使用play框架强制登录Https路由以进行登录 [英] Enforce Https routing for login with play framework
本文介绍了使用play框架强制登录Https路由以进行登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想仅针对我的应用程序的登录页面强制执行https路由。
I want to enforce https routing for the login page only of my application.
是否可以通过Play执行此操作!没有使用前端http服务器?
Is it possible to do so with Play! without the use of a front end http server?
推荐答案
你可以使用 @Before
拦截器重定向每个请求,即使用户直接键入http://。下面是我使用的代码(它在运行无容器 play run
时运行,或者在Heroku后面运行时运行)。
You can use an @Before
interceptor to redirect every request, even if the user types http:// directly. Below is the code that I use (it works when running containerless play run
, or when running behind a front end such as on Heroku).
public class HttpsRequired extends Controller {
/** Called before every request to ensure that HTTPS is used. */
@Before
public static void redirectToHttps() {
//if it's not secure, but Heroku has already done the SSL processing then it might actually be secure after all
if (!request.secure && request.headers.get("x-forwarded-proto") != null) {
request.secure = request.headers.get("x-forwarded-proto").values.contains("https");
}
//redirect if it's not secure
if (!request.secure) {
String url = redirectHostHttps() + request.url;
System.out.println("Redirecting to secure: " + url);
redirect(url);
}
}
/** Renames the host to be https://, handles both Heroku and local testing. */
@Util
public static String redirectHostHttps() {
if (Play.id.equals("dev")) {
String[] pieces = request.host.split(":");
String httpsPort = (String) Play.configuration.get("https.port");
return "https://" + pieces[0] + ":" + httpsPort;
} else {
if (request.host.endsWith("domain.com")) {
return "https://secure.domain.com";
} else {
return "https://" + request.host;
}
}
}
}
这篇关于使用play框架强制登录Https路由以进行登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文