I would like to have my application running exclusively with SSL turned on. I am using the Spring Security core plugin.
This is how I attempt to do it in Config.groovy
:
grails.plugins.springsecurity.portMapper.httpPort = 8080
grails.plugins.springsecurity.portMapper.httpsPort = 8443
grails.plugins.springsecurity.secureChannel.definition = [ '/**' : 'REQUIRES_SECURE_CHANNEL']
I was expecting this to cause redirects every time I would try to access a Url using HTTP.
However, I am never redirected, and can navigate through both HTTP and HTTPS. I may add I am starting my application using grails run-app -https
Am I getting this all wrong ?
Any suggestion is most welcome.
Runtime configuration - Grails' entire runtime convention based system is wired together by a Spring ApplicationContext. Transactions - Grails uses Spring's transaction management in GORM.
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
j_spring_security_check is a Servlet where the actual authentication is made and you must map the action of your login form to this Servlet.
Do you have a custom filterchain declared in your config?
you might need to add 'channelProcessingFilter' to your chain in that case
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
You can also try using the forceHttps option
grails.plugins.springsecurity.auth.forceHttps = true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With