Announcement Announcement Module
Collapse
No announcement yet.
HTTPS login with Spring Security redirects to HTTP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTPS login with Spring Security redirects to HTTP

    Spring web app, secured with Spring Security deployed on Tomcat. Oracle Web Cache with an SSL cert (https terminates at the load balancer ie. port 443 -> port 80), so from Tomcat's perspective, inbound requests are HTTP.

    My login form submits to https, however the subsequent redirect goes to http (success or fail). The authentication was successful, and I can go back to https and I'm logged in.

    Spring Security Configuration file looks something like this..

    <http use-expressions="true">

    <intercept-url pattern="/app/login" filters="none" />
    <intercept-url pattern="/app/**" access="isAuthenticated()" />
    <intercept-url pattern="/**" access="permitAll" />

    <form-login login-page="/app/login"
    authentication-failure-url="/app/login?login_error=1"
    default-target-url="/app/mainMenu/"
    always-use-default-target="false" />
    ...

    What do I need to change to make default-target-url and authentication-failure-url go to https?
Working...
X