[英]Spring Security HTTPS intercept url access
I am having problem figuring out why no filter is applied whenever I am accessing my site in HTTPS like so: https://localhost:8443/initiator
. 我在弄清楚为什么每次在HTTPS中访问我的网站时都没有应用过滤器的问题,就像这样:
https://localhost:8443/initiator
。 Thus it is not redirected properly to the login page for unauthenticated user. 因此,它无法正确重定向到未经身份验证的用户的登录页面。 If I accessed it using
http://localhost:8080/initiator
then it is working as it should. 如果我使用
http://localhost:8080/initiator
访问它,则它应能正常工作。
I am using a very simple Spring security configuration for my web application. 我为我的Web应用程序使用了一个非常简单的Spring安全配置。 As shown below I want every links to be on SSL.
如下所示,我希望每个链接都使用SSL。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="false" >
<intercept-url pattern="/**" requires-channel="https"/>
<intercept-url pattern="/initiator*" access="ROLE_USER" />
<!-- Other configuration here like the logout, login, etc-->
</http>
</beans>
I using Spring Security version 3.1.3.RELEASE. 我使用的是Spring Security版本3.1.3.RELEASE。 Please note that everything works fine if it is http.
请注意,如果为http,则一切正常。 It no longer works if I set it to https.
如果将其设置为https,它将不再起作用。
Thank you very much. 非常感谢你。
Have you tried interchanging the rules? 您是否尝试过更改规则? Because of the precedence, i think when you go
https://localhost:8443/initiator
is being taken by the first rule. 由于优先级高,我认为您去的时候第一条规则就是
https://localhost:8443/initiator
。 I mean, try in this way: 我的意思是,以这种方式尝试:
<intercept-url pattern="/initiator*" access="ROLE_USER" />
<intercept-url pattern="/**" requires-channel="https"/>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.