tags:

views:

83

answers:

1
+2  Q: 

Spring MVC "redirect:" prefix always redirects to http -- how do I make it stay on https?

I solved this myself, but I spent so long discovering such a simple solution, I figured it deserved to be documented here.

I have a typical Spring 3 MVC setup with an InternalResourceViewResolver:

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
  <property name="prefix" value="/" />
  <property name="suffix" value=".jsp" />
</bean>

I have a pretty simple handler method in my controller, but I've simplified it even more for this example:

@RequestMapping("/groups")
public String selectGroup() {
    return "redirect:/";
}

The problem is, if I browse to https://my.domain.com/groups, I end up at http://my.domain.com/ after the redirect. (In actuality my load-balancer redirects all http requests to https, but this just causes multiple browser alerts of the type "You are leaving/entering a secure connection" for folks who have such alerts turned on.)

So the question is: how does one get spring to redirect to https when that's what the original request used?

+3  A: 

The short answer is, set the InternalResourceViewResolver's redirectHttp10Compatible property to false:

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
  <property name="prefix" value="/" />
  <property name="suffix" value=".jsp" />
  <property name="redirectHttp10Compatible" value="false" />
</bean>

You could do this on a per-request basis instead, by having your handler method return View instead of String, and creating the RedirectView yourself, and calling setHttp10Compatible(false).

(It turns out the culprit is HttpServletResponse.sendRedirect, which the RedirectView uses for HTTP 1.0 compatible redirects, but not otherwise. I guess this means it's dependent on your servlet container's implementation (?); I observed the problem in both Tomcat and Jetty.)

super_aardvark  2010-08-03 22:11:06

related questions

Java Frameworks War: Spring and Hibernate
Does having many unused beans in a Spring Bean Context waste significant resources?
Internationalization sitemesh
What are the best books for Spring and Spring MVC?
Can I compose a Spring Configuration File from smaller ones?
How do you maintain java webapps in different staging environments?
Best resources to prepare for the "Spring Framework Certification"
What is the best documentation for snapshots and flow repositories in Spring Web Flow?
How do you authenticate against an Active Directory server using Spring Security?
Where can I find a good introductory tutorial for Spring?
JPA Multiple Transaction Managers
Map of Enums and dependency injection in Spring 2.5
Should I use EJB3 or Spring for my business layer?
How do I register a custom type converter in Spring?
Accessing a bean with a dot(.) in its ID
How do I create a spring bean for a Java double primitive?
Validation framework for business app built on Spring 2.5
Some Tomcat webapps not opening
How do I return a 403 Forbidden in Spring MVC?
Aspectj doesn't catch all events in spring framework?
How do you use WebServiceMessageDrivenBean in Spring-WS?
Template Engines for Spring Framework
What's the best way to get started with OSGI?
What OSS project should I look at if I need to do Spring friendly WorkFlow?
What's your "best practice" for the first Java EE Spring project?