Spring 3 安全性和相对重定向 URL
我们有一个 Spring 3 应用程序,其 Spring Security 位于 Squid 代理后面。问题是Spring只知道内部squid url,因此在example.com/login成功登录后,它不会重定向到example.com/home,而是重定向到<代码>internal.example.com。
有谁知道如何处理这种情况?
我的配置:
<security:http use-expressions="true" auto-config="true">
<security:intercept-url pattern="/" access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
<security:intercept-url pattern="/static/**" filters="none"/>
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
<security:form-login login-page="/" default-target-url="/dashboard"/>
<security:anonymous/>
</security:http>
编辑:
在我的情况下,管理员错误地设置了 mod_jk,因此鱿鱼和上述配置一切正常。
We have a Spring 3 app with Spring Security behind a Squid proxy. The issue is that Spring only knows about the internal squid url so after a successful login at example.com/login instead of redirecting to example.com/home it redirects to internal.example.com.
Does anyone know how to deal with this situation?
My Config:
<security:http use-expressions="true" auto-config="true">
<security:intercept-url pattern="/" access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
<security:intercept-url pattern="/static/**" filters="none"/>
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
<security:form-login login-page="/" default-target-url="/dashboard"/>
<security:anonymous/>
</security:http>
Edit:
In my case the admins had set up mod_jk incorrectly so everything was fine with squid and the above config.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我有一个带有 Spring security 的 Web 应用程序,背后有 Apache HTTP 反向代理和一些愚蠢的应用程序,其行为就像您上面描述的那样,我们的解决方案是使用
mod_rewrite 模块
http://httpd.apache.org/docs/2.0/mod/mod_rewrite .html
无论如何,你所说的很奇怪,因为正确的 Spring 安全配置应该使用相对 url,并且 url 中使用的天气、内部或外部主机应该无关紧要。
如果配置 URL
应该在内部或外部 URL 中表现相同,这听起来像是配置问题。
I'm having web application with Spring security behind Apache HTTP Reverse proxy and some stupid application which behaves like you described above and the solution for us was to use
mod_rewrite module
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Anyway what are you saying is very weird because the correct Spring security configuration should use relative urls and it should not matter weather, internal or external host is used in url.
if you configure URL
Should behave the same way in internal or external URL, it sounds like problem in configuration.
我有一个类似的问题,在我的(当前是 PHP)应用程序前面有一个 nginx 反向代理,但其他人建议修复 URL 的工作在代理上完成,例如 http://www.informit.com/articles/article.aspx?p=169534:
还有一个相关问题的答案:“使用 spring 为少数服务重定向到 https”。
I have a similar problem, with a nginx reverse proxy in front of my (currently PHP) apps, but others recommend that the work of fixing URLs is done on the proxy, e.g. http://www.informit.com/articles/article.aspx?p=169534:
Also an answer on a related question: "Redirect to https for few services using spring".