stackoom
  简体   繁体   中英

Spring security: forcing https using annotations?

 原文  2011-03-16 06:40:20       java/ spring-security

Question

The spring security docs state (2.3.2):

If your application supports both HTTP and HTTPS, and you require that particular URLs can only be accessed over HTTPS, then this is directly supported using the requires-channel attribute on : 

  <http>
    <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
    <intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
    ...
  </http>

But I'm using annotations on my controllers, not intercept-url elements.

  • Can I enforce HTTPS selectively via annotations?
  • Can I force HTTP for non-secure pages?

2 answers

solution1
 3 ACCPTED  2011-03-16 11:26:16

从可用的文档中可以看出, 使用注释可能无法强制实施通道安全性。

solution2
 1  2011-03-16 09:30:55

There are a number of examples that show how to use annotation with Spring Security

http://www.jroller.com/habuma/entry/method_level_security_in_spring

spring not enforcing method security annotations

I don't understand what you mean by forcing HTTP for non-secure pages. If it is non-secure, then it is HTTP already.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add channel security as https in spring security using “annotations”? Forcing Https connection during the spring security login success Ordering of Spring Security annotations How do I configure Spring security to work on Virgo - using annotations? spring not enforcing method security annotations ignored Security annotations in spring mvc Spring security https authentication How to redirect HTTP requests to HTTPS using Spring Security Java configuration? AOP with Spring 3 using Annotations Using Mockito annotations with spring
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM