Configuring a spring application to use https behind an ELB

I have a couple of sites that run on AWS and take advantage of Elastic Load Balancers to handle proxying to servers in a private VPC as well handling https security. While CloudFront distributions can be configured to upgrade requests to https if they come in as HTTP, I haven’t found a way to configure ELB connections to do the same. What I wanted is for the ELB to listen on both port 80 and 443 and if a connection comes in on 80, then to redirect to the same request on 443. This way if a user just enters the URL into their browser, they’ll automatically be upgraded to https even if they didn’t remember to specify it.

It’s fairly simple to accomplish this with an Interceptor. Create a class that will handle the redirects.


public class SecurityInterceptor extends HandlerInterceptorAdapter {
  private static Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    String proto = request.getHeader("X-Forwarded-Proto");
    if (!Strings.isNullOrEmpty(proto)) {
      logger.debug("Found proto: {}", proto);
      if ("http".equalsIgnoreCase(proto)) {
        StringBuffer redirectString = createRedirect(request);
        logger.debug("Redirecting to {}", redirectString);
        return false;
    logger.debug("No proto header found");
    return true;
  private StringBuffer createRedirect(HttpServletRequest request) throws IOException {
    StringBuffer result = request.getRequestURL();
    result.insert(4, "s");
    String queryString = request.getQueryString();
    if (!Strings.isNullOrEmpty(queryString)) {
    return result;

Since encryption is handled by the ELB and all traffic arrives at the server as HTTP we have to rely on the x-forwarded headers to know if we should redirect the request back to a secure page.

Then I have a config class to load the Interceptor.

public class WebMVCConfig extends WebMvcConfigurerAdapter {
  private SecurityInterceptor securityInterceptor;

  public void addInterceptors(InterceptorRegistry registry) {

This Interceptor is specific to the x-forwarded headers that ELBs will send to the backend instance.


Trying out AWS Workspaces

I’ve wanted to get my hands on a Linux laptop again. I used to work on one all the time, but most of my work these days is on a MacBook Pro. I’ve got a great Thinkpad sitting at home, but it’s running win7 because there are a couple of applications that I need that require windows.

Over the holiday break, I started playing with AWS Workspaces. For $35 / month I can have a win7 VDI setup.  Along with workspaces, I’ve started testing Zocolo, Amazon’s file syncing solution.

So far, I’m incredibly pleased with the solution. Once I’ve got everything up and running in the workspace, I’ll be able to reinstall Linux on the Thinkpad and have the best of both worlds.