Spring Security is redirecting to localhost on production server

Question

I have a grails application with the spring-security-core plugin installed. Everything works fine locally. I deployed to a staging server and everything worked fine. I de

Answer 1

The redirects are done in org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.commence() method, so you could set a breakpoint there if you're able to borrow one of the prod servers for debugging.

It builds the redirect URL based on the login form uri (e.g. /login/auth) but it uses request.getServerName() so it should be the same as the original request. Note that grails.serverURL has no impact here since it builds the URL using the requested server name, port, context, etc.

It might be affected by putting Apache or a load balancer in front of your servlet container, although I've done both and it's worked fine.

Have you done any bean customization in resources.groovy that might affect this?