Spring Boot redirect HTTP to HTTPS
For Tomcat to perform a redirect, you need to configure it with one or more security constraints. You can do this by post-processing the Context
using a TomcatEmbeddedServletContainerFactory
subclass.
For example:
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
Due to CONFIDENTIAL
and /*
, this will cause Tomcat to redirect every request to HTTPS. You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.
An instance of the above TomcatEmbeddedServletContainerFactory
subclass should be defined as a bean using a @Bean
method in a @Configuration
class.
Spring Boot Security using http instead of https when forwarding to login page
You should configure the ALB to terminate SSL (i.e. register certificate etc). If this is configured correctly, the ALB will automatically add a header (X-Forwarded-Proto) that tells Spring Security that it needs to use HTTPS for its redirects.
Redirect from http to https in Spring Boot 2.0.4
Try with below configurations.
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector(
TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
Related Topics
Cannot Create Jdbc Driver of Class ' ' for Connect Url 'Null':I Do Not Understand This Exception
Kill -3 to Get Java Thread Dump
How to Include SQLite Database in Executable Jar
Lambda Expression and Method Overloading Doubts
How to Prevent Java.Lang.String.Split() from Creating a Leading Empty String
Java.Lang.Noclassdeffounderror: Org/Apache/Spark/Logging
Cors Allowed-Origin Restrictions Aren't Causing the Server to Reject Requests
Java Variable Number of Arguments for a Method
Java.Util.Date to Xmlgregoriancalendar
When to Catch the Exception VS When to Throw the Exceptions
Java: Object to Byte[] and Byte[] to Object Converter (For Tokyo Cabinet)
In Java, What Are the Boolean "Order of Operations"
Is Gnu's Java Compiler (Gcj) Dead
Use of '? Extends ' and '? Super ' in Collection Generics
Peer Not Authenticated While Importing Gradle Project in Eclipse