Acegi, Grails, JBoss, SSL going back and forth from http<>https

Question

I have installed SSL on my server. My question is how can i forcehttps only on selected controllers/pages via the acegi plugin.

Acegi plugin supports a property forcehttps, which when set to true makes all the pages secured once the user logs in. I want to change this behaviour where once the users log off, they should be redirected to the unsecure page. So in essence http>https>http.

Thanks, WB

Answer 1

forceHttps only forces the login page to use SSL. After that the links are relative, so the user will continue to use SSL but it's not required.

If you want fine-grained control over which URLs use SSL and which don't, see the 'Channel security' section of http://www.grails.org/AcegiSecurity+Plugin+-+Customizing+with+SecurityConfig