nginx + https +shiro 退出异常,定向到http
nginx代理https之后,使用的Shiro点退出一直跳到http
在nginx配置文件中设置
proxy_redirect http:// https://
解决了不输入login会跳转到http的问题,但是由于项目中配置了检查session的过滤器,异常后会根据requset.getScheme()来判断是http还是https,但是在调试过程中发现,request的结果就是http,不是https,所以proxy_redirect的配置实际上不是我们想要的效果
参考如下代码的配置:
<Connector port="443" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8444" scheme="https" secure="true"/>
在spring boot 中配置
@Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("https"); connector.setSecure(true); return connector; }
我的项目中的实际代码:
@ConditionalOnClass({ServerProperties.class})
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
if (WebConfig.this.serverProperties != null) {
String portheader = WebConfig.this.serverProperties.getTomcat().getPortHeader();
String[] portheaders = portheader.split(",");
if (portheaders.length > 0) {
String[] var6 = portheaders;
int var7 = portheaders.length;
for(int var8 = 0; var8 < var7; ++var8) {
String string = var6[var8];
collection.addMethod(string.trim());
}
}
}
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addConnectorCustomizers(new TomcatConnectorCustomizer[]{(connector) -> {
connector.setAllowTrace(true);
if("https".equalsIgnoreCase(scheme)) {
connector.setScheme("https");
connector.setSecure(true);
}
}});
return tomcat;
}
参考文章地址:
https://blog.csdn.net/zhaofengdeng/article/details/84575772
浙公网安备 33010602011771号