Menu
I'm trying to force SSL using the reference documentation
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https
However, I already have
@Configuration
class WebSecurityConfiguration {
When I add extends WebSecurityConfigurerAdapter, and not even protected void configure(HttpSecurity http), then requests to a non-Oauth2 page /home/ are redirected to /login for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.
This is the outline of the WebSecurityConfiguration class.
@Configuration
class WebSecurityConfiguration {
@Autowired
UserMapper userMapper;
@Bean
PasswordEncoder passwordEncoder() {
@Bean
protected UserDetailsService userDetailsService() {
And that's it.
I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths
HTTP Status 404 - /home
type Status report
message /home
description The requested resource is not available.
Apache Tomcat/8.0.47
So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.
Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-proxy.html#java-tomcat-proxy-nginx
330
I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!
AWS Elastic Beanstalk Tomcat works with .war but not .zip
When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)
I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!
pom.xml
<plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
assembly.xml
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>bin</id>
<baseDirectory>/</baseDirectory>
<formats>
<format>zip</format>
</formats>
<files>
<file>
<source>empty.war</source>
<outputDirectory/>
</file>
<file>
<source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
<outputDirectory/>
<destName>ROOT.war</destName>
</file>
</files>
<fileSets>
<fileSet>
<directory>${project.basedir}</directory>
<outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
<includes>
<include>force-https.conf</include>
</includes>
</fileSet>
</fileSets>
</assembly>
And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.
force-ssl.conf
if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
}
http://maven.apache.org/plugins/maven-assembly-plugin/assembly.html
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With