问题描述
我正在使用 spring-security-core 并设置了安全通道功能,这在我的开发机器上运行良好.我在 Config.groovy 中有以下内容
grails.plugins.springsecurity.secureChannel.definition = ['/order/checkout': 'REQUIRES_SECURE_CHANNEL','/order/paymentComplete': 'REQUIRES_INSECURE_CHANNEL']
此外,将相关的订单处理部署到 Heroku 工作正常,只要我注释掉上面的几行.一旦我把它们放回去,我就会得到:
我看到服务器上有很多请求,Firebug 网络视图显示:
我已经将 PiggyBack SSL 添加到 Heroku,并且我能够指定一个 https://... 地址以导航到站点的其他部分,在这种情况下,浏览器保持在 SSL 模式.但是如果我访问
https://www.momentumnow.co/order/checkout
直接寻址,我遇到了同样的重定向循环问题.你知道问题是什么或者我如何进一步调试.如果是后者,请更新评论区,我会在问题区更新.谢谢
PiggyBack SSL - 关于 grails.plugins.springsecurity.portMapper.httpPort
和 grails.plugins.springsecurity.portMapper.httpsPort
配置属性.
I'm using spring-security-core and have setup the secure-channel capabilities, which work fine on my development machine. I've got the following in Config.groovy
grails.plugins.springsecurity.secureChannel.definition = [
'/order/checkout': 'REQUIRES_SECURE_CHANNEL',
'/order/paymentComplete': 'REQUIRES_INSECURE_CHANNEL'
]
Also, deploying to Heroku the associated order processing works fine, as long as I comment out the above lines. As soon as I put them back in, I get:
I see many requests come in on the server, and the Firebug net view shows:
I've got the PiggyBack SSL added on to Heroku, and I'm able to specify an https://... address to navigate to other parts of the site, in which case the browser stays in SSL mode. But if I access the
https:/www.momentumnow.co/order/checkout
address directly, I get the same redirect loop problem. Do you know what the problem is or how I can debug this further. If the latter, would you please update the comment area, and I will respond with updates to the problem area. Thanks
PiggyBack SSL documentation indicates:
"Piggyback SSL will allow you to use https://yourapp.heroku.com, since it uses the *.heroku.com certification. You don't need to buy or configure a certificate, it just works. https://yourcustomdomain.com will work, but it will produce a warning in the browser."
I'll probably switch to another mode as I add a certificate, however that does not seem to be the problem, based on the previous statement.
On the server, I get:
You need to fix the values for the ports since they default to 8080 and 8443. See the section on Channel Security in the docs - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/ - about the grails.plugins.springsecurity.portMapper.httpPort
and grails.plugins.springsecurity.portMapper.httpsPort
config attributes.
这篇关于grails - spring-security-core 安全通道导致重定向循环(在 Heroku 上)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!