Home/ Questions/Q 7070785
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T05:36:29+00:00

On login, my application is redirected from 443 to 80 : The original URL

  • 0

On login, my application is redirected from 443 to 80 :
The original URL is https://myhost.com/myapp/login.jsp
but when I submit the URL https ://myhost.com/myapp/j_spring_security_check is called, and on login success, try to connect to https://myhost.com:80/myapp/

The URL https ://myhost.com/myapp/login.jsp call a apache server.
This apache called a tomcat with http (port 11080).

The login action is handled with Spring Security with that config :

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    <global-method-security secured-annotations="enabled">
    </global-method-security>
    <http auto-config="true">
        <intercept-url pattern="/faces/secure/**" access="ROLE_ADMIN" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
        <logout logout-success-url="/index.jsp"/>
        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
    </http>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"/>
    </authentication-provider>
</beans:beans>

This problem is only with login and logout actions, so I think Spring Security is the problem.

Everything works fine and there is no redirection when the original URL don’t use default https port 443 : https ://myhost.com:12345/myapp/login.jsp

Everything works fine too when apache called Tomcat with protocol ajp.

Unfortunately, I have to call apache on port 443 and Tomcat with protocol http.

The thread Spring Security Https Wrong Port is nearly my problem, except I don’t called Tomcat with https, but with http.

My Tomcat configuration for connectors is :

<Connector port="11080" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" redirectPort="8443" acceptCount="100"
           connectionTimeout="20000" disableUploadTimeout="true" />

<Connector port="11009" 
           enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem seems to be the instruction response.sendRedirect which is in Spring security to login, and in my application to logout :

    response.sendRedirect(response.encodeRedirectURL(finalUrl));

    To solve the problem, I added a valve in tomcat as described in this article : http://blog.inuus.com/vox/2009/04/tomcat-and-ssl-accelerators.html

    • 0