Announcement Announcement Module
Collapse
No announcement yet.
secure redirect behind load balancer Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • secure redirect behind load balancer

    Hello,

    We have some apps that are run behind a load balancer and the balancer also handles ssl encryption. All requests internally are handled on a single none secure port (8080). The request header has a flag to mark if the request is secure.

    When a request comes in that starts on https and I return a redirect (eg. viewName="redirect:somepage.do"), it sends a redirect with an insecure url. Is there a way to configure spring to be aware of the request header and return a secure url? Id rather not have to add code to all my controllers to return the correct ModelAndView.

    Thanks in advance,
    Michael

  • #2
    For some application servers (weblogic, etc), the redirect to HTTPS is controlled via web.xml. For weblogic, if you add the appropriate http header, weblogic will accept non http connection as https as it is assuming the SSL was front-end offloaded. This shouldn't be a spring issue, AFIK.

    Comment


    • #3
      We were using Cisco's Content Switch Balancing and ran into the same issue. There is nothing Spring Can do about it, as the Switch was turning an SSL request to non ssl request before forwarding it our webpage.

      The only way around this issue is that Configure the Switch correctly. We had set a flag in the switch to turn the flag on where it says that even if it is a redirect, change http to https. ( a very simple flag setting, nothing fancy)

      Comment


      • #4
        I ended up customizing UrlBasedViewResolver and RedirectView

        I had the very same issue - the load balancer was offloading SSL encryption/decryption and passing the request along on port 80. Spring's redirect notion ('redirect:') for relative URLs responds on the same protocol as the incoming request so all my redirects went out on port 80.

        Fortunately our load balancer injects a header indicating that the request came in on SSL. I extended UrlBasedViewResolver to intercept relative 'redirect:' s (I left explicit fully-qualified redirects alone) and then extended RedirectView to check the request header for the load-balancer-injected flag and build an https: response if necessary.

        Hope this helps. Drop me a line if you need more info.
        Last edited by sams_6; Mar 10th, 2008, 09:37 AM. Reason: typo

        Comment


        • #5
          Originally posted by sams_6 View Post
          I had the very same issue - the load balancer was offloading SSL encryption/decryption and passing the request along on port 80. Spring's redirect notion ('redirect:') for relative URLs responds on the same protocol as the incoming request so all my redirects went out on port 80.

          Fortunately our load balancer injects a header indicating that the request came in on SSL. I extended UrlBasedViewResolver to intercept relative 'redirect:' s (I left explicit fully-qualified redirects alone) and then extended RedirectView to check the request header for the load-balancer-injected flag and build an https: response if necessary.

          Hope this helps. Drop me a line if you need more info.
          i'm in the same boat, but i also need to configure spring web flow to do the same thing, and i can't figure out how to do it...do you have any ideas?

          thanks

          Richard F.

          Comment

          Working...
          X