Grails - SSL and Spring Security Core

Question

Grails - SSL and Spring Security Core

I want my application to work exclusively with SSL enabled. I am using Spring Security core plugin.

This is how I try to do it in Config.groovy :

 grails.plugins.springsecurity.portMapper.httpPort = 8080 grails.plugins.springsecurity.portMapper.httpsPort = 8443 grails.plugins.springsecurity.secureChannel.definition = [ '/**' : 'REQUIRES_SECURE_CHANNEL']

I expected this to cause redirects every time I try to access Url using HTTP. However, I never redirect and can navigate through HTTP and HTTPS. I can add that I run my application using grails run-app -https

Have I really misunderstood all this?

Any suggestion is welcome.

+6

http spring-security ssl https grails

Alexandre Bourlier May 26 '12 at 1:44

source share

3 answers

Iman · Answer 1 · 2012-08-30T09:29:46+0000

Do you have a custom filter chain declared in your configuration?

you may need to add "channelProcessingFilter" to your chain in this case

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html

dimcookies · Answer 2 · 2012-05-26T21:11:47+0000

You can also try using the forceHttps parameter

 grails.plugins.springsecurity.auth.forceHttps = true

Overzealous · Answer 3 · 2012-05-26T06:54:21+0000

You don't have wildcards, so the definition literally matches the root URL ( / ), but nothing lower ( /foo ). Do you want to:

 grails.plugins.springsecurity.secureChannel.definition = [ '/**' : 'REQUIRES_SECURE_CHANNEL'] ^^

(You can explicitly see wildcards in the documentation :-)

Finally, if your server is behind a load balancer or other firewall that hides the protocol, check the same page for instructions on checking the header.

Grails - SSL and Spring Security Core

More articles: