Grails Spring Security redirect to login page using https

Question

I have a Grails app using Spring Security Core running on an AWS machine behind a load balancer.

The load balancer decrypts the ssl connections and forwards to port

Answer 1

I just went through the same scenario. Got stuck on the https, then the redirects, and now all is well. Use these Config.groovy settings:

grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugin.springsecurity.portMapper.httpPort = 80
grails.plugin.springsecurity.portMapper.httpsPort = 443
grails.plugin.springsecurity.secureChannel.secureHeaderName = 'X-Forwarded-Proto'
grails.plugin.springsecurity.secureChannel.secureHeaderValue = 'http'
grails.plugin.springsecurity.secureChannel.insecureHeaderName = 'X-Forwarded-Proto'
grails.plugin.springsecurity.secureChannel.insecureHeaderValue = 'https'

Note for those not using springsecurity 2.0, it is 'plugins' and not 'plugin' without the 's'.

My beanstalk load balancer settings look like this (I have an SSL cert installed, I didn't show it):

In the EC2 load balancer settings make sure your listeners are set right:

And finally in the EC2 security groups make sure the EB accepts requests on ports 80 and 443 from the ELB:

Note that nowhere in my setup of anything do I ever reference ports 8080 or 8443, even though that is what I use on my localhost for testing. Somebody reading this may think about trying to use those ports to fix the issues. My setup didn't require that.