AWS ELB Spring MVC HTTPS Redirect /home Keeps Goin

2019-08-05 06:43发布

问题:

I have an AWS instance that uses Elastic Load Balancing (ELB). I am using Spring MVC with secure login. The ELB is configured for 80 HTTP >> 8080 HTTP and 443 HTTPS >> 8080 HTTP. The ELB is doing all of the HTTPS encryption. I want port 80 to redirect to 443 so all requests to the web service are HTTPS. I used "use-forward-headers=true" and "x-forwarded-proto: https" in my application.properties. When I type test.mydomain.com the ELB/Webservice redirects to HTTPS but goes to the /login page and not my home page. If I type test.mydomain.com/home it redirects to HTTPS and correctly goes to the /home page. My @Controller page appears to be correctly set to always direct to the /home page. Not sure why it directs to /login. I suspect it is all of the redirecting going on between the ELB and Spring MVC. Any ideas??

My controller code is,

@Controller
public class AdminController {

    private static final Logger logger = (Logger)
            LoggerFactory.getLogger(AdminController.class);

    // Home Page
    @RequestMapping(value = {"", "/", "/home"}, method=RequestMethod.GET)
    public String home(Model model) {
        return "home";  
    }

    // Login Page
    @RequestMapping(value = {"/login"}, method=RequestMethod.GET)
    public String login(Model model) {
        firsttime = true;
        return "login";
    }
}

My WebSecurityConfig code is,

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception{

        // Allows access for .css, .js, and .images files
        http.authorizeRequests()
            .antMatchers("/resources/**")
            .permitAll()
            .anyRequest()
            .permitAll();

        // Access management for all other requests
        http.authorizeRequests()
            .antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/home")
            .invalidateHttpSession(true)
            .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userDS).passwordEncoder(passwordEncoder());    
    }

    @Override
    protected UserDetailsService userDetailsService() {
        return userDS;

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Autowired
    UserDetailsService userDS;
}

My application.properties is,

# Admininstration Web Server Parameters
security.require-ssl=true
server.use-forward-headers = true
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto