I have a grails application with the spring-security-core plugin installed. Everything works fine locally. I deployed to a staging server and everything worked fine. I deployed to our production server which is a mirror of our staging server. I can get to unprotected pages just fine. But when Spring Security kicks in and tries to do it's redirects it is redirecting to localhost instead of the grails.serverURL.
I'm going to turn up logging as high as pos开发者_JS百科sible and redeploy to see if I can make heads or tails of anything. I'll post my finding here. If anyone has experienced this before and knows what might be happening, please let me know. Also, if there are any configuration files that need to be seen I can provide those as well. Thanks.
Update I added the following to the bottom Config.groovy
grails.plugins.springsecurity.useSecurityEventListener = true
grails.plugins.springsecurity.onAuthorizationEvent = { e, appCtx ->
println "here"
println e
}
Locally, that closure gets hit 2 times when I try and access a protected page. Once for the initial url. Second time for the auth url. Deployed this to our production server and I get nothing.
The redirects are done in org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.commence() method, so you could set a breakpoint there if you're able to borrow one of the prod servers for debugging.
It builds the redirect URL based on the login form uri (e.g. /login/auth) but it uses request.getServerName() so it should be the same as the original request. Note that grails.serverURL has no impact here since it builds the URL using the requested server name, port, context, etc.
It might be affected by putting Apache or a load balancer in front of your servlet container, although I've done both and it's worked fine.
Have you done any bean customization in resources.groovy that might affect this?
If your application server is behind a web server, this problem is likely caused by your web server configuration. I had this same problem and corrected it by using the following entry in my httpd.conf or apache2.conf. Here it is...
...boilerplate configuration here...
################################
# Begin yourdomain.com... #
################################
ProxyRequests Off
ProxyPreserveHost On
<Proxy>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:28080/
ProxyPassReverse / http://localhost:28080/
<Location>
Order allow,deny
Allow from all
</Location>
################################
# ... end yourdomain.com #
################################
Assuming you have a webserver (apache, nginx, etc) as a proxy in front of Tomcat (and you are using Tomcat)...
In a setup where you allow both http and https, add a separate Connector element to tomcat's conf/server.xml file:
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="UTF-8"
scheme="https" secure="true" proxyName="somehostname.domain" proxyPort="443" />
If only https is allowed, you can add the scheme, secure, proxyName and proxyPort attributes to the existing Connector element.
In apache config, make the *:443 virtual host proxy to the Connector with the extra attributes. The plain http *:80 can connect to the original Connector.
For more information: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Proxy_Support http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html
I know this is an old question, but I would like to add my findings to help other users that might encounter this problem.
In addition to Burt's answer (I'm assuming that you are using tomcat), I found out that the returned value of request.getServerName() can also be set via server.xml
i.e in tomcat 8 https://tomcat.apache.org/tomcat-8.0-doc/config/http.html
having this line in server.xml
<Connector protocol="HTTP/1.1"
port="8080" ...
proxyName="localhost"/>
would return "localhost" when getServername is invoked.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论