5

我在 web 应用程序中使用 Spring Secutiry 框架。我已经安装了 SSL 证书并且能够通过https. 现在,当我向所有指令添加requires-channel="https"属性时,服务器响应:intercept-url

Error 310 (net::ERR_TOO_MANY_REDIRECTS) to many connections

spring 每次都会运行这段代码:

64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy  - / at position 1 of 12 in additional filter chain; firing Filter: 'ChannelProcessingFilter'
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/'; against '/'
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.access.channel.ChannelProcessingFilter  - Request: FilterInvocation: URL: /; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint  - Redirecting to: https://sky-handling.ejl-group.com/
64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.DefaultRedirectStrategy  - Redirecting to 'https://sub.domain.com/'

我该如何解决?

谢谢

UPD #1:

<http use-expressions="true">
  <form-login login-page="/wellcome/" login-processing-url="/login" default-target-url="/" always-use-default-target="false"
            authentication-failure-url="/wellcome/?error=1" username-parameter="email" password-parameter="password" />
  <remember-me key="temp" token-validity-seconds="-1" />
  <logout invalidate-session="true" logout-success-url="/" logout-url="/logout"/>
  <intercept-url pattern="/" access="authenticated"/>
  <intercept-url pattern="/administration/**" access="authenticated"/>
  <intercept-url pattern="/wellcome/" access="permitAll"/>
  <intercept-url pattern="/login" access="permitAll"/>
  <custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
</http>

我将现有证书导入到密钥库并配置了 tomcat,但是如果我添加这样的行:

<VirtualHost _default_:443>
        SSLEngine on
        SSLCertificateFile /usr/local/ssl/crt/public.crt
        SSLCertificateKeyFile /usr/local/ssl/private/*.ejl-group.com.key
        SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt
        ServerName sub.domain.com
        ProxyRequests Off
        ProxyPreserveHost On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass / http://localhost:8443/
        ProxyPassReverse / http://localhost:8443/
</VirtualHost>

它失败并503 Service Temporarily Unavailable出现错误

4

2 回答 2

5

我通过在 security.xml 文件中添加端口映射来解决此问题:

<http>
   <port-mappings>
        <port-mapping http="8088" https="8443"/>
        <port-mapping http="80" https="443"/>
   </port-mappings>
</http>

这个博客帮助了我:http ://consultingblogs.emc.com/richardtiffin/archive/2010/10/15/applying-ssl-to-a-spring-web-application-on-tomcat.aspx

如果你在负载均衡器后面,你必须添加一些代码:Offloading https to load balancers with Spring Security

于 2013-04-17T20:46:12.950 回答
1

我认为这两条线是关键:

    ProxyPass / http://localhost:8443/
    ProxyPassReverse / http://localhost:8443/

请注意,您在此处指定 http,而不是 https。所以发生的事情是,当客户端通过默认的 HTTPS 端口(443)访问您的网站时,httpd 使用 http 方案将请求转发到 tomcat 实例。然后,tomcat 尝试重定向到 HTTPS/443 端口,然后 httpd 通过使用 http 方案等将请求转发到 tomcat 实例。

如果您只是将 sceme 更改为 https,我不确定它是否会起作用,但请尝试一下。

虽然我不了解您的安全要求,但通常没有必要在 httpd 前端和 tomcat 后端之间建立 SSL 安全链接。考虑在这里使用简单的 HTTP 或者甚至可能是 AJP

于 2013-01-20T19:29:24.093 回答