I have a grails project. Right now, the user can access it either with HTTP or HTTPS. I would like to require that they can only access it through HTTPS. any ideas? I do have spring security core installed, if that can be of help
thanks jason
Asked
Active
Viewed 3,189 times
1 Answers
7
Spring's core supports that:
grails.plugins.springsecurity.secureChannel.definition = [
'/path/**': 'REQUIRES_SECURE_CHANNEL'
]
Chris Cashwell
- 22,308
- 13
- 63
- 94
-
Check out Chapter 17 at http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/ – Chris Cashwell Sep 23 '11 at 21:09
-
Thanks for the response what file does this go into? UrlMappings.groovy? – jason Sep 23 '11 at 21:17
-
`grails-app/conf/Config.groovy` is where app-specific configurations go. – Chris Cashwell Sep 23 '11 at 21:20
-
thanks again. follow up question. if i want to make all pages require https, is this possible? or do i need to list every controller? – jason Sep 23 '11 at 21:40
-
Just remove the `/path` part, making it `'/**'`. – Chris Cashwell Sep 24 '11 at 01:54
-
Thanks! I have one more question but will post in a new thread – jason Sep 24 '11 at 16:25
-
@ChrisCashwell I tried adding this line, but now I get an error "This webpage has a redirect loop ERR_TOO_MANY_REDIRECTS". Any ideas? – dead_jake Feb 03 '16 at 20:36
-
@dead_jake, How did you fix ERR_TOO_MANY_REDIRECTS? – Adrian Rodriguez Mar 19 '17 at 05:05