Spring Boot Redirect Http to Https

Spring Boot redirect HTTP to HTTPS

For Tomcat to perform a redirect, you need to configure it with one or more security constraints. You can do this by post-processing the Context using a TomcatEmbeddedServletContainerFactory subclass.

For example:

TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
    @Override
    protected void postProcessContext(Context context) {
        SecurityConstraint securityConstraint = new SecurityConstraint();
        securityConstraint.setUserConstraint("CONFIDENTIAL");
        SecurityCollection collection = new SecurityCollection();
        collection.addPattern("/*");
        securityConstraint.addCollection(collection);
        context.addConstraint(securityConstraint);
    }
};

Due to CONFIDENTIAL and /*, this will cause Tomcat to redirect every request to HTTPS. You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.

An instance of the above TomcatEmbeddedServletContainerFactory subclass should be defined as a bean using a @Bean method in a @Configuration class.

Spring Boot Security using http instead of https when forwarding to login page

You should configure the ALB to terminate SSL (i.e. register certificate etc). If this is configured correctly, the ALB will automatically add a header (X-Forwarded-Proto) that tells Spring Security that it needs to use HTTPS for its redirects.

Redirect from http to https in Spring Boot 2.0.4

Try with below configurations. 

@Bean
public ServletWebServerFactory servletContainer() {
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(redirectConnector());
    return tomcat;
}

private Connector redirectConnector() {
    Connector connector = new Connector(
            TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
    connector.setScheme("http");
    connector.setPort(8080);
    connector.setSecure(false);
    connector.setRedirectPort(8443);
    return connector;
}

Related Topics

Cannot Create Jdbc Driver of Class ' ' for Connect Url 'Null':I Do Not Understand This Exception

Kill -3 to Get Java Thread Dump

How to Include SQLite Database in Executable Jar

Lambda Expression and Method Overloading Doubts

How to Prevent Java.Lang.String.Split() from Creating a Leading Empty String

Java.Lang.Noclassdeffounderror: Org/Apache/Spark/Logging

Alternatives to Java.Lang.Reflect.Proxy for Creating Proxies of Abstract Classes (Rather Than Interfaces)

Cors Allowed-Origin Restrictions Aren't Causing the Server to Reject Requests

Add a Dependency in Maven

Java Variable Number of Arguments for a Method

Java.Util.Date to Xmlgregoriancalendar

When to Catch the Exception VS When to Throw the Exceptions

Java: Object to Byte[] and Byte[] to Object Converter (For Tokyo Cabinet)

In Java, What Are the Boolean "Order of Operations"

Is Gnu's Java Compiler (Gcj) Dead

Use of '? Extends ' and '? Super ' in Collection Generics

Peer Not Authenticated While Importing Gradle Project in Eclipse

Difference Between Oracle Jdbc Driver Classes


Leave a reply



Submit