forwarded

forwarded

关注
发信
关注(28)粉丝(399)

Grails Spring安全重定向到错误的端口

本文介绍了Grails Spring安全重定向到错误的端口的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在我的Grails应用程序(2.3.11)中,我的登录页面将Ajax请求发送到:

In my Grails app (2.3.11), my login page sends an Ajax request to:

但是spring-security重定向到:

but spring-security redirects to:

这将导致超时错误(因为在URL上添加了端口80).仅当我的客户端通过其流量管理器(Big-IP)访问应用程序时,才会出现此问题.如果他们直接通过服务器IP访问该应用程序,则该应用程序将正常运行.

This results in a timeout error (because port 80 is added on the URL).This problem only occurs when my client accesses the application through their traffic manager(Big-IP); if they access the application directly through server IP, it works correctly.

我可以在Grails中进行任何配置来解决此问题吗?我不确定这个问题是否与应用程序或Big-IP有关.

Is there any configuration I can do in Grails to fix this problem? I'm not sure if this problem is related to the application or Big-IP.

这些是我与spring-security插件有关的配置(Config.groovy):

These are my configs (Config.groovy) related to spring-security plugin:

grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/login/authSucccessExtJs'
grails.plugins.springsecurity.successHandler.alwaysUseDefault = true
grails.plugins.springsecurity.failureHandler.defaultFailureUrl = '/login/authFailExtJs?login_error=1'
grails.plugins.springsecurity.password.algorithm = 'MD5'

推荐答案

问题是您的应用程序正在接收http流量,因为您要在BIG-IP上卸载ssl,因此它将http链接返回给您的客户端.有一些潜在的解决方案.

The problem is your application is receiving http traffic because you are offloading ssl at the BIG-IP, so it returns http links to your client. There are a few potential solutions.

  1. 配置grails将所有URL设置为https,即使请求是http
  2. 通过本地流量策略或iRule在BIG-IP上插入标头X-Forwarded-Proto: https(如果grails对此表示荣幸)(您可以通过在curl中测试标头,以查看是否有帮助)来插入标头X-Forwarded-Proto: https
  3. 将https重写为BIG-IP上的http URL,以通过流配置文件或iRule响应流量.对于AJAX,这可能会很成问题,但否则可以使用,但是,选项1或2效率更高且维护更少.
  1. Configure grails to set all URLs to https, even though requests are http
  2. Insert the header X-Forwarded-Proto: https (if grails honors this) at the BIG-IP via a local traffic policy or an iRule (you can test this from curl by inserting the header there to see if that helps)
  3. Rewrite https to http URLs on BIG-IP in response traffic via a stream profile or an iRule. This can be very problematic with AJAX but otherwise will work, however, option 1 or 2 would be far more efficient and less maintenance.

这篇关于Grails Spring安全重定向到错误的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-01 21:25
Powered by LMLPHP ©2024 forwarded 0.040668