HATHATAS春季针对HTTP和HTTPS的链接问题 [英] spring HATEOAS links issue for HTTP and HTTPS

问题描述

我在Web应用程序中使用Spring HATEOAS.我的应用程序在Nginx Web服务器后面运行.我正在使用HTTPS标头发送以下网址

I am using Spring HATEOAS in my web application. My application runs behind a Nginx webserver. I am sending following url with HTTPS header

获取https://national.usa.com/testapp-rest/api/user/654rtrtet-5grt-fgsdf-dfgs-765ytrtsdhshfgsh/newAuthentication

Status Code:200 OK
Response Headersview sourceAccess-Control-Allow-Headers:x-requested-with, Accept, Content-Type, Origin, Authorization, X-Auth-Token
Access-Control-Allow-Methods:POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:X-Auth-Token
Access-Control-Max-Age:3600
Cache-Control:no-cache, no-store, must-revalidate
Connection:keep-aliveContent-Type:application/json
Pragma:No-cacheServer:XXX/1.6.0
Strict-Transport-Security:max-age=31536000
Transfer-Encoding:chunkedRequest Headers
view sourceAccept:application/json, text/plain, */*Accept-Encoding:gzip, deflate, sdch

但是，当我看到响应头时，我看到HATEOAS链接仅返回HTTP.如何解决这个问题?请指导.

But when I see response headers, I see HATEOAS links are only returning HTTP. how to fixed this issue? Please guide.

"links: [{rel: "self",…}]0: {rel: "self",…}href: "http://national.usa.com
/testapp-rest/api/user/5435fdsg-45gfdgag-rewtdf43434-43543fsd "rel

是，我使用以下代码创建链接

Yes I using following code to create links

resource.add(ControllerLinkBuilder.linkTo(ControllerLinkBuilder.methodOn(TestController.class).getStudentResponse(response.getStudentId())).withSelfRel());

推荐答案

如注释中所述，您的应用程序在Web服务器后面运行.在这种情况下，就是Nginx.

As you mentioned in the comments your application runs behind a webserver. In this case Nginx.

您使用的是

linkTo(methodOn(MyController.class).myMethod(name)).withSelfRel());

生成链接.在这种情况下，请查看

to generate links. In this case take a look at ControllerLinkBuilder. As you can see in line 190 Spring HATEOAS builds a link based on the current request. In addition, request header X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Ssl are queried and used if available.

为了与Spring HATEOAS建立正确的链接，您错过了配置.

That is what you missed to configure in order to build proper links with Spring HATEOAS.

由于您抱怨链接中仅缺少https，因此Nginx已经设置了X-Forwarded-For，但跳过了X-Forwarded-Proto.我假设Nginx和您的应用程序通过http进行通信，否则您不会遇到麻烦. 您可以忽略X-Forwarded-Ssl.仅当Nginx和您的应用程序通过https进行通信时才有意义.在这种情况下，您也不会看到任何问题.

Because you complain that only https is missing in your links, Nginx already sets X-Forwarded-For but skips X-Forwarded-Proto. I assume that Nginx and your application communicate over http otherwise you wouldn't have trouble. You can ignore X-Forwarded-Ssl. It is only relevant if Nginx and your application talking over https. In that case you wouldn't see any issue either.

在下面您可以找到完整的Nginx location块，以供参考.为了通知代理系统链接必须在任何URL中包含https，仅将X-Forwarded-Proto设置为https(仅当后端系统处理伪造的请求标头时).

Below you find a complete Nginx location block for reference. X-Forwarded-Proto has been set to https in order to inform the proxied system that links have to contain https in any URLs (only if backend system processes aforedmetnioned request header).

location /yourapp {
    proxy_pass http://localhost:8080/yourapp;
    proxy_redirect default;
    proxy_set_header  Host               $http_host;
    proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto  https;
}

如需进一步阅读，请查阅Nginx文档中的 http_proxy_module .

For further reading please consult Nginx documentation for the http_proxy_module.

这篇关于HATHATAS春季针对HTTP和HTTPS的链接问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！