The problem is need to modify http to https as well as add www to domain name if not exists. To do so have to modify in our Grails Filters.
For Grails applications, a filter can be used to improved security by redirecting traffic from regular HTTP to encrypted HTTPS. The convention is that filters are written in Groovy using filenames ending in Filters, and the files go into the grails-app/conf folder. Redirecting from HTTP to HTTPS provides a better user experience than simply blocking HTTP requests, as redirecting seamlessly forwards users to the web pages they expect to see. |
The example below shows the redirect code |
package com.pkm import grails.util.Environment import javax.servlet.http.HttpServletRequest class SecurityFilters { String getDomainName(HttpServletRequest request) { return request.getRequestURL().substring(0, request.getRequestURL().indexOf("/", 8)) + request.contextPath } String getFullRequestURI(HttpServletRequest request) { String query = request.getQueryString() String request_uri = request.getAttribute("javax.servlet.forward.request_uri") if (request_uri == null) { return request.getRequestURL().toString().substring(0, request.getRequestURL().toString().length() - 1) + (query ? "?$query".toString() : "") } return request.getRequestURL().substring(0,request.getRequestURL().indexOf("/", 8)) + request_uri + (query ? "?$query".toString() : "") } def filters = { filter1(uri: "/**") { before = { Boolean isSecure = request.isSecure(), doRedirect = false String domain = getDomainName(request) String url = getFullRequestURI(request) println("SECURE=${isSecure.toString().capitalize()}" + "\n\t >DOMAIN=${domain}" + "\n\t\t>URL=${url}") /*if (!request.getServerName().toLowerCase().startsWith("www")) { doRedirect = true url = url.substring(0, url.indexOf("//")) + "//www." + url.substring(url.indexOf("//") + 2) }*/ if (!request.isSecure() && !Environment.isDevelopmentMode()) { doRedirect = true url = "https://" + url.substring(url.indexOf("//") + 2) } if (!url.toLowerCase().endsWith("redirected=true-2")) { doRedirect = true url = url + (url.contains("?") ? "&redirected=true-2" : "?redirected=true-2") } if (doRedirect && request.isGet()) { response.setStatus(302) response.setHeader("Location", url) response.flushBuffer() return false } } after = { Map model -> } afterView = { Exception e -> } } } } |
If your server listens for https requests (or any requests on ports other than 80), you can add checks using the same format, replacing http and port 80 with the appropriate values. You can also redirect from any subdomain you want to the root site (or another subdomain), by simply swapping www with your subdomain. |
And output would be like below. First request forwarded to second URL with additional parameters. |
SECURE=False >DOMAIN=http://localhost:3346/CONTEXT_PATH >URL=http://localhost:3346/CONTEXT_PATH/home/index SECURE=False >DOMAIN=http://localhost:3346/CONTEXT_PATH >URL=http://localhost:3346/CONTEXT_PATH/home/index?redirected=true-2 |
Pages
▼
Chrome and Firefox have started showing insecure warnings on sites without SSL certificates. Without SSL, your website will show insecure to the visitors. Therefore, using an SSL-encrypted connection for safety, accessibility or PCI compliance reasons is necessary. It becomes very important to redirect from HTTP to HTTPS.
ReplyDeletefor more information click here: HOW TO REDIRECT HTTP TO HTTPS