堆栈内存溢出
  简体   繁体   English

重定向到HTTPS时丢失请求属性

[英]Losing request attributes when redirecting to HTTPS

 原文  2012-10-26 13:26:37       java/ http/ tomcat/ servlets/ ssl

问题描述

I am trying to implement login throught SSL on Tomcat. 我正在尝试通过Tomcat上的SSL实现登录。 The login servlet is called IniciarSesion, so I add the following to the web.xml: 登录servlet称为IniciarSesion,因此我将以下内容添加到web.xml中: 

<security-constraint>
            <web-resource-collection>
                <web-resource-name>Seguridad en Acceso</web-resource-name>
                 <url-pattern>/IniciarSesion</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
</security-constraint>

The problem now is that when i try to get the input password by doing: 现在的问题是,当我尝试通过以下操作获取输入密码时: 

String nick=(String)req.getParameter("login");

This returns null, the request parameter is losing when redirirecting from http to https. 返回null,从http重新定义为https时,request参数丢失。

How can i solve this? 我该如何解决?

2 个解决方案

解决方案1
 0  2012-10-26 13:43:15

It sounds as if your login page (where "login" is defined) is not protected. 听起来好像您的登录页面(定义“登录”)没有受到保护。 When it hits your /iniciarSesion servlet via HTTP, tomcat performs an HTTP REDIRECT to the SSL site. 当它通过HTTP到达您的/ iniciarSesion servlet时,tomcat将对SSL站点执行HTTP REDIRECT。 True redirects do not preserve the data originally sent to the server, thus you lose the data. 真正的重定向不会保留最初发送到服务器的数据,因此会丢失数据。 My suggestion is to either include your login page in the CONFIDENTIAL scope. 我的建议是将您的登录页面包括在机密范围内。

解决方案2
 0  2012-10-26 14:04:24

The whole point of SSL is to secure the transport. SSL的重点是确保传输安全。 If you send login credentials first over http then it makes no sense to redirect to https since you will already have sent the information "in the clear". 如果您首先通过http发送登录凭据,则没有必要重定向到https,因为您已经“明文”发送了信息。 What you do is post your login-form to the https URL, either by setting the form url explicitly, or by loading your login-page over https. 您要做的是通过显式设置表单URL或通过https加载登录页面,将登录表单发布到https URL。 This would involve adding the login-page as a protected resource, just like your login servlet. 这将涉及将登录页面添加为受保护的资源,就像您的登录servlet一样。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 重定向而不会丢失Struts 2中的请求属性 - Redirection without losing request attributes in Struts 2 HTTP端口被阻止时将HTTP重定向到https - Redirecting http to https when http port is blocked 发出HTTPS请求时出现问题 - Trouble when making a HTTPS request Java:HTTPS URL无法重定向 - Java: HTTPS URL not redirecting 重定向不适用于 Https - Redirecting Not Working with Https HTTP 不重定向到 HTTPS (SpringBoot) - HTTP not redirecting to HTTPS (SpringBoot) 在表单发布时设置请求属性 - Set request attributes when a Form is POSTed 数组中丢失SuperClass属性-Java - Losing SuperClass attributes in array - Java 条带RedirectResolution重定向到https url - stripes RedirectResolution redirecting to https url 禁用Spring Security https重定向 - Disable spring security https redirecting
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM