Mod_rewrite not working to protect grails app
I have a grails app running on tomcat and I am using mod_proxy to connect an http server to it. My goal is to provide a login process.
My VirtualHost config to force https setup:
ProxyPass /myapp/ http://127.0.0.1:8080/myapp
ProxyPassReverse /myapp/ http://127.0.0.1:8080/myapp
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(myapp/login) https://%{HTTP_HOST}:443/$1 [NC,R=301,L]
When I go to https://mydomain.com/myapp/adm - which requires authentication - it redirects to http://mydomain.com/myapp/login/auth;jsessionid=yyyyyy no security, so the rewrite doesn't work (if I manually replace http with https it works fine).
Any hints?
source to share
When I go to https://mydomain.com/myapp/adm - which requires authentication - it redirects to http://mydomain.com/myapp/login/auth;jsessionid=yyyyyy .
It looks like Spring Security is doing a redirect to / login / auth. Burt Beckwith mentions here that Spring Security doesn't require grails.serverURL. It should use request.getServerName () Basically grails.serverURL is used for createLink methods
I would suggest:
- try using https in grails.serverURL for workbench
-
set application context (if item 1) didn't help):
grails.app.context = "/ MyApp"
Update
Just to isolate and better understand where the problem is:
Could you run grails (in a development environment) with https and check if everything is working fine:
grails run-app -https
source to share
You made a typo, you wanted this:
RewriteRule ^/myapp/login https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
Your current RewriteRule cannot match
I also doubt there is any point in this
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/myapp/login [NC]
This only duplicates the ^ / myapp / login you would like in the RewriteRule. Therefore, while it works, it is impractical.
source to share
In the setup where you allow both http and https, add a separate Connector element to your tomcat conf / server.xml file:
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="UTF-8"
scheme="https" secure="true" proxyName="somehostname.domain" proxyPort="443" />
If only https is allowed, you can add the schema, secure, proxyName, and proxyPort attributes to the existing Connector element.
In apache config, create virtual host proxy *: 443 for connector with additional attributes. A simple http *: 80 can connect to the original connector.
For more information: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Proxy_Support http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html
source to share