告诉JBoss AS7登录后重定向到HTTPS,而不是在HTTPS load-blancer后面重定向到HTTP
我们有一个负载平衡器,位于两个JBoss AS7服务器的前面.负载平衡器处理SSL握手并强制所有流量通过https(http请求重定向到https请求),AS节点上没有证书,负载均衡器和服务器之间的流量未加密,AS节点对此一无所知SSL.
We have a load-balancer sitting in front of two JBoss AS7 servers. The load-balancer handles the SSL handshake and forces all traffic over https (http requests are redirected to https requests), the AS nodes do not have certificates on them and traffic between load balancer and servers is unencrypted, the AS nodes know nothing about the SSL.
当用户点击受保护的页面时,AS会为他们提供一个登录页面.用户输入凭据并提交登录表单. AS会登录用户,然后将重定向发送给用户,以将其发送到所需页面. AS发送的重定向是HTTP重定向.这被负载均衡器抓取并重定向到HTTPS,但是我真的想避免第二次重定向.如何告诉AS在登录后返回HTTPS重定向而不是HTTP?
When a user hits a protected page the AS presents them with a login page. User enters credentials and submits the login form. The AS logs user in and then sends a redirect to the user to send them to the desired page. The redirect sent by the AS is an HTTP redirect. This gets grabbed by the load-balancer and redirected to HTTPS but I really want to avoid that second redirect. How can I tell the AS to return HTTPS redirect after login instead of HTTP?
经过大量搜索,我发现在发送相对URL重定向时,JBoss AS7在将响应返回给客户端之前会自动将其转换为绝对URL. JBoss对request.getScheme()和request.getPort()进行内部调用,以确定如何构建绝对URL.这些调用的返回值由standalone.xml文件通过web:1.1子系统下的连接器标签控制.
After much searching I found that when sending a relative url redirect JBoss AS7 auto converts it to an absolute url before returning a response to the client. JBoss makes internal calls to request.getScheme() and request.getPort() to determine how to build the absolute url. The return value of those calls is controlled by the standalone.xml file via the connector tag under the web:1.1 subsystem.
这是standalone.xml文件中随附的默认连接器:
This is the default connector that ships in the standalone.xml file:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
该标签上的scheme属性是request.getScheme()的返回值,即使负载均衡器和AS7节点之间的通信是通过HTTP进行的,您也可以告诉JBoss追加到绝对URL的方案是HTTPS ,您还可以指定proxy-port:
The scheme attribute on that tag is the return value of request.getScheme() and even though the communication between the load-balancer and the AS7 node is over HTTP you can tell JBoss that the scheme to append to absolute urls is HTTPS, you can also specify the proxy-port:
<connector name="http" protocol="HTTP/1.1" scheme="https" socket-binding="http" proxy-port="443"/>
现在,当您告诉jboss将重定向发送到/some/url.html时,客户端就会收到https://domain-name/some/url.html,并且一切正常.
Now when you tell jboss to send a redirect to /some/url.html the client recieves https://domain-name/some/url.html and everything works peachy.