stackoom
  简体   繁体   中英

Secure connection just for a form with spring security

 原文  2014-04-07 08:51:36       java/ html5/ spring/ spring-security

Question

I'm trying to make a e-commerce page and I have a login form in all pages (included in the header). What I whant is to do a secure connection between the client and the server when the user logins for the password don't be sent in plain text string. The problem here is I don't want to use https for all pages, but just for the form submission.

Because I'm using spring security I did a little bit resarch and I found the requires-channel="https" for the intercept-url, but I notice that the form sent first the login information in plain text and just then the connections is "converted" to https. One other way I found was to change the action of my form to use the https link 

<form id="login" action="https://localhost:8443/j_spring_security_check" method="POST" >

Everything was sent in a secure way (like I expected), the loadUserByUsername is called, everything worked as expected, but when the job was done, the user appears to be not authenticated. Looks like nothing happens...

Maybe I'm missing something or I'm not following the right pad... someone knows what I need to do or point me in the right direction?

Edit: I dig a little bit more about this subject and I start wondering if the best will be to secure the full website rather than the login or registration form. This will be an e-commerce website, so a few extra security is always welcome. My worries are about the bennefits/performance (pros and cons) that the https will have compared to http use (anyone knows??) !!

1 answers

solution1
 0  2014-04-29 08:59:33

After many days of researching and testing (almost a month) I arrived to conclusion that the best approach for this problem is not use a secure connection for the form but for the entire application (in my case need to be the entire because the login form is present in all app as a popup element).

For others, the reason to change was to give the customer the assurance that the data is secure and the website is trusted (the symbol in the address link)... Also, I read somewhere is good for SEO!!

I hope with this answer I could clarify someone with the same issue as mine!!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can secure tabbed form with spring security Secure REST with Spring Security Using Spring Security 3.1 to secure the same RESTful resources with both form-login and http-basic security Spring Security secure custom pages spring boot secure rest api with spring security Spring REST security - Secure different URLs differently how to secure 2 paths at same time with spring security? Can not secure AngularJS page using Spring Security Is it possible to secure an included jsp with spring-security? secure two or more /** url in spring security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM