Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Grails - SSL and Spring security core

I would like to have my application running exclusively with SSL turned on. I am using the Spring Security core plugin.

This is how I attempt to do it in Config.groovy:

grails.plugins.springsecurity.portMapper.httpPort = 8080
grails.plugins.springsecurity.portMapper.httpsPort = 8443
grails.plugins.springsecurity.secureChannel.definition = [ '/**' : 'REQUIRES_SECURE_CHANNEL']

I was expecting this to cause redirects every time I would try to access a Url using HTTP. However, I am never redirected, and can navigate through both HTTP and HTTPS. I may add I am starting my application using grails run-app -https

Am I getting this all wrong ?

Any suggestion is most welcome.

like image 205
Alexandre Bourlier Avatar asked May 26 '12 01:05

Alexandre Bourlier


People also ask

Does grails use spring?

Runtime configuration - Grails' entire runtime convention based system is wired together by a Spring ApplicationContext. Transactions - Grails uses Spring's transaction management in GORM.

What is Spring Security core used for?

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.

What is J_spring_security_check?

j_spring_security_check is a Servlet where the actual authentication is made and you must map the action of your login form to this Servlet.


2 Answers

Do you have a custom filterchain declared in your config?

you might need to add 'channelProcessingFilter' to your chain in that case

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html

like image 190
Iman Avatar answered Oct 19 '22 05:10

Iman


You can also try using the forceHttps option

grails.plugins.springsecurity.auth.forceHttps = true
like image 31
dimcookies Avatar answered Oct 19 '22 05:10

dimcookies