Spring重定向发生在“http://...../login"上而不是“https://...../login"； [英] Spring redirect happening to "http://...../login" instead of "https://...../login"

问题描述

我已经使用 oauth2 部署了 Spring Boot 应用程序生成的 war 文件，以便使用 Azure App 服务(仅限 https)进行单点登录.

I have deployed a war file generated by spring boot application using oauth2 for single sign on using Azure App service (https only).

当我浏览主页时，主页会加载一个登录按钮.单击登录按钮时，会重定向到http://..../login".(/login 是默认的 sso 登录路径)由于我的应用服务只有 https，http url 不起作用.

When I browse to the home page, the home page loads with a login button. On clicking the login button a redirect is happening to "http://..../login" (/login is the default sso login path) Since my app service is https only, the http url does not work.

我已经尝试了 application.property 文件中的 redirect_uri 设置，但没有帮助.有没有人遇到过这个问题?怎么解决的?

I have tried the redirect_uri settings in the application.property file, but it is not helping. Has anybody faced this problem? How can it solved?

我发现了一个类似的问题 此处

I found a similar issue mentioned here

推荐答案

当您的 Tomcat 服务器位于代理之后时，会发生此问题.HTTPS 请求在代理处终止，然后代理使用 HTTP 协议与您的 Tomcat 服务器通信.如果您将代码部署在 Azure(应用服务)等云提供商上，您将面临这种情况.

This problem happens when your Tomcat server is behind a proxy. The HTTPS requests terminate at the proxy and the proxy then uses HTTP protocol to communicate to your Tomcat server. You will face this if you deploy your code on cloud providers like Azure (App Service), etc.

对于遇到此问题的任何人，以下是解决方案:

For anyone facing this problem, here is the solution:

在 application.properties 文件中，添加以下内容.注意:某些属性在 Spring Boot 2.* 版本中有不同的名称.

in application.properties file, add the following. Note: some of the properties have different names in Spring Boot 2.* versions.

security.oauth2.client.pre-established-redirect-uri=https://yourappurl.net/login
security.oauth2.client.registered-redirect-uri=https://yourappurl.net/login
security.oauth2.client.use-current-uri=false
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
server.tomcat.use-relative-redirects=true
server.use-forward-headers=true
server.tomcat.internal-proxies=.*

在您的 SpringBootApplication 类中，添加以下 bean.使用 Spring Boot <= 2.1.x，您必须提供 ForwardedHeaderFilter-Bean.从 Spring Boot 2.2.0 开始，您不必再这样做了.

In your SpringBootApplication class, add the following bean. With Spring Boot <= 2.1.x you had to provide a ForwardedHeaderFilter-Bean. Since Spring Boot 2.2.0 you don't have to do this anymore.

import org.springframework.core.Ordered;
import org.springframework.web.filter.ForwardedHeaderFilter;
@Bean
FilterRegistrationBean<ForwardedHeaderFilter> forwardedHeaderFilter() {
    final FilterRegistrationBean<ForwardedHeaderFilter> filterRegistrationBean = new FilterRegistrationBean<ForwardedHeaderFilter>();
    filterRegistrationBean.setFilter(new ForwardedHeaderFilter());
    filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return filterRegistrationBean;
}

在您的 AppConfiguration 类的 configure 方法中添加以下行:

Add the following line in configure method of your AppConfiguration class:

http.requiresChannel().anyRequest().requiresSecure();

有关官方信息，请访问 本页.

For official info visit this page.

这篇关于Spring重定向发生在“http://...../login"上而不是“https://...../login"；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！