4

I’m using Apache 2.2, JBoss 7.1.3.Final, and Spring 3.2.11.RELEASE. It would appear when Spring issues a redirect in one of our controllers like so

return new ModelAndView(new RedirectView(returnUrl+"?lti_errormsg="+msg));

even though the original page request contained “https,” the new redirect contains only “http”. I believe this might have to do with how Apache connects to JBoss and I was wondering how to adjust our setup so that Spring issues redirects correctly (https for https requests, http for http requests). We are connecting through AJP. Here is our Apache configuration

ProxyErrorOverride On
ProxyPass /myproject/ ajp://localhost:8009/myproject/

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/ebook/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Pretty simple. Here is the setup in JBoss pertaining to AJP.

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
    <socket-binding name="ajp" port="8009"/>
    <socket-binding name="http" port="8081"/>
    <socket-binding name="https" port="8443"/>
    <socket-binding name="osgi-http" interface="management" port="8090"/>
    <socket-binding name="remoting" port="4447"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
        <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
</socket-binding-group>

Let me know what other information I should include or what configuration we need to make so that Spring redirects can take effect properly.

Thanks, - Dave

Edit: Here's how we load the ajp module in the apache httpd.conf file

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Dave
  • 15,639
  • 133
  • 442
  • 830
  • 1
    Did you try doing a redirect providing the complete path like "https://domain/context/yourpath instead of partial url? Let me know if that works? – minion Mar 19 '15 at 17:53
  • Hi, I'm looking for a solution that doesn't involve recoding every redirect in our application. I would like to address the problem at teh source, whereever that may lie. – Dave Mar 23 '15 at 21:47
  • I added a "ProxyPassReverse /myproject/ ajp://localhost:8009/ebook/" direcrive beneath my ProxyPass directive, restarted everything, but alas, no dice. – Dave Mar 24 '15 at 19:29
  • Did you load the proxy module in apache with LoadModule? I'm pretty sure the solution is in apache configuration. – sergiu Mar 25 '15 at 16:05
  • Hi, Yes we do this. I have added teh specific line as an edit to the end of this question. – Dave Mar 26 '15 at 15:43

3 Answers3

0

Set the InternalResourceViewResolver's redirectHttp10Compatible property to false:

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
  <property name="prefix" value="/" />
  <property name="suffix" value=".jsp" />
  <property name="redirectHttp10Compatible" value="false" />
</bean>
Mithun
  • 7,747
  • 6
  • 52
  • 68
0

Are you using spring-security? If so, you could use the ChannelProcessingFilter to force HTTPS (that is, any URL that gets there as HTTP will be redirected back to HTTPS).

Josh Ghiloni
  • 1,260
  • 8
  • 19
  • Yes, I'm using Spring security (3.1.4.RELEASE, but could upgrade if need be). Are you saying create a custom filter, intercept every request and check if it is http, and if not, rewrite the request as https? – Dave Mar 20 '15 at 19:14
  • 1
    You don't need to create a custom filter, it already exists in the Spring Security Filter Chain. Using Java Config, you can do `http.requiresChannel().anyRequest().requiresSecure();` ... that works on 3.2.6.RELEASE. – Josh Ghiloni Mar 20 '15 at 21:05
  • Woudl this turn http requests into https? If so, that's not exactly what we want. We would like http to remain http and https to remain https. – Dave Mar 23 '15 at 13:43
  • I'm following you a little more closely now. I don't have a lot of experience with Apache + JBoss directly, but I do have some experience with Apache + WebLogic. In that case, we had to make sure it respected the X-Forwarded-Proto header. Can you ensure you're sending it? If not, maybe do `RequestHeader set X-Forwarded-Proto "https" ` in your HTTPS VirtualHost? – Josh Ghiloni Mar 23 '15 at 20:27
  • Hi, Yes our Apache server is sending an X-Forwarded-Proto header. – Dave Mar 23 '15 at 21:33
  • Do you have a `ProxyPassReverse` directive that you're just not showing? You should probably have one like `ProxyPassReverse / ajp://localhost:8009` or similar. – Josh Ghiloni Mar 24 '15 at 03:48
  • Shoot, I commented in the wrong place. The short of it is I added the directive as specified in the comment underneath my original quesiton, but things stil didn't work. – Dave Mar 24 '15 at 19:32
0

This is what we have (but we use Tomcat only)

@RequestMapping(value = "/some_url", method = RequestMethod.POST)
public String doSomething(...) {

    ...

    return "redirect:/login";
}
Abel ANEIROS
  • 6,029
  • 2
  • 25
  • 19
  • I need a little more here. Are you saying to use "redirect:/" instead of "RedirectView"? If so, then your recommendation is to go and recode everything in our application to use this? – Dave Mar 24 '15 at 19:31
  • You could have both way working at the same time if your app (of course not for the same controller method), then there is no need of re-write your whole app. You could use this way only when you are redirecting to other URL (like in your question) – Abel ANEIROS Mar 25 '15 at 16:15
  • As I said, I would prefer to solve this problem at the source, but anyway I did try your suggestion -- using "redirect:/" instead of "RedirectView" and the problem remains. – Dave Mar 26 '15 at 15:45