时间戳

首页 > 解决方案 > nginx反向代理spring安全认证GET而不是POST

tomcat - nginx反向代理spring安全认证GET而不是POST

问题描述

我无法将 Nginx 正确设置为 tomcat 托管应用程序的反向代理,该应用程序使用 spring security 进行身份验证。应用程序上的 spring 身份验证模块拒绝登录

2018-11-06 19:30:01 DEBUG http-nio-8443-exec-398 @ 1951e0f24163 [OneTimePasswordAuthenticationFilter] - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Authentication method not supported: GET

Nginx 日志似乎将身份验证作为 GET 请求发送,我不明白为什么,但我可以看到失败:

192.168.0.1 - - [06/Nov/2018:18:08:56 +0000] "POST /rear/j_spring_security_check HTTP/1.1" 302 161 "https://nginx_server/remote_rear/login/auth?login_error=1" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
192.168.0.1 - - [06/Nov/2018:18:08:56 +0000] "GET /remote_rear/j_spring_security_check HTTP/1.1" 302 0 "https://nginx_server/remote_rear/login/auth?login_error=1" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
192.168.0.1 - - [06/Nov/2018:18:08:56 +0000] "GET /rear/login/authfail;jsessionid=81EF0C82C98FC746D7641E6845E105D7?login_error=1 HTTP/1.1" 302 161 "https://nginx_server/remote_rear/login/auth?login_error=1" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"

我目前的代理配置,基于我能够谷歌和测试是:

server {
   listen 443 default_server ssl;
        location /remote_rear {
            proxy_set_header  Host  $http_host;
            proxy_set_header X_FORWARDED_PROTO '$https';
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass      https://real_server:8443/rear;
            #proxy_redirect     https://real_server:8443/rear /rear;
            proxy_redirect     http://$host https://$host;
        }
        location /rear {
            proxy_set_header Host $http_host;
            proxy_set_header X_FORWARDED_PROTO '$https';
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            rewrite ^/rear/(.*)$ /remote_rear/$1 redirect;
        }
}

我真的很困惑为什么 j_spring_security_check URL 被作为 GET 而不是 POST 发送,我非常感谢有人解释我做错了什么,以及如何解决它。提前非常感谢!

标签: tomcatnginxcentos7

解决方案

推荐阅读