stackoom
  简体   繁体   中英

Java web app serve both secure and insecure resource

 原文  2013-05-14 18:03:32       java/ web-applications/ ssl/ security

Question

I am writing a Java web app (spring 3.2).

Basically, I have several sites that need to access my web service. These sites are a mixture of both secured (ssl) and insecured. I have an endpoint /validate/{id} that should respond to both secured requests 

 (https://localhost:8443/ws/validate/123 and http://localhost:8080/ws/validate/123)

How do I do this? I've added 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>ws</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

to my web.xml, but that only forces ssl ( calls to 8080 get a 302 FOUND response with a Location header pointing to 8443.

How do I allow both secured and insecured requests on the same endpoint (with different ports)?

1 answers

solution1
 0 ACCPTED  2013-05-14 18:11:42

 <transport-guarantee>NONE</transport-guarantee>

似乎已经解决了问题...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring secure both web app and rest app Where to store a DataSource resource in a Java web app? Getting DataSource resource in a Java web app Java web app with an external resource directory web app java load resource from a file How to serve static content in a Java web app from internal server? How to create Insecure Java grpc cilent for secure go grpc service Insecure Object Reference in java web application Secure Java Web Services Developing a Java app that runs both on the web and as an Android app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM