Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1642: Expand ChannelProcessingFilter to different sub-domains #1883

Closed
spring-issuemaster opened this Issue Dec 17, 2010 · 1 comment

Comments

Projects
None yet
1 participant

Scott Murphy (Migrated from SEC-1642) said:

The ChannelProcessingFilter is great if you use the same subdomain for http and https traffic, but if you are a site like facebook (https://login.facebook.com/) where you use a different subdomain for https traffic then you can't take advantage of the filter.

The current situation I am trying to use it in is http://www.domain.com:8080/ and https://secure.domain.com:8443/
As you can see, the channel filter won't work because it will redirect https://secure.domain.com:8443/ to http://secure.domain.com:8080/ which is not a valid url.

Solution:
Have a server-name-mappings tag for mapping http subdomains to https subdomains.

e.g.

<http use-expressions="true">
    <port-mappings>
    <port-mapping http="8080" https="8443"/>        
    </port-mappings>
    <sever-name-mappings>
        <sever-name-mapping http="www.domain.com" https="secure.domain.com"/>  
    </sever-name-mappings> 

Luke Taylor said:

I'd prefer not to add something like this to the namespace at this point. It seems like something that would be ideally accomplished using mod_rewrite or UrlRewriteFilter to adjust the domain, rather than by further additions to Spring Security.

It would be possible to accomodate by adding an explicit ChannelProcessingFilter with customized ChannelEntryPoint implementations. But I think something like a Url-rewriting rule would make most sense.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment