I am trying to enable HTTPS for some pages in a web application. I use Spring MVC and Spring Security for a web application deployed on Tomcat, with Nginx as a proxy for tomcat.
First of all, everything works fine, without any HTTPS configuration. I created a self-signed SSL certificate and installed it on Nginx. I did not make any changes to Tomcat to enable HTTPS, as I just want Nginx to handle SSL termination. Here is my corresponding Nginx configuration for SSL.
listen 443;
server_name 127.0.0.1;
root /usr/local/server/web/webapps/ROOT;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
My Spring security configuration for SSL looks like this:
<http pattern="/static/**" security="none" />
<http pattern="/favicon*" security="none" />
<http use-expressions="true">
<intercept-url pattern="/login" access="permitAll" requires-channel="https" />
<intercept-url pattern="/loginprocess" method="POST" requires-channel="https" />
<intercept-url pattern="/logout" access="isAuthenticated()"/>
<intercept-url pattern="/**" access="isAuthenticated()" requires-channel="https" />
<form-login username-parameter="username"
password-parameter="password" login-page="/login"
login-processing-url="/loginprocess" default-target-url="/hiring"
authentication-failure-url="/login?error" always-use-default-target="true" />
<logout logout-url="/logout" logout-success-url="/login?logout" />
</http>
Now when I try to access the login page in my browser - https://localhost/internal/loginI get an error message -
-
Spring :
12:34:55.240 [http-bio-8080-exec-33] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 10 in additional filter chain; firing Filter: 'ChannelProcessingFilter'
12:34:55.240 [http-bio-8080-exec-33] DEBUG o.s.s.web.util.AntPathRequestMatcher - Checking match of request : '/login'; against '/login'
12:34:55.240 [http-bio-8080-exec-33] DEBUG o.s.s.w.a.c.ChannelProcessingFilter - Request: FilterInvocation: URL: /login; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
12:34:55.240 [http-bio-8080-exec-33] DEBUG o.s.s.w.a.c.RetryWithHttpsEntryPoint - Redirecting to: https://localhost/internal/login
12:34:55.241 [http-bio-8080-exec-33] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'https://localhost/internal/login'
require-channel , . / .
Update
, . -
03:29:28.603 [http-bio-8080-exec-19] DEBUG o.s.s.w.a.c.ChannelProcessingFilter - Request: FilterInvocation: URL: /loginprocess; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
03:29:28.603 [http-bio-8080-exec-19] DEBUG o.s.s.w.a.c.RetryWithHttpsEntryPoint - Redirecting to: https://localhost/internal/loginprocess
03:29:28.603 [http-bio-8080-exec-19] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'https://localhost/internal/loginprocess'
03:29:28.609 [http-bio-8080-exec-11] DEBUG o.s.s.web.util.AntPathRequestMatcher - Request 'GET /loginprocess' doesn't match 'POST /loginprocess
03:29:28.609 [http-bio-8080-exec-11] DEBUG o.s.s.web.util.AntPathRequestMatcher - Request '/loginprocess' matched by universal pattern '/**'
03:29:28.614 [http-bio-8080-exec-20] DEBUG o.s.security.web.FilterChainProxy - /loginprocess at position 4 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
03:29:28.614 [http-bio-8080-exec-20] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Request is to process authentication
03:29:28.615 [http-bio-8080-exec-20] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Authentication method not supported: GET
, , Spring Security GET. - HTTPS, Spring - RemoteIPValve, ?
internalProxies RemoteIpValve, . IP- ( ). , . RemoteIpValve , IP- - IpV6, internalProxies, RemoteIpValve , . #fe80::1%lo0 localhost Mac OS X, .
, @M. Deinum, , .