Spring HTTPS is switching to HTTP: I want to use either HTTPS or HTTP for the site depending on the user

I am using Spring 3, Java and Tomcat. We are using a load balancer that allows for HTTPS or HTTP requests. The problem is that the HTTPS requests are being converted to HTTP as soon as the login page is submitted.

The lock never displays in the browser bottom bar. I need the entire site to use either HTTPS or HTTP depending on the original request.

I have tried setting ch开发者_开发技巧annel security in security-config.xml like this:

intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"

but no luck. If I set requires-channel="https" then I have to use HTTPS for the entire site but I want to let the user decide.

Thanks for any help. I have searched for days but can't find a solution.

This is what I did although I was trying to force https all the time:

1. Create a custom header that the load balancer will append to the request denoting that it came through as https.
2. Write a servlet wrapper to override the isSecure() method looking for the https port as usual but also having the option to look for the header added by the load balancer.
3. Apply the wrapper with a filter in your filter chain .

This way the request is seen as secure and the redirect to http is not sent.