I have a pretty simple handler method in my code:
@Service
public class AuthenticationSuccessHandler implements org.springframework.security.web.authentication.AuthenticationSuccessHandler {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication a) throws IOException, ServletException {
redirectStrategy.sendRedirect(request, response, PATH_CURRENT_USER);
}
}
The problem is, if I browse to https://my.domain.com/, I end up at http://my.domain.com/ after the redirect. In actuality my load-balancer redirects all http requests to https, but this just causes multiple browser errors and incorrect behavior: "Mixed Content: The page at was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint".
So the question is: how does one get spring to redirect to https when that's what the original request used?
What worked for me is adding this to application.properties server.tomcat.use-relative-redirects=true
Without the server.tomcat.use-relative-redirects it will add a Location header like: http://my.domain.com/. With the server.tomcat.use-relative-redirects it will look like: /. So it will be relative to the current page from browser perspective.
No hay comentarios:
Publicar un comentario