grails - spring-security-core 安全通道导致重定向循环(在 Heroku 上)

本文介绍了grails - spring-security-core 安全通道导致重定向循环(在 Heroku 上)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用 spring-security-core 并设置了安全通道功能，这在我的开发机器上运行良好.我在 Config.groovy 中有以下内容

grails.plugins.springsecurity.secureChannel.definition = ['/order/checkout': 'REQUIRES_SECURE_CHANNEL','/order/paymentComplete': 'REQUIRES_INSECURE_CHANNEL']

此外，将相关的订单处理部署到 Heroku 工作正常，只要我注释掉上面的几行.一旦我把它们放回去，我就会得到:

我看到服务器上有很多请求，Firebug 网络视图显示:

我已经将 PiggyBack SSL 添加到 Heroku，并且我能够指定一个 https://... 地址以导航到站点的其他部分，在这种情况下，浏览器保持在 SSL 模式.但是如果我访问

https://www.momentumnow.co/order/checkout

直接寻址，我遇到了同样的重定向循环问题.你知道问题是什么或者我如何进一步调试.如果是后者，请更新评论区，我会在问题区更新.谢谢

PiggyBack SSL - 关于 grails.plugins.springsecurity.portMapper.httpPort 和 grails.plugins.springsecurity.portMapper.httpsPort 配置属性.

I'm using spring-security-core and have setup the secure-channel capabilities, which work fine on my development machine. I've got the following in Config.groovy

grails.plugins.springsecurity.secureChannel.definition = [
   '/order/checkout': 'REQUIRES_SECURE_CHANNEL',
   '/order/paymentComplete': 'REQUIRES_INSECURE_CHANNEL'
]

Also, deploying to Heroku the associated order processing works fine, as long as I comment out the above lines. As soon as I put them back in, I get:

I see many requests come in on the server, and the Firebug net view shows:

I've got the PiggyBack SSL added on to Heroku, and I'm able to specify an https://... address to navigate to other parts of the site, in which case the browser stays in SSL mode. But if I access the

https:/www.momentumnow.co/order/checkout

address directly, I get the same redirect loop problem. Do you know what the problem is or how I can debug this further. If the latter, would you please update the comment area, and I will respond with updates to the problem area. Thanks

PiggyBack SSL documentation indicates:

"Piggyback SSL will allow you to use https://yourapp.heroku.com, since it uses the *.heroku.com certification. You don't need to buy or configure a certificate, it just works. https://yourcustomdomain.com will work, but it will produce a warning in the browser."

I'll probably switch to another mode as I add a certificate, however that does not seem to be the problem, based on the previous statement.

On the server, I get:

解决方案

You need to fix the values for the ports since they default to 8080 and 8443. See the section on Channel Security in the docs - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/ - about the grails.plugins.springsecurity.portMapper.httpPort and grails.plugins.springsecurity.portMapper.httpsPort config attributes.

这篇关于grails - spring-security-core 安全通道导致重定向循环(在 Heroku 上)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！