如何重定向HTTP请求到安装在亚马逊ElasticBeanstalk上的Java应用程序的https [英] How to redirect http request to https on java application installed on Amazon ElasticBeanstalk
问题描述
我使用亚马逊ElasticBeanstalk我的Java EE Web应用程序部署。 我想我的应用程序应该是唯一的,所以我已经上ElasticLoadbalancer配置SSL证书的HTTPS。 还我已经配置web.xml文件
I am using Amazon ElasticBeanstalk for my Java EE web application deployment. I want my application should be https only so i have configured SSL certificate on ElasticLoadbalancer. also i have configured web.xml file as
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
但问题是,当我打 http://www.myweb.com 然后将其重定向到<一个HREF =http://www.myweb.com:8443相对=nofollow> http://www.myweb.com:8443 所以我要删除URL中的端口 亚马逊EBS和放大器;负载均衡器的工作如下说明
But the problem is when i hit http://www.myweb.com then it redirect to http://www.myweb.com:8443 so i want to remove the port from url Amazon EBS & Load balancer working explained as below
推荐答案
我也去了加入securityConstraint在我的web.xml的路径。随着股市server.xml中EB部署与您的应用程序,但是你得到一个redirct到端口8443,您可以编辑该文件手动,但它被风吹走你的下一个部署。研究表明,包括部署中的战争将覆盖在server.xml文件.ebextensions文件,但这种运行AWS的变化,今后在server.xml中其他东西的风险。另一个问题是,我想同样的应用程序版本(构建詹金斯)在我的开发环境中工作以及其他EB环境中并不一定需要/启用SSL。
I also went down the path of adding the securityConstraint in my web.xml. With the stock server.xml that EB deploys with your application however you get a redirct to port 8443. You can edit this file by hand but it gets blown away on your next deployment. Research suggested including a .ebextensions file in the deployment war that would overwrite the server.xml file but this runs the risk of AWS changing something else in server.xml in the future. Another issue is I want the same app version (build from jenkins) to work in my dev environment as well as other EB environments that don't necessarily need/have ssl enabled.
于是我改变航向,并实施了Servlet过滤器,它使用两个头的负载均衡提供了
So I changed course and implemented a servlet filter which uses two headers that the load balancer provides
- X-转发,原
- 的X转发主机
如果X-前瞻性原== HTTP,那么你知道你需要转发,X进主机,需要构建完整的URL重定向(因为至少这是怎么会出现这样做)。下面是使用客户PropertiesHelper的过滤器,在它的环境特殊控制
if X-Forward-Proto == http then you know you need to forward, x-forward-host is needed to construct the full url for redirection (as least that's how I ended up doing it). Here is the filter with environment specific control over it using a customer PropertiesHelper
public class RedirectFilter implements Filter {
boolean firstTime = true;
boolean redirect = false;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if (firstTime) {
PropertiesHelper propertiesHelper = SpringApplicationContext.getPropertiesHelper();
redirect = propertiesHelper.getBooleanProperty("redirectHttp");
firstTime = false;
}
if (!redirect) {
chain.doFilter(request, response);
return;
}
String protocol = req.getHeader("X-Forwarded-Proto");
if (null != protocol && protocol.equals("http")) {
String host = req.getHeader("x-forwarded-host");
String requestURI = req.getRequestURI();
String redirectUrl = "https://" + host + requestURI;
res.sendRedirect(redirectUrl);
return;
}
chain.doFilter(req, response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
您启用过滤器在web.xml中的条目,确保它在正确的顺序与其它过滤器有
You enable the filter with entries in the web.xml, making sure it is in the proper order with other filters you have
<filter>
<filter-name>httpsRedirectFilter</filter-name>
<filter-class>com.cars.platform.util.RedirectFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>httpsRedirectFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
最后你就需要启用HTTP和负载平衡器的HTTPS(端口443)
Lastly you do need to enable both http and https (port 443) on the load balancer
这篇关于如何重定向HTTP请求到安装在亚马逊ElasticBeanstalk上的Java应用程序的https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!