Babak Behzadi
Reputation: 1256
Spring Security does not redirect HTTP to HTTPS
I'm implementing a web application using Spring 4 and Tomcat 7.
I run the application on Tomcat with SSL certificate and it works fine, but I want to force any HTTP request to redirect to its HTTPS request.
I've searched for Spring Security and add some configuration as below:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class CoreSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.requiresChannel()
.anyRequest().requiresSecure();
http
.antMatcher("/**")
.portMapper()
.http(80).mapsTo(443);
}
}
But it seems not working correctly and no redirect is done by Spring Security.
Is there any problem with this configuration?
Upvotes: 2
Views: 2578
Answers (1)
Babak Behzadi
Reputation: 1256
Thanks to Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS, by adding redirect config to Tomcat's web.xml, Tomcat does redirect.
<security-constraint>
<web-resource-collection>
<web-resource-name>My Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Upvotes: 2
Related Questions
- HTTPS login with Spring Security redirects to HTTP
- How to redirect HTTP requests to HTTPS using Spring Security Java configuration?
- Spring Boot redirect HTTP to HTTPS
- Spring security redirection URL using HTTP while HTTPS required
- HTTP not redirecting to HTTPS (SpringBoot)
- Disable spring security https redirecting
- Spring Boot HTTPS and redirect
- Redirect to HTTPS fails Spring Security
- Cannot stop Spring redirecting https to http
- Redirect HTTP to HTTPS in Spring Security or Tomcat