I am having problem figuring out why no filter is applied whenever I am accessing my site in HTTPS like so: https://localhost:8443/initiator
. Thus it is not redirected properly to the login page for unauthenticated user. If I accessed it using http://localhost:8080/initiator
then it is working as it should.
I am using a very simple Spring security configuration for my web application. As shown below I want every links to be on SSL.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="false" >
<intercept-url pattern="/**" requires-channel="https"/>
<intercept-url pattern="/initiator*" access="ROLE_USER" />
<!-- Other configuration here like the logout, login, etc-->
</http>
</beans>
I using Spring Security version 3.1.3.RELEASE. Please note that everything works fine if it is http. It no longer works if I set it to https.
Thank you very much.
Have you tried interchanging the rules? Because of the precedence, i think when you go https://localhost:8443/initiator
is being taken by the first rule. I mean, try in this way:
<intercept-url pattern="/initiator*" access="ROLE_USER" />
<intercept-url pattern="/**" requires-channel="https"/>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.