春天重定向发生在"http://...../login"而不是"https://...../login" [英] Spring redirect happening to "http://...../login" instead of "https://...../login"

问题描述

我已经部署了使用oauth2由spring boot应用程序生成的war文件，用于使用Azure App服务(仅https)进行单点登录.

I have deployed a war file generated by spring boot application using oauth2 for single sign on using Azure App service (https only).

当我浏览到主页时，该主页会加载一个登录按钮.在点击登录按钮时，重定向发生到"http://..../login".(/login是默认的sso登录路径)由于我的应用程序服务仅是https，因此http url不起作用.

When I browse to the home page, the home page loads with a login button. On clicking the login button a redirect is happening to "http://..../login" (/login is the default sso login path) Since my app service is https only, the http url does not work.

我尝试了application.property文件中的redirect_uri设置，但没有帮助.有人遇到过这个问题吗?如何解决?

I have tried the redirect_uri settings in the application.property file, but it is not helping. Has anybody faced this problem? How can it solved?

我发现类似的问题提到了

I found a similar issue mentioned here

推荐答案

当您的Tomcat服务器位于代理之后时，就会发生此问题.HTTPS请求在代理处终止，然后代理使用HTTP协议与Tomcat服务器通信.如果将代码部署到Azure(App Service)等云服务提供商上，您将面临此问题.

This problem happens when your Tomcat server is behind a proxy. The HTTPS requests terminate at the proxy and the proxy then uses HTTP protocol to communicate to your Tomcat server. You will face this if you deploy your code on cloud providers like Azure (App Service), etc.

对于任何遇到此问题的人，以下是解决方法:

For anyone facing this problem, here is the solution:

在application.properties文件中，添加以下内容.注意:在Spring Boot 2. *版本中，某些属性的名称不同.

in application.properties file, add the following. Note: some of the properties have different names in Spring Boot 2.* versions.

security.oauth2.client.pre-established-redirect-uri=https://yourappurl.net/login
security.oauth2.client.registered-redirect-uri=https://yourappurl.net/login
security.oauth2.client.use-current-uri=false
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
server.tomcat.use-relative-redirects=true
server.use-forward-headers=true
server.tomcat.internal-proxies=.*

在您的SpringBootApplication类中，添加以下bean.使用Spring Boot< = 2.1.x，您必须提供ForwardedHeaderFilter-Bean.从Spring Boot 2.2.0开始，您不再需要这样做.

In your SpringBootApplication class, add the following bean. With Spring Boot <= 2.1.x you had to provide a ForwardedHeaderFilter-Bean. Since Spring Boot 2.2.0 you don't have to do this anymore.

import org.springframework.core.Ordered;
import org.springframework.web.filter.ForwardedHeaderFilter;
@Bean
FilterRegistrationBean<ForwardedHeaderFilter> forwardedHeaderFilter() {
    final FilterRegistrationBean<ForwardedHeaderFilter> filterRegistrationBean = new FilterRegistrationBean<ForwardedHeaderFilter>();
    filterRegistrationBean.setFilter(new ForwardedHeaderFilter());
    filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return filterRegistrationBean;
}

在AppConfiguration类的configure方法中添加以下行:

Add the following line in configure method of your AppConfiguration class:

http.requiresChannel().anyRequest().requiresSecure();

有关官方信息，请访问

For official info visit this page.

这篇关于春天重定向发生在"http://...../login"而不是"https://...../login"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！