Spring Boot的Http和Https控制器

Question

I'm implementing login functionality in my app and I want to secure my controller which is responsible for users in the system. In the meantime I don't want to use https on all of the controllers. Is it possible in a way or I must either use http or https for all of controllers?

Answer 1

I don't configure Spring in java, but almost 100% sure that you can do it like that.

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .authorizeRequests()
          .antMatchers("/secure").hasRole("USER")
          .antMatchers("/supersecure").hasRole("USER")
          .anyRequest().permitAll();
          .and()
          .requiresChannel()
          .antMatchers("/supersecure").requiresSecure(); //at this part you set up https
    }
}