Spring Security: requires-channel=“https” behind SSL accelerator

前端未结

关注

 3  851

礼貌的吻别 2020-12-15 11:54

We\'re using an F5 BIG-IP device to terminate SSL connections and connecting by plain HTTP to the application server with an spring enabled application. Also we configured F

3条回答

-上瘾入骨i (楼主)

2020-12-15 12:30

Subclass SecureChannelProcessor and InsecureChannelProcessor overriding decide(). You'll need to copy and paste some code, for example for Secure:

    @Override
    public void decide(FilterInvocation invocation, Collection config) throws IOException, ServletException {
      Assert.isTrue((invocation != null) && (config != null), 
                       "Nulls cannot be provided");

      for (ConfigAttribute attribute : config) {
          if (supports(attribute)) {
              if (invocation.getHttpRequest().
                      getHeader("X-Forwarded-Proto").equals("http")) {
                  entryPoint.commence(invocation.getRequest(),
                      invocation.getResponse());
              }
          }
      }
    }

Then set these ChannelProcessors on the ChannelDecisionManagerImpl bean using a BeanPostProcessor.

0 讨论(0)

查看其它3个回答