问题场景:在未通过nginx代理情况下所有业务逻辑正常,但是经常nginx代理后某些业务就报空指针错误。
报错提示:
java.lang.NullPointerException at org.springframework.web.util.WebUtils.isSameOrigin(WebUtils.java:816) at org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:76) at org.springframework.web.servlet.handler.AbstractHandlerMapping$CorsInterceptor.preHandle(AbstractHandlerMapping.java:503) at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:134) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:956) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:869) at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
找到代码:
public static boolean isSameOrigin(HttpRequest request) { String origin = request.getHeaders().getOrigin(); if (origin == null) { return true; } UriComponents actualUrl = UriComponentsBuilder.fromHttpRequest(request).build(); UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (actualUrl.getHost().equals(originUrl.getHost()) && getPort(actualUrl) == getPort(originUrl)); }
看这个代码逻辑是会去判断实际的请求地址和源地址是否一致。
解决方法:在nginx代理层修改请求头为浏览器的请求来源。
location /mgmt { proxy_pass http://sunbar_mgmt/mgmt; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; }