Spring MVC“重定向:"前缀始终重定向到http-如何使其保留在https上? [英] Spring MVC "redirect:" prefix always redirects to http -- how do I make it stay on https?

问题描述

我自己解决了这个问题，但是花了很长时间才发现这样一个简单的解决方案，所以我认为应该在此处进行记录.

I solved this myself, but I spent so long discovering such a simple solution, I figured it deserved to be documented here.

我有一个带有InternalResourceViewResolver的典型Spring 3 MVC设置:

I have a typical Spring 3 MVC setup with an InternalResourceViewResolver:

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
  <property name="prefix" value="/" />
  <property name="suffix" value=".jsp" />
</bean>

我的控制器中有一个非常简单的处理程序方法，但在本示例中，我将其简化了很多:

I have a pretty simple handler method in my controller, but I've simplified it even more for this example:

@RequestMapping("/groups")
public String selectGroup() {
    return "redirect:/";
}

问题是，如果我浏览到https://my.domain.com/groups，重定向后我将最终到达http://my.domain.com/. (实际上，我的负载均衡器将所有http请求重定向到https，但这只会为具有此类警报功能的人员引起多个类型为您正在离开/进入安全连接"的浏览器警报.)

The problem is, if I browse to https://my.domain.com/groups, I end up at http://my.domain.com/ after the redirect. (In actuality my load-balancer redirects all http requests to https, but this just causes multiple browser alerts of the type "You are leaving/entering a secure connection" for folks who have such alerts turned on.)

所以问题是:当原始请求使用的是那种方法时，如何使Spring重定向到https?

So the question is: how does one get spring to redirect to https when that's what the original request used?

推荐答案

简短的答案是，将InternalResourceViewResolver的redirectHttp10Compatible属性设置为false:

The short answer is, set the InternalResourceViewResolver's redirectHttp10Compatible property to false:

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
  <property name="prefix" value="/" />
  <property name="suffix" value=".jsp" />
  <property name="redirectHttp10Compatible" value="false" />
</bean>

您可以改为根据每个请求执行此操作，方法是让处理程序方法返回View而不是String，然后自己创建RedirectView，然后调用setHttp10Compatible(false).

You could do this on a per-request basis instead, by having your handler method return View instead of String, and creating the RedirectView yourself, and calling setHttp10Compatible(false).

(原来的罪魁祸首是HttpServletResponse.sendRedirect，该RedirectView用于HTTP 1.0兼容的重定向，但不是这样.我想这意味着它取决于您的servlet容器的实现(?)；我在两个Tomcat中都观察到了这个问题和码头.)

(It turns out the culprit is HttpServletResponse.sendRedirect, which the RedirectView uses for HTTP 1.0 compatible redirects, but not otherwise. I guess this means it's dependent on your servlet container's implementation (?); I observed the problem in both Tomcat and Jetty.)

这篇关于Spring MVC“重定向:"前缀始终重定向到http-如何使其保留在https上?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！