我正在尝试通过https迁移使用Spring Security制作的Web应用程序。我遵循了在网络上找到的所有指南和文档,但是它没有任何作用。您能帮我解决问题或找出问题吗?
无效,因为当我转到https://mywebapps时,找不到页面。当http工作时。
我遵循了本指南https://www.baeldung.com/spring-channel-security-https的密钥库和连接器配置。
我通过AWS EC2运行webapp。
mywebapp / web-application-context.xml
<security:http auto-config="true">
<security:intercept-url pattern="/Secure/**" access="isAuthenticated()" />
<security:intercept-url pattern="/**" requires-channel="https" />
<security:access-denied-handler
error-page="/Unsecure/NoPermission" />
<security:form-login login-page="/Unsecure/Login"
login-processing-url="/Unsecure/Login.do" username-parameter="username"
password-parameter="password" always-use-default-target="true"
default-target-url="/Secure/Home/Dashboard" authentication-failure-url="/Unsecure/Login?err=1" />
<security:logout logout-success-url="/Unsecure/Login"
logout-url="/Secure/Logout" delete-cookies="JSESSIONID" />
<security:csrf />
<security:http-basic/>
</security:http>
tomcat7 / server.xml
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="${user.home}/.keystore" keystorePass="changeit"/>
mywebapp / web.xml
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/web-application-config.xml</param-value>
</context-param>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>encoding-filter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
最佳保护,胭脂红
请确保您修改了EC2实例的安全组,以允许到TCP端口8443的传入连接。
您还可以使用实例外壳程序本身中的wget来确定其是否通过HTTPS这样提供服务:
wget --no-check-certificate https://127.0.0.1:8443
嗯,重新读取您的配置,您的Tomcat前面是否有一个反向代理,该代理会将端口443上的请求路由到侦听端口8443上的Tomcat?如果没有,您应该使用https://mywebapp:8443来访问Tomcat,而不是https://mywebapp。