Announcement Announcement Module
Collapse
No announcement yet.
Converting http to https using Spring Security Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Converting http to https using Spring Security

    Hi,

    Can someone help me please by telling what all i need to configure in my application, so that my application switches to https, whenever a URL is accessed via http.

    I am using Spring MVC and i want to use Spring security with it for achieving the above said.

    My requirement is simple. I dont want any kind of authentication. FOr all the users who have accessed the application URL as http, it should
    change to https.

    Thanks,
    Bala

  • #2
    Why not just use the standard web.xml constraints?

    Comment


    • #3
      Thanks Luke!!! That was really helpful.

      Adiing the Security constraint resolved my problem.

      <security-constraint>
      <!-- Specifying the Resources to be Protected -->

      <web-resource-collection>
      <web-resource-name>Example name</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <!-- Specifying Secure Transport using SSL -->

      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      Comment


      • #4
        Originally posted by Luke Taylor View Post
        Why not just use the standard web.xml constraints?

        In my experience, unfortunately it doesn't really work with Websphere.

        Comment


        • #5
          Hi,

          Im using it with Weblogic 9.2 server.

          When i directly use the configurations with the app server, the redirection works fine, but there is a problem when im accessing the application using a Web server on top of the application server.

          It works fine for me, if i used https, but when using http, it gives me a forbidden error 403.

          Any thoughts about this issue?

          To make it simpler, its works fine for me with https and gives a forbidden 403 error when using http.

          - Bala

          Comment


          • #6
            You can also try setting the requires-channel property in your spring security.

            Code:
            <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
            <port-mappings>
              <port-mapping http="9080" https="9443"/>
            </port-mappings>

            Comment


            • #7
              Hi,

              We have tried with this configuration, but was getting some other errors while deploying.

              Resolved the deployment errors and kept the access="IS_AUTHENTICATED_ANONYMOUSLY", but was getting 403 Forbidden error.

              Can you please tell what other configurations need to be added, along with the ones you have mentioned?

              If you can point us or give us a working example of this, that will be really greatful.

              Comment


              • #8
                Hi,

                In my application, all http urls are redirected to https.

                If you want to do so try following

                <entry key="8080"><value>443</value></entry>

                let me know if it is working or not

                Thanks,
                Nisha

                Comment


                • #9
                  Hi Nisha,

                  Thanks for the reply.

                  Can you give me complete configurations that needs to be done?

                  When we use http tag, it fails asking for configuring remember me and entry point.

                  I didnt quite understand why these are required for the requirement i have?

                  Comment


                  • #10
                    If you don't need security, other than HTTPS, then use web.xml. There's no point in adding a Spring Security configuration just for this.

                    Comment

                    Working...
                    X