生产环境:Spring安全性登录成功重定向到localhost
我使用Spring Boot 2.1.6.RELEASE,Apache 2.7
<VirtualHost demo.bkit.vn:80>
ProxyPass / "http://localhost:8081/"
ServerName demo.bkit.vn
ProxyPassReverse / http://127.0.0.1:8081/
</VirtualHost>
Spring Securit配置
package vn.bkit.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import vn.bkit.entity.FunctionPath;
import vn.bkit.repository.FunctionPathRepository;
import vn.bkit.security.services.UserDetailsServiceImpl;
import javax.sql.DataSource;
import java.util.List;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
FunctionPathRepository functionPathRepository;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
private DataSource dataSource;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// Set service for searching user in database. And set password_encoder.
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
// Pages no need login request.
http.authorizeRequests().antMatchers("/", "/login", "/logout", "/images", "/css", "/js").permitAll();
// Trang /userInfo yêu cầu phải login với vai trò ROLE_USER hoặc ROLE_ADMIN.
// Nếu chưa login, nó sẽ redirect tới trang /login.
http.authorizeRequests().antMatchers("/userInfo").access("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')");
// Page for admin only.
http.authorizeRequests().antMatchers("/admin").access("hasRole('ROLE_ADMIN')");
// For accounting system.
//http.authorizeRequests().antMatchers(
// "/accounts",
// "/account_transfers",
// "/account_default",
// "/jobs",
// "/banks",
// "/currencies",
// "/employees",
// "/employees",
// "/add_personal_customer",
// "/add_org_customer",
// "/add_cash_receipt"
//).access("hasRole('ROLE_ADMIN')");
List<FunctionPath> functionPathList = functionPathRepository.findAllByRole("CHIEF_ACCOUNTANT");
int size = functionPathList.size();
String[] functionPathArray = new String[size];
for(int i = 0; i < size; i++){
functionPathArray[i] = functionPathList.get(i).getFunctionPath();
}
http.authorizeRequests().antMatchers(functionPathArray).access("hasRole('ROLE_ADMIN')");
// Khi người dùng đã login, với vai trò XX.
// Nhưng truy cập vào trang yêu cầu vai trò YY,
// Ngoại lệ AccessDeniedException sẽ ném ra.
http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/403");
// Configuration for login form.
http.authorizeRequests().and().formLogin()
.loginProcessingUrl("/j_spring_security_check") // Submit URL of Login page.
.loginPage("/login")
//.defaultSuccessUrl("/userAccountInfo")
.defaultSuccessUrl("/desktop")
.failureUrl("/login?error=true")
.usernameParameter("username")
.passwordParameter("password")
// Configuration for logout page.
.and().logout().logoutUrl("/logout")
// .logoutSuccessUrl("/logoutSuccessful")
.logoutSuccessUrl("/login")
;
// Configuration for Remember me function (remember 24h).
http.authorizeRequests().and().rememberMe().tokenRepository(this.persistentTokenRepository()).tokenValiditySeconds(1 * 24 * 60 * 60);
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
jdbcTokenRepository.setDataSource(dataSource);
return jdbcTokenRepository;
}
}
控制器
/**
* Show desktop.
*
* @return
*/
@RequestMapping(value = "/desktop", method = RequestMethod.GET)
public ModelAndView desktop() {
ModelAndView modelAndView = new ModelAndView("system/desktop");
modelAndView.getModel().put("page_title", "Bàn làm việc");
return modelAndView;
}
我跑步
java -jar accounting-2019.07-SNAPSHOT.jar
步骤1。转到http://demo.bkit.vn/
第2步。登录成功
第3步。Web应用程序重定向到http://localhost:8081/desktop,然后Webapp失败。
如何重定向到http://demo.bkit.vn/desktop?
1 个答案:
答案 0 :(得分:1)
解决方案是:
-
将原始协议,主机和端口转移到Spring Boot应用程序(部分包含在其他HTTP标头中,部分包含在常规HTTP标头属性中)
-
配置Spring Boot以评估此信息
通常是通过以下配置完成的:
Apache配置
添加ProxyPreserveHost和ProxyPreserveHost指令:
<VirtualHost demo.bkit.vn:80>
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto http
RequestHeader set X-Forwarded-Port 80
ProxyPass / "http://localhost:8081/"
ServerName demo.bkit.vn
ProxyPassReverse / http://127.0.0.1:8081/
</VirtualHost>
Spring Boot配置
在Spring Boot配置中(例如application.properties),添加以下行:
server.use-forward-headers=true
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?