[英]Spring security: forcing https using annotations?
The spring security docs state (2.3.2): 春季安全文档声明(2.3.2):
If your application supports both HTTP and HTTPS, and you require that particular URLs can only be accessed over HTTPS, then this is directly supported using the requires-channel attribute on :
如果您的应用程序同时支持HTTP和HTTPS,并且您要求只能通过HTTPS访问特定URL,则可以使用requires-channel属性直接支持:
<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
...
</http>
But I'm using annotations on my controllers, not intercept-url elements. 但是我在我的控制器上使用注释,而不是拦截元素。
从可用的文档中可以看出, 仅使用注释可能无法强制实施通道安全性。
There are a number of examples that show how to use annotation with Spring Security 有许多示例显示如何在Spring Security中使用注释
http://www.jroller.com/habuma/entry/method_level_security_in_spring http://www.jroller.com/habuma/entry/method_level_security_in_spring
spring not enforcing method security annotations spring不强制执行方法安全注释
I don't understand what you mean by forcing HTTP for non-secure pages. 我不明白你为非安全页面强制HTTP是什么意思。 If it is non-secure, then it is HTTP already.
如果它是不安全的,那么它已经是HTTP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.