Grails security plugin has nice feature that allows automatically redirect queries for specific pages to https. For example, you can put this code into Config.groovy to redirect all requests:
Unfortunately this does not work when your Tomcat is behind load balancer that does all encryption. To do it requires a little more work.
First, it is needed to specify how to detect either connection is secure or not. Standard way to do it with load balancers is to use X-Forwarded-Proto header. So it needs to be specified in Config.groovy like:
Worst part, is that it requires Tomcat reconfiguration, so it is needed to update Connector element in server.xml, like:
Good part is that it works nicely locally and across multiple environments, no need for fake certificates or different builds.
grails.plugins.springsecurity.secureChannel.definition = [
'/**': 'REQUIRES_SECURE_CHANNEL'
]
Unfortunately this does not work when your Tomcat is behind load balancer that does all encryption. To do it requires a little more work.
First, it is needed to specify how to detect either connection is secure or not. Standard way to do it with load balancers is to use X-Forwarded-Proto header. So it needs to be specified in Config.groovy like:
grails.plugins.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true grails.plugins.springsecurity.portMapper.httpsPort = 443
Worst part, is that it requires Tomcat reconfiguration, so it is needed to update Connector element in server.xml, like:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" proxyName="yourserver.com" proxyPort="443" secure="true" scheme="https" />
Good part is that it works nicely locally and across multiple environments, no need for fake certificates or different builds.
No comments:
Post a Comment