Grails Spring安全重定向到错误的端口 [英] Grails spring security redirects to wrong port

问题描述

在我的Grails应用程序(2.3.11)中，我的登录页面将Ajax请求发送到:

In my Grails app (2.3.11), my login page sends an Ajax request to:

https://myurl/my-app/j_spring_security_check

但是spring-security重定向到:

but spring-security redirects to:

https://myurl:80/my-app/login/ajaxSuccess

这将导致超时错误(因为在URL上添加了端口80). 仅当我的客户端通过其流量管理器(Big-IP)访问应用程序时，才会出现此问题.如果他们直接通过服务器IP访问该应用程序，则该应用程序将正常运行.

This results in a timeout error (because port 80 is added on the URL). This problem only occurs when my client accesses the application through their traffic manager(Big-IP); if they access the application directly through server IP, it works correctly.

我可以在Grails中进行任何配置来解决此问题吗?我不确定这个问题是否与应用程序或Big-IP有关.

Is there any configuration I can do in Grails to fix this problem? I'm not sure if this problem is related to the application or Big-IP.

这些是我与spring-security插件有关的配置(Config.groovy):

These are my configs (Config.groovy) related to spring-security plugin:

grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/login/authSucccessExtJs'
grails.plugins.springsecurity.successHandler.alwaysUseDefault = true
grails.plugins.springsecurity.failureHandler.defaultFailureUrl = '/login/authFailExtJs?login_error=1'
grails.plugins.springsecurity.password.algorithm = 'MD5'

推荐答案

问题是您的应用程序正在接收http流量，因为您要在BIG-IP上卸载ssl，因此它将http链接返回给您的客户端.有一些潜在的解决方案.

The problem is your application is receiving http traffic because you are offloading ssl at the BIG-IP, so it returns http links to your client. There are a few potential solutions.

1. 配置grails将所有URL设置为https，即使请求是http
2. 通过本地流量策略或iRule在BIG-IP上插入标头X-Forwarded-Proto: https(如果grails对此表示荣幸)(您可以通过在curl中测试标头，以查看是否有帮助)来插入标头X-Forwarded-Proto: https
3. 将https重写为BIG-IP上的http URL，以通过流配置文件或iRule响应流量.对于AJAX，这可能会很成问题，但否则可以使用，但是，选项1或2效率更高且维护更少.

1. Configure grails to set all URLs to https, even though requests are http
2. Insert the header X-Forwarded-Proto: https (if grails honors this) at the BIG-IP via a local traffic policy or an iRule (you can test this from curl by inserting the header there to see if that helps)
3. Rewrite https to http URLs on BIG-IP in response traffic via a stream profile or an iRule. This can be very problematic with AJAX but otherwise will work, however, option 1 or 2 would be far more efficient and less maintenance.

这篇关于Grails Spring安全重定向到错误的端口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！