发表新帖
发表新帖

Enforce Https routing for login with play framework

后端 未结
关注
6 2146
滥情空心
滥情空心 2020-12-05 03:22

I want to enforce https routing for the login page only of my application.

Is it possible to do so with Play! without the use of a front end http server?

6条回答
  • 青春惊慌失措
    青春惊慌失措 (楼主)
    2020-12-05 03:47

    If your using AWS, you can terminate your HTTPS at the Load Balancer and use a filter to redirect HTTP connection to HTTPS.

    AWS Conf:

    443 (Load Balancer) ----------> 80 (Server)

    80 (Load Balancer) ----------> 80 (Server)

    The Filter:

    object HTTPSRedirectFilter extends Filter with Logging {

    def apply(nextFilter: (RequestHeader) => Future[SimpleResult])(requestHeader: RequestHeader): Future[SimpleResult] = {
        //play uses lower case headers.
        requestHeader.headers.get("x-forwarded-proto") match {
            case Some(header) => {
                if ("https" == header) {
                    nextFilter(requestHeader).map { result =>
                        result.withHeaders(("Strict-Transport-Security", "max-age=31536000"))
                    }
                } else {
                    Future.successful(Results.Redirect("https://" + requestHeader.host + requestHeader.uri, 301))
                }
            }
            case None => nextFilter(requestHeader)
        }
    }
}

    0 讨论(0)
 看不清?
提交回复
热议问题