May 15th, 2011, 05:14 PM
How does Spring Security determine SSL port
I have a spring web app that uses Spring Security. I have mapped a certain route (/foo/**) to require SSL by using requires-channel="https". This works locally on my tomcat and spring forwards my 8080 http requests to https using port 8443 which is the SSL port of my tomcat configuration.
When I deploy this app to Websphere which I've configured to use 8080 for HTTP and 443 for SSL, Spring security still uses port 8443. Obviously nothing on this other server is running on that port and the SSL portion of my code on this server fails.
So I'm wondering how does Spring Security know what port to use? I want it to be smart enough to figure this port on its own.
May 15th, 2011, 05:20 PM
You can use the "port-mappings" namespace element to setup the mapping between HTTP/HTTPS ports.
May 15th, 2011, 05:30 PM
that's not what i need
<port-mappings .../> requires both http and https attributes to be set due to the XSD schema of spring security.
that is I cannot use <port-mappings https="443" /> since it's invalid. It must say <port-mappings http="8080" https="443" />. But note that my production server's http is 80 not 8080. Again as my original post, I want spring security to get the port from the server itself. That is why I'm asking "how does spring security determine it's port" in the title.
To me it looks like if http port is 8080, then ssl is 8443 and if http port is 80, then use 443. It looks like this logic is hard coded.
May 15th, 2011, 07:31 PM
You're right, it can't figure out the port on its own (how would it?). Your best bet is to either use something like a PropertyPlaceholderConfigurer to do dynamic replacement of port number from a properties file, and change the properties file per environment.
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
Tags for this Thread