Announcement Announcement Module
Collapse
No announcement yet.
Switching from https to http Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Switching from https to http

    I work on an application that runs on apache which is the https handler.
    But internally, it is running on http behind a firewall, apache routes the request to the app.


    Thus,
    using something like this:
    <form-login login-page="/Login.html"
    authentication-failure-url="https://www.ourapp.com/FailureLogin.jsp"
    always-use-default-target="false"
    default-target-url="https://www.ourapp.com/SuccessLogin.jsp"/>

    works
    where-as using:

    <form-login login-page="/Login.html"
    authentication-failure-url="/FailureLogin.jsp"
    always-use-default-target="false"
    default-target-url="/SuccessLogin.jsp"/>

    does not work,
    debugging and checking logs revealed that a call was made to http://www.ourapp.com/SuccessLogin.jsp
    which does not exist.

    Since our app is used in multiple environments, it is desirable to mention urls in this manner.
    Is there a work around for this in code/config ?

  • #2
    I just found this via the jira issue:
    https://jira.springsource.org/browse/SEC-1401

    Why not just change the redirect to build the url as a root-relative URL rather than absolute? That would fix this.

    I also have a problem where https handling is done by a separate machine, and I imagine more companies would also have this issue.

    Comment


    • #3
      Originally posted by yincrash View Post
      I just found this via the jira issue:
      https://jira.springsource.org/browse/SEC-1401

      Why not just change the redirect to build the url as a root-relative URL rather than absolute? That would fix this.

      I also have a problem where https handling is done by a separate machine, and I imagine more companies would also have this issue.
      The question is posed to Luke (or other Spring Security developer). Not you as a user.

      Comment


      • #4
        Thanks yincrash. Nice reply!!!
        I will try.
        __________________
        Free Webspace

        Comment


        • #5
          what do you mean try ?

          Originally posted by tedjohn09 View Post
          Thanks yincrash. Nice reply!!!
          I will try.
          __________________
          Free Webspace
          as yincrash stated this was a message for Spring developers ...
          What is it that you are going to try ?

          Comment


          • #6
            Well,
            I mean I will take time to view the link that he/she share.
            __________________
            click here

            Comment


            • #7
              Thanks for quoting that...

              Originally posted by yincrash View Post
              ...I imagine more companies would also have this issue.
              Thanks for quoting that, it is quite possible indeed.
              Let me know if you are opening a new bug/enhancement for this, I will definately contribute...
              Last edited by salvin18; Mar 17th, 2010, 03:16 AM.

              Comment

              Working...
              X