I'm using Spring Security Core and grails.plugins.springsecurity.secureChannel.definition to enforce certain areas of a website to use https. Because it works by redirecting the page from an insecure page to a secure one, it has the side effect of preventing me from using the flash scope. Is there a fix or workaround?
Asked
Active
Viewed 141 times
2
-
Put a filter in,have the redirect pass the flash message and have the filter put the message back into scope for the new session. Or make everything https. – BZ. Oct 23 '13 at 21:57
-
How do I have the filter pass the flash message or errors? – Anonymous1 Oct 23 '13 at 22:07
-
I created a filter, and flash.errors and flash.message are strangely not showing up in the "before" interceptor. – Anonymous1 Oct 23 '13 at 22:20
-
Pass the message to the filter as a parameter in the redirect. Are you doing the redirect in a grails controller? – BZ. Oct 23 '13 at 23:07
-
I'm using a grails controller, but I'm also setting flash.errors, so passing an actual object would be necessary. – Anonymous1 Oct 23 '13 at 23:41
-
No - in the redirect add a parameter error_message, have the filter check for any incoming requests with that parameter and put that in the session as a flash.message. When you do the redirect, you end up creating a new session - the only communication you have between these two sessions are what's in that redirect - you could create an object with session state and pass the id to that, look it up and restore - or just pass the message. Or just make everything ssl from the start - any reason you don't do that? Suddenly the entire app is more secure! – BZ. Oct 23 '13 at 23:48
-
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/39947/discussion-between-bz-and-anonymous1) – BZ. Oct 24 '13 at 19:37
-
1After running into other issues, I made the whole website https. It's a reasonable solution for this website. – Anonymous1 Oct 31 '13 at 23:36