Spring Boot https redirect
Question
I deployed a Spring Boot web application to AWS and configured SSL certificate for a domain. Every time I click a Login button mapped to:
@RequestMapping("/login")
public String login(){
return "login";
}
I'm redirected to https login page. However, when a user tries to access a page that requires authorization, he is redirected to unsecured http login page. My Spring Security look like follows:
http
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/","/css/**","/images/**","/js/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/index").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("remember-me")
.logoutSuccessUrl("/login?logout")
.permitAll();
Here is live example: test4test.io
1 answers
solution1
0 2020-05-30 03:13:40
Assuming that connection is secure until it hits application, you will have to add following to security config to make all requests secure.
http.requiresChannel().anyRequest().requiresSecure();
If the tls is terminating at the load balancer(which may not be ideal but there are cases) then this may not work. In such circumstances, in aws alb/nlb, a listener can be added on port 80 which can redirect to port 443. This would not require any change in the application as the redirection happens from hte load balancer before the application gets the request.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.