spring security 登录成功期间强制Https连接

Question

I have one spring boot app which contains spring security with formLogin being added and custom loginPage . Whenever I get authenticated then it will send me to the defaultSuccessUrl which is /app/dashboard and it sends with the schema http I been trying all day to just make the successUrl schema to be https just tweaking some changes on application.properties and sometimes with Bean but i am still not able to make it happen. My application is in cloudfoundry which and i don't have 80 port but only 443(https) .

My configuration in spring is like this :

http
    .authorizeRequests()
    .antMatchers("/", "/forbidden", "/index.html", "/webjars/*", "/app.js", "/access/*", "/signup", "/l10n/*.js", "/", "/tpl/**/*.html", "/fonts/**/*.woff").permitAll()
    .anyRequest().authenticated()

    .and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class).
    csrf().csrfTokenRepository(repo)

    .and() .httpBasic().disable()
    .formLogin()
    .loginPage("/access/signin").permitAll()
    .failureUrl("/error")
    .defaultSuccessUrl("/app/dashboard")
    .and().logout()
    .logoutRequestMatcher(new AntPathRequestMatcher("access/logout"))
    .logoutSuccessUrl("/access/signin").permitAll();

I did also tried to use absolute url with https but it is not working good.

Answer 1

Did you try requiresChannel() and requiresSecure() ? For particular url to be accessible via https, you can try

.defaultSuccessUrl("/app/dashboard").and().requiresChannel().antMatchers("/app/dashboard").requiresSecure() 

For all requests to go through https, you can use like

.and().requiresChannel().anyRequest().requiresSecure()

You can use port mapping like below.

 http
     .portMapper()              
        .http(8080).mapsTo(443);

Please refer this and this for more details.