttps=true
  • 您可以完全关闭服务器的http
    • 我们在我的heroku配置上遇到了类似的问题,最后是heroku完成了HTTPS连接,并向应用服务器发送了一个HTTP连接

    默认情况下,Spring Security中的失败和成功URL不包括服务器名称(即
    successHandler.defaultTargetUrl='/'
    successHandler.ajaxSuccessUrl='/login/ajaxSuccess'

    这意味着当处理程序确定要转发到的URL时(此处):

    它将使用请求构建一个绝对URL,如下所示:

    我通过将重定向URL定义为绝对URL来解决这个问题,对于Grails应用程序(但您可以轻松地将其转换为标准的Spring应用程序),如下所示:

    staging {
    grails.serverURL = "https://staging.myapp.com"
    grails.plugin.springsecurity.successHandler.defaultTargetUrl = "${grails.serverURL}/"
    grails.plugin.springsecurity.successHandler.ajaxSuccessUrl = "${grails.serverURL}/login/ajaxSuccess"
    grails.plugin.springsecurity.failureHandler.defaultFailureUrl = "${grails.serverURL}/login/authfail?login_error=1"
    grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl = "${grails.serverURL}/login/authfail?ajax=true"
    ...
}
    你找到解决办法了吗?我有类似的问题,它重定向回http。我在这里尝试了第二个答案,但似乎对我的情况没有帮助,并且不确定在哪里放置requires channel=“https”属性。