Home/ Questions/Q 8616613
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T05:39:40+00:00

I have deployed a very simple Grails test app on Cloud Foundry which uses

  • 0

I have deployed a very simple Grails test app on Cloud Foundry which uses spring-security for the login page.

I want to require HTTPS access for this login page so that passwords are not sent in clear text.

First thing I did was to browse to my test app using HTTPS which worked fine, so that confirmed that Cloud Foundry can service HTTPS requests for my app.

Next I added the following to Config.groovy to require HTTPS access to my pages:

grails.plugins.springsecurity.auth.forceHttps = true

grails.plugins.springsecurity.secureChannel.definition = [
        '/': 'REQUIRES_SECURE_CHANNEL'
]

Now when I try to deploy using grails cf-update it hangs when Trying to start application...

If if I remove the requirement for HTTPS it succeeds.

I’m guessing that maybe there is a problem with the check for whether the application has started. Is this using a HTTP url which is then getting redirected to HTTPS as I cannot see any problems in the logs?

Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found out that there currently is an issue with CloudFoundry + Spring Security where HttpServletRequest.isSecure() does not return the correct value when using https. This trumps Spring Security in doing an infinite redirect loop when requiring a secure channel.

    I witnessed that on a plain Spring project, but this may be what your grails project is suffering from. One workaround at the moment would be to wrap your HttpServletRequests so that isSecure() looks at the scheme to decide what to return.

    If you try your secured URL in a browser, what do you get (assuming the app has actually started, although the grails plugin tells otherwise)

    • 0