Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document Proxy Server Configuration #4076

balaji-katika opened this issue Sep 29, 2016 · 1 comment


None yet
2 participants
Copy link

commented Sep 29, 2016


Infinite loop occurs in commence method for Load Balancer (LB) based deployment

Actual Behavior

When useForward is true, the below if check runs in infinite loop as the https requests received by the LB is forwarded to the webserver as http
if (forceHttps && "http".equals(request.getScheme())) {
// First redirect the current request to HTTPS.
// When that request is received, the forward to the login page will be used.
redirectUrl = buildHttpsRedirectUrlForRequest(request);

Expected Behavior

if condition above could use the header Forward-proto or X-Forward-proto (Refer to determine if the server has a proxy or LB configured. Not all LB adds this header and hence can't always be relied on. Instead an additional boolean param should be provided with this class for users to allow skiping this check for such deployments.


<bean id="authenticationEntryPoint" class="">
    <property name="forceHttps" value="true"></property>
    <property name="useForward" value="true"></property>




Refer the config above

@rwinch rwinch self-assigned this Oct 18, 2016

rwinch pushed a commit that referenced this issue Oct 18, 2016

@rwinch rwinch added this to the 4.2.0 RC1 milestone Oct 18, 2016


This comment has been minimized.

Copy link

commented Oct 18, 2016

Thanks for the report.

To solve this you either need to configure your container for a proxy server (i.e. Tomcat's RemoteIpValve) or in Spring 4.3+ you can use ForwardedHeaderFilter.

I updated the documentation to include this information. See0c35209d77660f397e0ca3f71a7815aebd6858bc

@rwinch rwinch closed this Oct 18, 2016

@rwinch rwinch changed the title LoginUrlAuthenticationEntryPoint: Infinite loop in commence method for LB based deployment Document Proxy Server Configuration Oct 25, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.