Enforcing HTTPS in JHipster

This quick guide demonstrates how to enforce HTTPS on your JHipser back-end.

Modify your application properties file

In a JHipster project, this is maintained in a YAML file: src/main/resources/config/application-prod.yml

Modify your server directive with the tomcat parameters as follows:

server:
    port: 8080
    tomcat:
        remote_ip_header: x-forwarded-for
        protocol_header: x-forwarded-proto

Modify your SecurityConfiguration class

In your file src/main/java/com/my/app/config/SecurityConfiguration.java

In the class

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

You should see the member variable:

@Inject
private Environment env;

To enforce HTTPS, look for the method

@Override
protected void configure(HttpSecurity http) throws Exception {

And add the line:

// Enforce HTTPS except on dev
if (env.acceptsProfiles("!dev"))http.requiresChannel().anyRequest().requiresSecure();

Then just package and deploy as normal!