{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 相关推荐>> 的问题《AWS ELB Spring MVC HTTPS Redirect /home Keeps Goin》','https://www.manongdao.com/q-954110.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an AWS instance that uses Elastic Load Balancing (ELB). I am using Spring MVC with secure login. The ELB is configured for 80 HTTP >> 8080 HTTP and 443 HTTPS >> 8080 HTTP. The ELB is doing all of the HTTPS encryption. I want port 80 to redirect to 443 so all requests to the web service are HTTPS. I used "use-forward-headers=true" and "x-forwarded-proto: https" in my application.properties. When I type test.mydomain.com the ELB/Webservice redirects to HTTPS but goes to the /login page and not my home page. If I type test.mydomain.com/home it redirects to HTTPS and correctly goes to the /home page. My @Controller page appears to be correctly set to always direct to the /home page. Not sure why it directs to /login. I suspect it is all of the redirecting going on between the ELB and Spring MVC. Any ideas??
My controller code is,
@Controller
public class AdminController {
private static final Logger logger = (Logger)
LoggerFactory.getLogger(AdminController.class);
// Home Page
@RequestMapping(value = {"", "/", "/home"}, method=RequestMethod.GET)
public String home(Model model) {
return "home";
}
// Login Page
@RequestMapping(value = {"/login"}, method=RequestMethod.GET)
public String login(Model model) {
firsttime = true;
return "login";
}
}
My WebSecurityConfig code is,
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
// Allows access for .css, .js, and .images files
http.authorizeRequests()
.antMatchers("/resources/**")
.permitAll()
.anyRequest()
.permitAll();
// Access management for all other requests
http.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/home")
.invalidateHttpSession(true)
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDS).passwordEncoder(passwordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDS;
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Autowired
UserDetailsService userDS;
}
My application.properties is,
# Admininstration Web Server Parameters
security.require-ssl=true
server.use-forward-headers = true
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto