如何重定向HTTP请求到安装在亚马逊ElasticBeanstalk上的Java应用程序的https [英] How to redirect http request to https on java application installed on Amazon ElasticBeanstalk

问题描述

我使用亚马逊ElasticBeanstalk我的Java EE Web应用程序部署。 我想我的应用程序应该是唯一的，所以我已经上ElasticLoadbalancer配置SSL证书的HTTPS。 还我已经配置web.xml文件

I am using Amazon ElasticBeanstalk for my Java EE web application deployment. I want my application should be https only so i have configured SSL certificate on ElasticLoadbalancer. also i have configured web.xml file as

<security-constraint>
    <web-resource-collection>
        <web-resource-name>HTTPSOnly</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>      
    <user-data-constraint>      
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
  </security-constraint>

但问题是，当我打 http://www.myweb.com 然后将其重定向到<一个HREF =htt​​p://www.myweb.com:8443相对=nofollow> http://www.myweb.com:8443 所以我要删除URL中的端口 亚马逊EBS和放大器;负载均衡器的工作如下说明

But the problem is when i hit http://www.myweb.com then it redirect to http://www.myweb.com:8443 so i want to remove the port from url Amazon EBS & Load balancer working explained as below

推荐答案

我也去了加入securityConstraint在我的web.xml的路径。随着股市server.xml中EB部署与您的应用程序，但是你得到一个redirct到端口8443，您可以编辑该文件手动，但它被风吹走你的下一个部署。研究表明，包括部署中的战争将覆盖在server.xml文件.ebextensions文件，但这种运行AWS的变化，今后在server.xml中其他东西的风险。另一个问题是，我想同样的应用程序版本（构建詹金斯）在我的开发环境中工作以及其他EB环境中并不一定需要/启用SSL。

I also went down the path of adding the securityConstraint in my web.xml. With the stock server.xml that EB deploys with your application however you get a redirct to port 8443. You can edit this file by hand but it gets blown away on your next deployment. Research suggested including a .ebextensions file in the deployment war that would overwrite the server.xml file but this runs the risk of AWS changing something else in server.xml in the future. Another issue is I want the same app version (build from jenkins) to work in my dev environment as well as other EB environments that don't necessarily need/have ssl enabled.

于是我改变航向，并实施了Servlet过滤器，它使用两个头的负载均衡提供了

So I changed course and implemented a servlet filter which uses two headers that the load balancer provides

• X-转发，原
• 的X转发主机

如果X-前瞻性原== HTTP，那么你知道你需要转发，X进主机，需要构建完整的URL重定向（因为至少这是怎么会出现这样做）。下面是使用客户PropertiesHelper的过滤器，在它的环境特殊控制

if X-Forward-Proto == http then you know you need to forward, x-forward-host is needed to construct the full url for redirection (as least that's how I ended up doing it). Here is the filter with environment specific control over it using a customer PropertiesHelper

public class RedirectFilter implements Filter {
    boolean firstTime = true;
    boolean redirect = false;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException
    {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;

        if (firstTime) {
            PropertiesHelper propertiesHelper = SpringApplicationContext.getPropertiesHelper();
            redirect = propertiesHelper.getBooleanProperty("redirectHttp");
            firstTime = false;
        }

        if (!redirect) {
            chain.doFilter(request, response);
            return;
        }

        String protocol = req.getHeader("X-Forwarded-Proto");
        if (null != protocol && protocol.equals("http")) {
            String host = req.getHeader("x-forwarded-host");
            String requestURI = req.getRequestURI();
            String redirectUrl = "https://" + host + requestURI;

            res.sendRedirect(redirectUrl);
            return;
        }
        chain.doFilter(req, response);
    }

    @Override
    public void destroy() {
        // TODO Auto-generated method stub

    }
}

您启用过滤器在web.xml中的条目，确保它在正确的顺序与其它过滤器有

You enable the filter with entries in the web.xml, making sure it is in the proper order with other filters you have

<filter>
    <filter-name>httpsRedirectFilter</filter-name>
    <filter-class>com.cars.platform.util.RedirectFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>httpsRedirectFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

最后你就需要启用HTTP和负载平衡器的HTTPS（端口443）

Lastly you do need to enable both http and https (port 443) on the load balancer

这篇关于如何重定向HTTP请求到安装在亚马逊ElasticBeanstalk上的Java应用程序的https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！