16 Channel Security - Reference Documentation
Authors: Burt Beckwith, Beverley Talbott
Version: 2.0.0
16 Channel Security
Use channel security to configure which URLs require HTTP and which require HTTPS.| Property | Default Value | Meaning |
|---|---|---|
| portMapper.httpPort | 8080 | HTTP port your application uses. |
| portMapper.httpsPort | 8443 | HTTPS port your application uses. |
| secureChannel.definition | none | Map of URL pattern to channel rule |
secureChannel.definition key, where the keys are URL patterns, and the values are one of REQUIRES_SECURE_CHANNEL, REQUIRES_INSECURE_CHANNEL, or ANY_CHANNEL:grails.plugin.springsecurity.secureChannel.definition = [ '/login/**': 'REQUIRES_SECURE_CHANNEL', '/maps/**': 'REQUIRES_INSECURE_CHANNEL', '/images/login/**': 'REQUIRES_SECURE_CHANNEL', '/images/**': 'ANY_CHANNEL' ]
/images/login/** is more specific than /images/**, so it appears first in the configuration.Header checking
The default implementation of channel security is fairly simple; if you're using HTTP but HTTPS is required, you get redirected to the corresponding SSL URL and vice versa. But when using a load balancer such as an F5 BIG-IP it's not possible to just check secure/insecure. In that case you can configure the load balancer to set a request header indicating the current state. To use this approach, set theuseHeaderCheckChannelSecurity configuration property to true and optionally change the header names or values:grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity = truegrails.plugin.springsecurity.secureChannel.secureHeaderName = '...' grails.plugin.springsecurity.secureChannel.secureHeaderValue = '...' grails.plugin.springsecurity.secureChannel.insecureHeaderName = '...' grails.plugin.springsecurity.secureChannel.insecureHeaderValue = '...'