Spring security plugin not redirect to https

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Spring security plugin not redirect to https

didinj
Hi all,

I have use spring security secureChannel to separate between http and https page.
Here's my config:
grails.plugins.springsecurity.secureChannel.portMapper 
grails.plugins.springsecurity.secureChannel.definition = [
    '/login/**':         'REQUIRES_SECURE_CHANNEL',
    '/home/**':         'REQUIRES_SECURE_CHANNEL',
    '/article/create':         'REQUIRES_SECURE_CHANNEL',
    '/article/edit':         'REQUIRES_SECURE_CHANNEL',
    '/article/list':         'REQUIRES_SECURE_CHANNEL',
    '/article/show':         'ANY_CHANNEL',
    '/groups/**':  'REQUIRES_SECURE_CHANNEL',
    '/hospital/list':  'REQUIRES_SECURE_CHANNEL',
    '/hospital/edit':  'REQUIRES_SECURE_CHANNEL',
    '/hospital/create':  'REQUIRES_SECURE_CHANNEL',
    '/hospital/index': 'REQUIRES_SECURE_CHANNEL',
    '/journal/list':  'REQUIRES_SECURE_CHANNEL',
    '/journal/edit':  'REQUIRES_SECURE_CHANNEL',
    '/journal/create':  'REQUIRES_SECURE_CHANNEL',
    '/journal/show':  'REQUIRES_SECURE_CHANNEL',
    '/journalQuiz/list':  'REQUIRES_SECURE_CHANNEL',
    '/journalQuiz/create':  'REQUIRES_SECURE_CHANNEL',
    '/journalQuiz/edit':  'REQUIRES_SECURE_CHANNEL',
    '/journalQuiz/show':  'REQUIRES_SECURE_CHANNEL',
    '/organization/list':  'REQUIRES_SECURE_CHANNEL',
    '/organization/edit':  'REQUIRES_SECURE_CHANNEL',
    '/organization/create':  'REQUIRES_SECURE_CHANNEL',
    '/events/**':  'REQUIRES_SECURE_CHANNEL',
    '/textbooks/**':  'REQUIRES_SECURE_CHANNEL',
    '/organization/index':  'REQUIRES_SECURE_CHANNEL',
    '/grails/**': 'ANY_CHANNEL',
    '/**': 'ANY_CHANNEL'
]
grails.plugins.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugins.springsecurity.auth.forceHttps = true

The problem is in http mode I can't go to login/auth page, it should be automatically redirect to https://www.xxxx.com/login/auth..Is there something wrong with my config?

Thanks,
Didin
Reply | Threaded
Open this post in threaded view
|

Re: Spring security plugin not redirect to https

didinj
The error is:

"The webpage at http://www.xxxxxx.com/login/auth has resulted in too many redirects"
Reply | Threaded
Open this post in threaded view
|

Re: Spring security plugin not redirect to https

didinj
And I'm deployed on elastic beanstalk that use load balancer.

Any suggestion?
Reply | Threaded
Open this post in threaded view
|

Re: Spring security plugin not redirect to https

cazacugmihai
Hi,

I think that you must read this:

http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/17%20Channel%20Security.html :

Amazon will set "x-forwarded-port" header to inform you that a page is requested via https.

Regards,
Mihai

On Tue, Oct 9, 2012 at 10:59 AM, didinj <[hidden email]> wrote:
And I'm deployed on elastic beanstalk that use load balancer.

Any suggestion?



--
View this message in context: http://grails.1312388.n4.nabble.com/Spring-security-plugin-not-redirect-to-https-tp4636106p4636127.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
Mihai Cazacu
Software Engineer
E-mail: [hidden email]
Mobile: +40 745 254 657
Skype: cazacugmihai
Twitter: cazacugmihai


Reply | Threaded
Open this post in threaded view
|

Re: Spring security plugin not redirect to https

didinj
Yes, I already read documentation and trying to implement like this:

        grails.plugins.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
        grails.plugins.springsecurity.secureChannel.secureHeaderName = 'X-Forwarded-Proto'
        grails.plugins.springsecurity.secureChannel.secureHeaderValue = 'http'
        grails.plugins.springsecurity.secureChannel.insecureHeaderName = 'X-Forwarded-Proto'
        grails.plugins.springsecurity.secureChannel.insecureHeaderValue = 'https'

But it still the same error. In chrome the error like this:
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects

I think the manual not clear for me.
Reply | Threaded
Open this post in threaded view
|

Re: Spring security plugin not redirect to https

cazacugmihai
Have you solved that problem?

On Tue, Oct 9, 2012 at 11:27 AM, didinj <[hidden email]> wrote:
Yes, I already read documentation and trying to implement like this:



But it still the same error. In chrome the error like this:


I think the manual not clear for me.



--
View this message in context: http://grails.1312388.n4.nabble.com/Spring-security-plugin-not-redirect-to-https-tp4636106p4636132.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
Mihai Cazacu
Software Engineer
E-mail: [hidden email]
Mobile: +40 745 254 657
Skype: cazacugmihai
Twitter: cazacugmihai