I'm trying to force SSL using the reference documentation
However, I already have
@Configuration
class WebSecurityConfiguration {
When I add extends WebSecurityConfigurerAdapter
, and not even protected void configure(HttpSecurity http)
, then requests to a non-Oauth2 page /home/
are redirected to /login
for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter
breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.
This is the outline of the WebSecurityConfiguration
class.
@Configuration
class WebSecurityConfiguration {
@Autowired
UserMapper userMapper;
@Bean
PasswordEncoder passwordEncoder() {
@Bean
protected UserDetailsService userDetailsService() {
And that's it.
I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths
HTTP Status 404 - /home
type Status report
message /home
description The requested resource is not available.
Apache Tomcat/8.0.47
So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.