Switching from https to http

**salvin18** · Feb 9th, 2010, 10:53 PM

I work on an application that runs on apache which is the https handler.
But internally, it is running on http behind a firewall, apache routes the request to the app.

Thus,
using something like this:
<form-login login-page="/Login.html"
authentication-failure-url="https://www.ourapp.com/FailureLogin.jsp"
always-use-default-target="false"
default-target-url="https://www.ourapp.com/SuccessLogin.jsp"/>

works
where-as using:

<form-login login-page="/Login.html"
authentication-failure-url="/FailureLogin.jsp"
always-use-default-target="false"
default-target-url="/SuccessLogin.jsp"/>

does not work,
debugging and checking logs revealed that a call was made to http://www.ourapp.com/SuccessLogin.jsp
which does not exist.

Since our app is used in multiple environments, it is desirable to mention urls in this manner.
Is there a work around for this in code/config ?

**yincrash** · Mar 16th, 2010, 04:13 PM

I just found this via the jira issue:
https://jira.springsource.org/browse/SEC-1401

Why not just change the redirect to build the url as a root-relative URL rather than absolute? That would fix this.

I also have a problem where https handling is done by a separate machine, and I imagine more companies would also have this issue.

**yincrash** · Mar 16th, 2010, 04:14 PM

Originally Posted by yincrash

I just found this via the jira issue:
https://jira.springsource.org/browse/SEC-1401

Why not just change the redirect to build the url as a root-relative URL rather than absolute? That would fix this.

I also have a problem where https handling is done by a separate machine, and I imagine more companies would also have this issue.

The question is posed to Luke (or other Spring Security developer). Not you as a user.

**tedjohn09** · Mar 16th, 2010, 08:35 PM

Thanks yincrash. Nice reply!!!

I will try.
__________________
Free Webspace

**salvin18** · Mar 16th, 2010, 09:07 PM

Originally Posted by tedjohn09

Thanks yincrash. Nice reply!!!

I will try.
__________________
Free Webspace

as yincrash stated this was a message for Spring developers ...
What is it that you are going to try ?

**tedjohn09** · Mar 16th, 2010, 09:34 PM

Well,
I mean I will take time to view the link that he/she share.
__________________
click here

**salvin18** · Mar 16th, 2010, 11:33 PM

Originally Posted by yincrash

...I imagine more companies would also have this issue.

Thanks for quoting that, it is quite possible indeed.
Let me know if you are opening a new bug/enhancement for this, I will definately contribute...

Thread: Switching from https to http

Thread Tools

Display

Switching from https to http

what do you mean try ?

Thanks for quoting that...

Tags for this Thread

Posting Permissions