如何在没有Spring引导的情况下使用Spring安全设置ForwardedHeaderFilter进行登录？

我希望在spring security中设置ForwardedHeaderFilter，以便在登录后让spring知道使用哪个协议。我在负载平衡器后面有几个应用服务器（使用ssl终端），spring security使用http（而不是https）重定向用户。正因为如此，我的用户现在收到了一条突兀的警告信息。我能在网上找到的唯一例子是spring boot，我没有实现它

我曾想过在我的安全配置中使用“addFilterBefore（）”方法，但从未调用该筛选器

有什么想法吗

// Apply sameOrigin policy for iframe embeddings
http.headers().frameOptions().sameOrigin();

// ********* Add filter here?  *******
http.addFilterBefore(new ForwardedHeaderFilter(), ChannelProcessingFilter.class);

// Authorization filters
http.authorizeRequests().antMatchers("/sysAdmin/**", "/monitoring/**").access("isFullyAuthenticated() and hasRole('GOD')");
http.authorizeRequests().antMatchers("/app/**").authenticated();
http.authorizeRequests().antMatchers("/**").permitAll();

http.formLogin()
        .loginPage("/public/login.jsp")
        .loginProcessingUrl("/login")
        .usernameParameter("username")
        .passwordParameter("password")
        .defaultSuccessUrl("/app/Dashboard.action", false)
        .failureHandler(customAuthenticationFailureHandler());

// Disable so that logout "get" url works (otherwise you have to do a html form)
http.csrf().disable();
http.logout().logoutSuccessUrl("/public/login.jsp");

http.sessionManagement()
        .invalidSessionUrl("/public/expiredSession.jsp?expiredId=2")
        .maximumSessions(2)
        .sessionRegistry(sessionRegistry())
        .expiredUrl("/public/expiredSession.jsp?expiredId=3");

---

我最后添加了这样的过滤器，一切似乎都正常

// Added for load balancer headers (X-Forwarded-For, X-Forwarded-Proto, etc)
http.addFilterBefore(new ForwardedHeaderFilter(), WebAsyncManagerIntegrationFilter.class);

---

我最后添加了这样的过滤器，一切似乎都正常

// Added for load balancer headers (X-Forwarded-For, X-Forwarded-Proto, etc)
http.addFilterBefore(new ForwardedHeaderFilter(), WebAsyncManagerIntegrationFilter.class);