Geek Answers Handbook

Force Grails / Weblogic for HTTPS Forwarding

I use Grails (2.2.2) in the project, and my application causes unwanted HTTP redirects instead of https redirects.

We currently have an F5 load balancer in front of Oracle Weblogic. F5 offloads our SSL from Weblogic. F5 accepts only https requests, and Weblogic accepts only HTTP requests.

The My Grails project uses Spring Security and the Spring CAS security plugin.

The problem usually occurs when you log in to CAS successfully. Grails always seems to issue an HTTP redirect.

My serverURL indicates HTTPS, like all of my CAS configuration variables. as

grails.serverURL = "https://example.com/${appName}"

Is there a way to force GRAILS / Weblogic to issue only https redirects?

EDIT # 1 - Additional Information

I tried doing this with no luck:

grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugin.springsecurity.secureChannel.definition = [
    '/**': 'REQUIRES_SECURE_CHANNEL'
 ]
grails.plugin.springsecurity.portMapper.httpPort = 80
grails.plugin.springsecurity.portMapper.httpsPort = 443
grails.plugin.springsecurity.secureChannel.secureHeaderName = 'WL-Proxy-SSL'
grails.plugin.springsecurity.secureChannel.secureHeaderValue = 'http'
grails.plugin.springsecurity.secureChannel.insecureHeaderName = 'WL-Proxy-SSL'
grails.plugin.springsecurity.secureChannel.insecureHeaderValue = 'https'

, , Spring Security/Spring CAS-,

, j_spring_security_check, , http https. , HTTP- F5. .

https://www.example.com/grailsapp/
-> 
https://www.casserver.com/cas/login?service=https%3A%2F%2Fwww.example.com%2Fgrailsapp%2Fj_spring_cas_security_check
-> https://www.example.com/grailsapp/j_spring_cas_security_check;jsessionid=f6T8RyDZ83Z2QQQlMQ7fGXvlrs05m9hTjlBkndD6stBh1s20v2ZH!-1677111548?ticket=ST-231-4Dl5PVDe4RRLpAW5CEXb-www.casserver.com
->
http://www.example.com/grailsapp/

CAS:

production {
    grails.plugins.springsecurity.cas.loginUri = '/login'
    grails.plugins.springsecurity.cas.serviceUrl = 'https://example.com/grailsapp/j_spring_cas_security_check'
    grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://casserver.com/cas'
    grails.plugins.springsecurity.logout.afterLogoutUrl = 'https://casserver.com/cas/logout?url=https://example.com/grailsapp/'
}
+3
3

F5. , , Grails, .

when HTTP_RESPONSE { 
  if { [HTTP::is_redirect] }{ 
        HTTP::header replace Location [string map {"http://example.com/grailsapp/" "https://example.com/grailsapp/"} [HTTP::header Location]] 
    } 
}
0

Spring Security. , F5 SSL, .

, :

grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true

, SSL, :

grails.plugin.springsecurity.secureChannel.definition = [
   '/**': 'REQUIRES_SECURE_CHANNEL'
]
+3

More articles:


All Articles