[英]Http and Https controllers with Spring Boot
I'm implementing login functionality in my app and I want to secure my controller which is responsible for users in the system. 我正在我的应用程序中实现登录功能,我想保护负责系统用户的控制器。 In the meantime I don't want to use https on all of the controllers. 同时,我不想在所有控制器上都使用https。 Is it possible in a way or I must either use http or https for all of controllers? 是否可以以某种方式使用,或者我必须对所有控制器使用http或https?
I don't configure Spring in java, but almost 100% sure that you can do it like that. 我没有在Java中配置Spring,但是几乎100%的人确定可以这样做。
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/secure").hasRole("USER")
.antMatchers("/supersecure").hasRole("USER")
.anyRequest().permitAll();
.and()
.requiresChannel()
.antMatchers("/supersecure").requiresSecure(); //at this part you set up https
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.