From 665a9cd30400071ec85d04613e70a09490badf33 Mon Sep 17 00:00:00 2001
From: James Dai <james.dai.uk@googlemail.com>
Date: Tue, 4 Sep 2018 18:09:24 +0100
Subject: [PATCH] put back secured reverse proxy

---
 .../grails-app/conf/Config.groovy                | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ModelCatalogueCorePluginTestApp/grails-app/conf/Config.groovy b/ModelCatalogueCorePluginTestApp/grails-app/conf/Config.groovy
index 0087f526be..57ec834de8 100644
--- a/ModelCatalogueCorePluginTestApp/grails-app/conf/Config.groovy
+++ b/ModelCatalogueCorePluginTestApp/grails-app/conf/Config.groovy
@@ -350,6 +350,22 @@ environments {
             }
         }
 
+        if (System.getenv('MC_SECURED_REVERSE_PROXY')) {
+            // Setting of https behind load balancer (or proxy server) needs to set http header 'X-Forwarded-Proto' in order
+            // to decide if http or https should be used. Environment without load balancer is not affected.
+            grails.plugin.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
+            grails.plugin.springsecurity.portMapper.httpPort = 80
+            grails.plugin.springsecurity.portMapper.httpsPort = 443
+            grails.plugin.springsecurity.secureChannel.secureHeaderName = 'X-Forwarded-Proto'
+            grails.plugin.springsecurity.secureChannel.secureHeaderValue = 'http'
+            grails.plugin.springsecurity.secureChannel.insecureHeaderName = 'X-Forwarded-Proto'
+            grails.plugin.springsecurity.secureChannel.insecureHeaderValue = 'https'
+            grails.plugin.springsecurity.secureChannel.definition = [
+                '/**': 'REQUIRES_SECURE_CHANNEL'
+            ]
+        }
+
+
     }
 }