How can I use port number in securing web request
Question
I have some web application that uses Spring-security and deployed in Tomcat7. In tomcat there are two connectors (8080, 8081). I want to share part of my application and give access to requests like ${ip}:8080/${servercontext}/resource and secure the rest of application by this port, ie deny requests like ${ip}:8080/${servercontext}/otherresource. But requests like ${ip}:8081/${servercontext}/otherresource must be accessible (8081 port).
How can I do it ?
1 answers
solution1
1 2014-12-22 08:37:26
According to Spring security documentation , you can use the requires-channel attribute in the intercept-url tag :
<http>
<intercept-url pattern="/resource/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="otherresource" access="ROLE_USER" requires-channel="any"/>
...
</http>
You can also note that there is an other way of doing it (non spring-specific), in your web.xml add the following code :
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly Resources</web-resource-name>
<url-pattern>/resources*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This will automatically redirect the user to HTTPS (you need to configure your server to support HTTPS, but it seems you already did it)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.