/** * Performs the redirect (or forward) to the login form URL. */ public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { String redirectUrl = null; if (useForward) { if (forceHttps && "http".equals(request.getScheme())) { // First redirect the current request to HTTPS. // When that request is received, the forward to the login page will be // used. redirectUrl = buildHttpsRedirectUrlForRequest(request); } if (redirectUrl == null) { String loginForm = determineUrlToUseForThisRequest(request, response, authException); if (logger.isDebugEnabled()) { logger.debug("Server side forward to: " + loginForm); } RequestDispatcher dispatcher = request.getRequestDispatcher(loginForm); dispatcher.forward(request, response); return; } } else { // redirect to login page. Use https if forceHttps true redirectUrl = buildRedirectUrlToLoginPage(request, response, authException); } redirectStrategy.sendRedirect(request, response, redirectUrl); }
@Override protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { String url = super.buildRedirectUrlToLoginPage(request, response, authException); UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url); String scheme = request.getHeader(HttpHeaders.X_FORWARDED_PROTO); if (scheme != null && !scheme.isEmpty()) { builder.scheme(scheme); } String host = request.getHeader(HttpHeaders.X_FORWARDED_HOST); if (host != null && !host.isEmpty()) { if (host.contains(":")) { // Forwarded host contains both host and port String [] parts = host.split(":"); builder.host(parts[0]); builder.port(parts[1]); } else { builder.host(host); } } return builder.toUriString(); } }