Skip to content

[Enhancement, Jakarta EE] Login flow redirects go to http instead of https, leading to multiple redirects #1762

New issue
New issue
Closed
#1727
Closed
[Enhancement, Jakarta EE] Login flow redirects go to http instead of https, leading to multiple redirects#1762
#1727
Assignees
lprimak
Milestone
2.0.2
@lprimak

Description

@lprimak
lprimak
opened on Sep 20, 2024

Search before asking

  • I had searched in the issues and found no similar issues.

Enhancement Request

When the app is behind a SSL-terminating proxy, Shiro will redirect to the default screen, or login screen, via non-SSL URL. This is because servlet "thinks" that the connection is non-SSL.
However, since X-Forwarding-Proto is present, it should redirect to SSL.
This is not a huge deal since the proxy will redirect back to SSL, however, it leads to 2+ additional redirect per login request, which should be avoided as optimization.

Describe the solution you'd like

Override sendRedirect() and append https:// prefix if it's detected that https protocol is used by the proxy

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions