Spring Security
  1. Spring Security
  2. SEC-1642

Expand ChannelProcessingFilter to different sub-domains

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 3.1.0.M1, 3.0.4
    • Fix Version/s: 3.1.0.RC1
    • Component/s: None
    • Labels:
      None

      Description

      The ChannelProcessingFilter is great if you use the same subdomain for http and https traffic, but if you are a site like facebook (https://login.facebook.com/) where you use a different subdomain for https traffic then you can't take advantage of the filter.

      The current situation I am trying to use it in is http://www.domain.com:8080/ and https://secure.domain.com:8443/
      As you can see, the channel filter won't work because it will redirect https://secure.domain.com:8443/ to http://secure.domain.com:8080/ which is not a valid url.

      Solution:
      Have a server-name-mappings tag for mapping http subdomains to https subdomains.

      e.g.

      <http use-expressions="true">
      <port-mappings>
      <port-mapping http="8080" https="8443"/>
      </port-mappings>
      <sever-name-mappings>
      <sever-name-mapping http="www.domain.com" https="secure.domain.com"/>
      </sever-name-mappings>

        Activity

        Hide
        Luke Taylor added a comment -

        I'd prefer not to add something like this to the namespace at this point. It seems like something that would be ideally accomplished using mod_rewrite or UrlRewriteFilter to adjust the domain, rather than by further additions to Spring Security.

        It would be possible to accomodate by adding an explicit ChannelProcessingFilter with customized ChannelEntryPoint implementations. But I think something like a Url-rewriting rule would make most sense.

        Show
        Luke Taylor added a comment - I'd prefer not to add something like this to the namespace at this point. It seems like something that would be ideally accomplished using mod_rewrite or UrlRewriteFilter to adjust the domain, rather than by further additions to Spring Security. It would be possible to accomodate by adding an explicit ChannelProcessingFilter with customized ChannelEntryPoint implementations. But I think something like a Url-rewriting rule would make most sense.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Scott Murphy
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: