Hello,

How can I disable HTTP transport of my Spring application deployed to Pivotal Web Services?

I would like my application be available only through HTTPS transport.

When I run my application in "local mode' (e.g. in Tomcat servlet container) disabling HTTP transport is simple. It is sufficient to disable HTTP listener and enable HTTPS listener.

How can I achieve similar effect in Cloud Foundry PWS?

I have skimmed the following security description but found none:
https://docs.cloudfoundry.org/concepts/security.html

I would be grateful for pointing me to relevant documentation.

Best regards,
Krzysztof

See this link.

http://support.run.pivotal.io/entries/82035305-How-do-I-force-my-users-to-use-HTTPS-

Dan


On Sun, Oct 25, 2015 at 5:01 PM, Krzysztof Wilk <chris.m.wilk(a)gmail.com>
wrote:

Hello,

How can I disable HTTP transport of my Spring application deployed to
Pivotal Web Services?

I would like my application be available only through HTTPS transport.

When I run my application in "local mode' (e.g. in Tomcat servlet
container) disabling HTTP transport is simple. It is sufficient to disable
HTTP listener and enable HTTPS listener.

How can I achieve similar effect in Cloud Foundry PWS?

I have skimmed the following security description but found none:
https://docs.cloudfoundry.org/concepts/security.html

I would be grateful for pointing me to relevant documentation.

Best regards,
Krzysztof

You have an example here with node:

https://github.com/jabrena/CloudFoundryLab/blob/master/Node_HelloWorld_ssl2/index.js

var ssl = false;
if(req.headers['x-forwarded-proto'] === "https"){
ssl = true;
}

Juan Antonio

Thanks for authoritive answer. My application is a Java (Spring Framework) one hence the solution with Spring Security is just fine for me.