Grails spring security redirects to wrong port

Question

In my Grails app (2.3.11), my login page sends an Ajax request to:

https://myurl/my-app/j_spring_security_check

but spring-security redirects to:

https://myurl:80/my-app/login/ajaxSuccess

This results in a timeout error (because port 80 is added on the URL). This problem only occurs when my client accesses the application through their traffic manager(Big-IP); if they access the application directly through server IP, it works correctly.

Is there any configuration I can do in Grails to fix this problem? I'm not sure if this problem is related to the application or Big-IP.

These are my configs (Config.groovy) related to spring-security plugin:

grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/login/authSucccessExtJs'
grails.plugins.springsecurity.successHandler.alwaysUseDefault = true
grails.plugins.springsecurity.failureHandler.defaultFailureUrl = '/login/authFailExtJs?login_error=1'
grails.plugins.springsecurity.password.algorithm = 'MD5'

Answer 1

The problem is your application is receiving http traffic because you are offloading ssl at the BIG-IP, so it returns http links to your client. There are a few potential solutions.

1. Configure grails to set all URLs to https, even though requests are http
2. Insert the header X-Forwarded-Proto: https (if grails honors this) at the BIG-IP via a local traffic policy or an iRule (you can test this from curl by inserting the header there to see if that helps)
3. Rewrite https to http URLs on BIG-IP in response traffic via a stream profile or an iRule. This can be very problematic with AJAX but otherwise will work, however, option 1 or 2 would be far more efficient and less maintenance.