grails - spring-security-core secure-channel causing redirect loop (on Heroku)
I\'m using spring-security-core and have setup the secure-channel capabilities, which work fine on my development machine. I\'ve got the following in Config.groovy
-
For anyone else stumbling into this (as I did) the problem is that your app doesn't actually receive the request as HTTPS. Rather, Heroku replaces the HTTPS with a "X-Forwarded-Proto" header. Spring-security's HTTPS redirection is then putting you into an infinite redirect loop because it always detects the request as HTTP.
You can write your own
SecureChannelProcessorto deal with this:public class HerokuSecureChannelProcessor extends SecureChannelProcessor { @Override public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException { Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided"); for (ConfigAttribute attribute : config) { if (supports(attribute)) { String header = invocation.getHttpRequest().getHeader("X-Forwarded-Proto"); if(header == null){ // proceed normally if (!invocation.getHttpRequest().isSecure()) { getEntryPoint().commence(invocation.getRequest(), invocation.getResponse()); } } else { // use heroku header instead if("http".equals(header)) { getEntryPoint().commence(invocation.getRequest(), invocation.getResponse()); } } } } } }讨论(0) -
You need to fix the values for the ports since they default to 8080 and 8443. See the section on Channel Security in the docs - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/ - about the
grails.plugins.springsecurity.portMapper.httpPortandgrails.plugins.springsecurity.portMapper.httpsPortconfig attributes.讨论(0)
加载中...
- 热议问题