2

Our application is protected by siteminder web agent and is on https. Our application is running on weblogic and is on http. When the user access protected URL, the siteminder login page(https) is displayed and the user enters his credentials here.

But after successful authentication, the user was redirected to http URL and page cannot be displayed or unable to connect message was displayed.

I fixed this issue by adding redirectHttp10Compatible="false" attribute to my view resolver.

Now, upon logout, the application is redirecting to logout success URL over http rather than https.

redirectHttp10Compatible="false" attribute is still in the same place.

Any help in this regard is very helpful and highly appreciated.

Thanks a lot in advance.

The below are the config files(edited, removed irrelevant lines) : 

    <-- DISPATCHER SERVLET -->    
    <context:component-scan base-package="xxx.xxx.controllers"/>
        <mvc:annotation-driven />
        <mvc:default-servlet-handler/>
        <bean id="multipartResolver"     
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
            <property name="maxUploadSize" value="100000000"/>
        </bean> 
    <bean id="jspViewResolver" 
    class="org.springframework.web.servlet.view.InternalResourceViewResolver"  
    p:viewClass="org.springframework.web.servlet.view.JstlView" 
    p:prefix="/WEB-INF/jsp/"
        p:suffix=".jsp"
        p:redirectHttp10Compatible="false"
    />


<-- SPRING SECURITY XML FILE -->
    <http pattern="/login/login.action" security="none"/>
    <http pattern="/login/logout.action" security="none"/>
    <http pattern="/WEB-INF/jsp/Login.jsp" security="none"/>
    <http pattern="/WEB-INF/jsp/Logout.jsp" security="none"/>

    <http auto-config="false" entry-point-ref="http403EntryPoint" use-expressions="true">
    <form-login login-page="/login/login.action" 
             default-target-url="/home.action" 
             authentication-failure-url="/login/login.action?loginFailed=true" 
             always-use-default-target="true"/>
    <custom-filter ref="siteMinderAgent" position="PRE_AUTH_FILTER"/>
    <logout logout-success-url="/login/logout.action" 
    invalidate-session="true" />
    </http>

    <beans:bean id="siteMinderAgent" 
    class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
    <beans:property name="principalRequestHeader" value="SM_USER"/>
    <beans:property name="authenticationManager" ref="appAuthenticationManager" />
    </beans:bean>

    <beans:bean id="preauthAuthProvider" 
    class="com.xxx.security.PreAuthenticatedAuthenticationProvider">
      <beans:property name="preAuthenticatedUserDetailsService">
        <beans:bean id="userDetailsServiceWrapper"
      class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
          <beans:property name="userDetailsService" ref="userDetailsService"/>
        </beans:bean>
      </beans:property>
    </beans:bean>

    <beans:bean id="http403EntryPoint" 
    class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

    <authentication-manager alias="appAuthenticationManager">
       <authentication-provider  ref="preauthAuthProvider"/>
    </authentication-manager>
Sanjeev
  • 119
  • 4
  • 18
  • This question has a couple of different approaches to solving the same problem. http://stackoverflow.com/questions/10385977/https-login-with-spring-security-redirects-to-http – chad May 29 '15 at 14:30

0 Answers0