汤姆猫请求网址

huangapple go评论75阅读模式
英文:

Tomcat request URL

问题

我们在托管在Tomcat服务器上的Java Web应用程序中遇到了问题。

Tomcat实例的运行配置如下:

<Connector port="8090" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

在应用程序中,链接使用getContextPath方法,该方法返回诸如:
http://localhost:8090/webapp

然而,当通过外部访问(Netscaler重定向到服务器和端口8090)应用程序时,使用以下URL在HTTPS端口上查询,例如https://public.domain.com/webapp,将返回以下链接:
http://public.domain.com:80/webapp/...

该链接是使用StrutsLinkTool的setAction()方法生成的
https://velocity.apache.org/tools/1.2/struts/StrutsLinkTool.html

这导致某些浏览器将我们的表单视为不安全。我正在尝试弄清楚如何使Tomcat将公共HTTPS域返回为基本URL。我正在尝试在Tomcat文档中找出基本请求URL的配置方式,以及是否可以进行自定义?

我猜合适的解决方案是在Tomcat前面放置一个Apache服务器,但我想知道是否有更简单的方法来管理,例如修改Tomcat的server.xml文件。

英文:

We have an issue with java web application hosted on a tomcat server.

The tomcat instance runs on with the following setting:

&lt;Connector port=&quot;8090&quot; protocol=&quot;HTTP/1.1&quot;
           connectionTimeout=&quot;20000&quot;
           redirectPort=&quot;8443&quot; /&gt;

In the application, links use getContextPath method, which returns links such as:
http://localhost:8090/webapp

However, when accessed by outside (Netscaler redirection to server and port 8090), the application, when queried on the HTTPS port with URL such as https://public.domain.com/webapp, will returns following links:
http://public.domain.com:80/webapp/...

The link is generated using StrutsLinkTool setAction() method
https://velocity.apache.org/tools/1.2/struts/StrutsLinkTool.html

It is creating issue with our forms treated as unsafe by certain browsers.
I am trying to figure out how I can get tomcat to return the publics https domain as base URL. I am trying to find out in the tomcat documentation how the base request URL is configured and if it can be customized?

I guess the proper solution would be to front tomcat with an apache server but I wonder if there is a simpler way to manage but modifying tomcat's server.xml file

答案1

得分: 1

Connector 中添加 secure="true"。如文档所述:

如果您希望对通过此Connector接收的请求调用request.isSecure()返回true,请将此属性设置为true。您可能希望在SSL Connector上或从SSL加速器(如加密卡、SSL设备或甚至Web服务器)接收数据的非SSL连接器上使用此选项。默认值为false

由于您的Netscaler处理SSL加密并将未加密的请求转发给Tomcat,它充当了"SSL accelerator"。

结果将是生成的URL将使用https:

英文:

Add secure=&quot;true&quot; to the Connector. As the documentation says:

> Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector. You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, an SSL appliance or even a webserver. The default value is false.

Since your Netscaler is handling the SSL encryption and forwarding the requests un-encrypted to Tomcat, it acts as the "SSL accelerator".

The result will be that generated URLs with use https:.

huangapple
  • 本文由 发表于 2020年9月16日 00:29:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/63906186.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定