Require HTTPS with Spring Security behind a reverse proxy

后端未结

关注

 3  1882

你的背包 2020-12-29 09:18

I have a Spring MVC application secured with Spring Security. The majority of the application uses simple HTTP to save resources, but a small part processes more confidentia

3条回答

-上瘾入骨i (楼主)

2020-12-29 09:39
Spring Boot makes it dead simple (at least with embedded Tomcat).

1. Add the following lines to your application.properties:
```
server.forward-headers-strategy=native
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
```
2. Do the following trick with your HttpSecurity configuration.
```
// final HttpSecurity http = ...
// Probably it will be in your `WebSecurityConfigurerAdapter.configure()`

http.requiresChannel()
            .anyRequest().requiresSecure()
```
Source is Spring Boot reference guide

84.3 Enable HTTPS When Running behind a Proxy Server

Please also check the answer below for a specifics related to Spring Boot 2.2
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...