Spring安全:使用注释强制https?
[英]Spring security: forcing https using annotations?
问题描述
The spring security docs state (2.3.2): 
春季安全文档声明(2.3.2):
If your application supports both HTTP and HTTPS, and you require that particular URLs can only be accessed over HTTPS, then this is directly supported using the requires-channel attribute on :
<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
...
</http>
But I'm using annotations on my controllers, not intercept-url elements. 但是我在我的控制器上使用注释,而不是拦截元素。
- Can I enforce HTTPS selectively via annotations? 我可以通过注释有选择地强制执行HTTPS吗?
- Can I force HTTP for non-secure pages? 我可以强制HTTP用于非安全页面吗?
2 个解决方案
解决方案1
3 已采纳 2011-03-16 11:26:16
从可用的文档中可以看出, 仅使用注释可能无法强制实施通道安全性。
解决方案2
1 2011-03-16 09:30:55
There are a number of examples that show how to use annotation with Spring Security 有许多示例显示如何在Spring Security中使用注释
http://www.jroller.com/habuma/entry/method_level_security_in_spring http://www.jroller.com/habuma/entry/method_level_security_in_spring
spring not enforcing method security annotations spring不强制执行方法安全注释
I don't understand what you mean by forcing HTTP for non-secure pages. 我不明白你为非安全页面强制HTTP是什么意思。 If it is non-secure, then it is HTTP already. 如果它是不安全的,那么它已经是HTTP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.