Spring MVC“重定向:"前缀始终重定向到http-如何使其保留在https上? [英] Spring MVC "redirect:" prefix always redirects to http -- how do I make it stay on https?
问题描述
我自己解决了这个问题,但是花了很长时间才发现这样一个简单的解决方案,所以我认为应该在此处进行记录.
I solved this myself, but I spent so long discovering such a simple solution, I figured it deserved to be documented here.
我有一个带有InternalResourceViewResolver的典型Spring 3 MVC设置:
I have a typical Spring 3 MVC setup with an InternalResourceViewResolver:
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/" />
<property name="suffix" value=".jsp" />
</bean>
我的控制器中有一个非常简单的处理程序方法,但在本示例中,我将其简化了很多:
I have a pretty simple handler method in my controller, but I've simplified it even more for this example:
@RequestMapping("/groups")
public String selectGroup() {
return "redirect:/";
}
问题是,如果我浏览到https://my.domain.com/groups
,重定向后我将最终到达http://my.domain.com/
. (实际上,我的负载均衡器将所有http请求重定向到https,但这只会为具有此类警报功能的人员引起多个类型为您正在离开/进入安全连接"的浏览器警报.)
The problem is, if I browse to https://my.domain.com/groups
, I end up at http://my.domain.com/
after the redirect. (In actuality my load-balancer redirects all http requests to https, but this just causes multiple browser alerts of the type "You are leaving/entering a secure connection" for folks who have such alerts turned on.)
所以问题是:当原始请求使用的是那种方法时,如何使Spring重定向到https?
So the question is: how does one get spring to redirect to https when that's what the original request used?
推荐答案
简短的答案是,将InternalResourceViewResolver的redirectHttp10Compatible属性设置为false:
The short answer is, set the InternalResourceViewResolver's redirectHttp10Compatible property to false:
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/" />
<property name="suffix" value=".jsp" />
<property name="redirectHttp10Compatible" value="false" />
</bean>
您可以改为根据每个请求执行此操作,方法是让处理程序方法返回View而不是String,然后自己创建RedirectView,然后调用setHttp10Compatible(false)
.
You could do this on a per-request basis instead, by having your handler method return View instead of String, and creating the RedirectView yourself, and calling setHttp10Compatible(false)
.
(原来的罪魁祸首是HttpServletResponse.sendRedirect,该RedirectView用于HTTP 1.0兼容的重定向,但不是这样.我想这意味着它取决于您的servlet容器的实现(?);我在两个Tomcat中都观察到了这个问题和码头.)
(It turns out the culprit is HttpServletResponse.sendRedirect, which the RedirectView uses for HTTP 1.0 compatible redirects, but not otherwise. I guess this means it's dependent on your servlet container's implementation (?); I observed the problem in both Tomcat and Jetty.)
这篇关于Spring MVC“重定向:"前缀始终重定向到http-如何使其保留在https上?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!