问题
I am using Spring HATEOAS in my web application. My application runs behind a Nginx webserver. I am sending following url with HTTPS header
GET https://national.usa.com/testapp-rest/api/user/654rtrtet-5grt-fgsdf-dfgs-765ytrtsdhshfgsh/newAuthentication
Status Code:200 OK
Response Headersview sourceAccess-Control-Allow-Headers:x-requested-with, Accept, Content-Type, Origin, Authorization, X-Auth-Token
Access-Control-Allow-Methods:POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:X-Auth-Token
Access-Control-Max-Age:3600
Cache-Control:no-cache, no-store, must-revalidate
Connection:keep-aliveContent-Type:application/json
Pragma:No-cacheServer:XXX/1.6.0
Strict-Transport-Security:max-age=31536000
Transfer-Encoding:chunkedRequest Headers
view sourceAccept:application/json, text/plain, */*Accept-Encoding:gzip, deflate, sdch
But when I see response headers, I see HATEOAS links are only returning HTTP. how to fixed this issue? Please guide.
"links: [{rel: "self",…}]0: {rel: "self",…}href: "http://national.usa.com
/testapp-rest/api/user/5435fdsg-45gfdgag-rewtdf43434-43543fsd "rel
Edit: Yes I using following code to create links
resource.add(ControllerLinkBuilder.linkTo(ControllerLinkBuilder.methodOn(TestController.class).getStudentResponse(response.getStudentId())).withSelfRel());
回答1:
As you mentioned in the comments your application runs behind a webserver. In this case Nginx.
You are using some sort of
linkTo(methodOn(MyController.class).myMethod(name)).withSelfRel());
to generate links. In this case take a look at ControllerLinkBuilder. As you can see in line 190 Spring HATEOAS builds a link based on the current request.
In addition, request header X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Ssl are queried and used if available.
That is what you missed to configure in order to build proper links with Spring HATEOAS.
Because you complain that only https is missing in your links, Nginx already sets X-Forwarded-For but skips X-Forwarded-Proto. I assume that Nginx and your application communicate over http otherwise you wouldn't have trouble.
You can ignore X-Forwarded-Ssl. It is only relevant if Nginx and your application talking over https. In that case you wouldn't see any issue either.
Below you find a complete Nginx location block for reference. X-Forwarded-Proto has been set to https in order to inform the proxied system that links have to contain https in any URLs (only if backend system processes aforedmetnioned request header).
location /yourapp {
proxy_pass http://localhost:8080/yourapp;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
For further reading please consult Nginx documentation for the http_proxy_module.
来源:https://stackoverflow.com/questions/33942648/spring-hateoas-links-issue-for-http-and-https