Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement, Jakarta EE] Login flow redirects go to http instead of https, leading to multiple redirects #1762

Closed
2 tasks done
lprimak opened this issue Sep 20, 2024 · 0 comments · Fixed by #1727
Closed
2 tasks done

[Enhancement, Jakarta EE] Login flow redirects go to http instead of https, leading to multiple redirects #1762

lprimak opened this issue Sep 20, 2024 · 0 comments · Fixed by #1727
Assignees
@lprimak
Milestone
2.0.2

Comments

@lprimak
Copy link
Contributor

lprimak commented Sep 20, 2024

Search before asking

  • I had searched in the issues and found no similar issues.

Enhancement Request

When the app is behind a SSL-terminating proxy, Shiro will redirect to the default screen, or login screen, via non-SSL URL. This is because servlet "thinks" that the connection is non-SSL.
However, since X-Forwarding-Proto is present, it should redirect to SSL.
This is not a huge deal since the proxy will redirect back to SSL, however, it leads to 2+ additional redirect per login request, which should be avoided as optimization.

Describe the solution you'd like

Override sendRedirect() and append https:// prefix if it's detected that https protocol is used by the proxy

Are you willing to submit PR?

  • Yes I am willing to submit a PR!
@lprimak lprimak added this to the 2.0.2 milestone Sep 20, 2024
@lprimak lprimak self-assigned this Sep 20, 2024
@lprimak lprimak mentioned this issue Sep 20, 2024
Merged
10 tasks
lprimak added a commit that referenced this issue Sep 20, 2024
@lprimak
Merge pull request #1727 from lprimak/redirect-follows-https
428b59e 
[#1762] enh: follow desired request scheme when doing redirection
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lprimak lprimak

Labels
None yet
Projects
None yet
Milestone
2.0.2
Development

Successfully merging a pull request may close this issue.

[#1762] enh: follow desired request scheme when doing redirection lprimak/shiro
1 participant
@lprimak