Force SSL Plugin

  • Tags: security, ssl
  • Latest: 1.0.0
  • Last Updated: 09 May 2014
  • Grails version: 2.0 > *
1 vote
Dependency:
compile ":force-ssl:1.0.0"

 Documentation  Source  Issues

Summary

Creates a simple annotation to mark controller/actions as SSL restricted and performs the appropriate redirect.

Installation

plugins {
  compile ':force-ssl:1.0.0'
}

Description

The Grails Force SSL Plugin provides an annotation for controllers to force ssl url endpoints. For example, you may want to restrict a shopping cart page or login page to SSL.

Configuration

By default, the SSL plugin is enabled for all environments, with the exception of Development. This can be overridden by adjusting your Config.groovy

grails.plugin.forceSSL.enabled = false

The enabled flag can also be defined as a closure which will get passed the request attribute. This allows for evaluation on a per requeset level as to wether or not SSL should be enforced. Can be rather useful for disabling forced SSL for certain URL endpoints (for example server endpoints not behind a load balancer).

grails.plugin.forceSSL.enabled = { request ->
  if(request.serverName == 'app1.bertramlabs.com') {
    return false
  }
  return true
}

Usage

Simply import the @SSLRequired annotation and apply at the controller level or at the annotation level.

import com.bertramlabs.plugins.SSLRequired

@SSLRequired //Will encrypt entire controller class SessionController { @SSLRequired //Or here for action level def signin() { //Signin Code Here } }

NOTE: Now the force-ssl plugin retains the values in your flashScope through the ssl redirect.