[英]Spring security behind Apache reverse proxy
I have my Spring-boot app behind Apache proxy.我在 Apache 代理后面有我的 Spring-boot 应用程序。 My app is working on
http
and SSL related tasks are handled by proxy server.我的应用程序正在处理
http
和 SSL 相关任务由代理服务器处理。
I'm using Spring-security's login page.我正在使用 Spring-security 的登录页面。 Below is my security configurations:
以下是我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors();
http.authorizeRequests()
.antMatchers("/admin/**").hasAuthority("Admin")
.anyRequest().permitAll()
.and()
.formLogin()
.defaultSuccessUrl("/admin", true);
}
So as a person with Admin authority login successfully I redirect to /admin.因此,作为具有管理员权限的人成功登录,我重定向到 /admin。 This was working fine until I used apache proxy.
在我使用 apache 代理之前,这一切正常。
Before using proxy it was working fine.在使用代理之前它工作正常。
( http://myhost/login >> after successful login redirects To >> http://myhost/admin )
( http://myhost/login >> 成功登录后重定向到 >> http://myhost/admin )
After using proxy:使用代理后:
( https://myhost/login >> after successful login redirects To >> http://myhost/admin )
( https://myhost/login >> 成功登录后重定向到 >> http://myhost/admin )
The main issue is that it redirecting to http
instead of https
.主要问题是它重定向到
http
而不是https
。
Below is my apache proxy config:下面是我的 apache 代理配置:
ProxyPreserveHost on
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
My question is how can I redirect to https
after login.我的问题是如何在登录后重定向到
https
。
Any help would be appreciated !!!任何帮助,将不胜感激 !!!
My experience with Apache Proxy setup is limited, however based on my understanding, you will need to enable SSLEngine in order to support SSL Protocol:我对 Apache 代理设置的经验有限,但是根据我的理解,您需要启用SSLEngine才能支持 SSL 协议:
The documentation:文档:
SSLEngine Directive SSLEngine 指令
Description: SSL Engine Operation Switch
Syntax: SSLEngine on|off|optional
Default: SSLEngine off
Context: server config, virtual host
Status: Extension
Module: mod_ssl
This directive toggles the usage of the SSL/TLS Protocol Engine.
该指令切换 SSL/TLS 协议引擎的使用。 This is should be used inside a section to enable SSL/TLS for a that virtual host.
这应该在一个部分中使用,以便为该虚拟主机启用 SSL/TLS。 By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.
默认情况下,主服务器和所有配置的虚拟主机都禁用 SSL/TLS 协议引擎。
Example例子
<VirtualHost _default_:443>
SSLEngine on
#...
</VirtualHost>
In Apache 2.1 and later, SSLEngine can be set to optional.
在 Apache 2.1 及更高版本中,可以将 SSLEngine 设置为可选。 This enables support for RFC 2817, Upgrading to TLS Within HTTP/1.1.
这支持 RFC 2817,在 HTTP/1.1 中升级到 TLS。 At this time no web browsers support RFC 2817.
目前没有 web 浏览器支持 RFC 2817。
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#page-header https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#page-header
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.