1

I have configured Spring security 5.1.6 in Wildfly16 application server. For logout, i have done configuration as below;

When i'm using HTTP url, then no issues. But when i'm using HTTPS URL , after LOGOUT link is clicked it is redirecting to the relative path configured in "logout-success-url" with protocol as HTTP instead of HTTPS.

I have already tried with "<property name="redirectHttp10Compatible" value="false" />" for InternalResourceViewResolver bean definition. But issue exists.

Also tried requires-channel as https. But issue exists. .

I dont want to hard code https URL in "logout-success-url".

Anything else we can try to fix this issue?

Subbu
  • 41
  • 5
  • When you set requiresChannel to https, and then accessed the logout-success-url, what happened? – NatFar Mar 06 '20 at 16:28
  • @NatFar....same result. still login URL redirected as HTTP instead of https. – Subbu Mar 08 '20 at 01:52
  • So far i'm adding a custom handler that extends "SimpleUrlLogoutSuccessHandler". Referring the customer handler in "success-handler-ref" is serving the purpose. But still it would be easy if we have a solution that sets protocol from context in all relative path handlers. – Subbu Mar 13 '20 at 19:09

1 Answers1

0

I had same issue and this post solve it on my side :

server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto

Source: https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https

Camille
  • 2,439
  • 1
  • 14
  • 32