I cannot get my application to redirect the login page from http to https in my development environment to localhost. Is this spring security plugin design?
I am running the development environment from intellij. When I run my application, the command line has
-https
and when the server starts, the message shows:
Server running. Browse to http://localhost:8080/ or https://localhost:8443/
I can go to https://localhost:8443/login/authin the browser, and the pages of my application are displayed as safe. When I type http://localhost:8080/login/auth, the browser is NOT redirected to a secure page.
In config.groovy:
environments {
development {
grails.server.port.https=8443
grails.server.host="localhost"
grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugin.springsecurity.portMapper.httpPort = 8080
grails.plugin.springsecurity.portMapper.httpsPort = 8443
grails.plugin.springsecurity.secureChannel.secureHeaderName = 'X-Forwarded-Proto'
grails.plugin.springsecurity.secureChannel.secureHeaderValue = 'http'
grails.plugin.springsecurity.secureChannel.insecureHeaderName = 'X-Forwarded-Proto'
grails.plugin.springsecurity.secureChannel.insecureHeaderValue = 'https'
...
and
grails.plugin.springsecurity.secureChannel.definition = [
'/': 'REQUIRES_INSECURE_CHANNEL',
'/index': 'REQUIRES_INSECURE_CHANNEL',
'/index.gsp': 'REQUIRES_INSECURE_CHANNEL',
'/images/**': 'ANY_CHANNEL',
'/img/**': 'ANY_CHANNEL',
'/js/**': 'ANY_CHANNEL',
'/css/**': 'ANY_CHANNEL',
'/login/**': 'REQUIRES_SECURE_CHANNEL',
...
Does redirection work for someone else? I do not start the application from a war file, and the work works fine.
source
share