The spring security docs state (2.3.2):
If your application supports both HTTP and HTTPS, and you require that particular URLs can only be accessed over HTTPS, then this is directly supported using the requires-channel attribute on :
<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
...
</http>
But I'm using annotations on my controllers, not intercept-url elements.
从可用的文档中可以看出, 仅使用注释可能无法强制实施通道安全性。
There are a number of examples that show how to use annotation with Spring Security
http://www.jroller.com/habuma/entry/method_level_security_in_spring
spring not enforcing method security annotations
I don't understand what you mean by forcing HTTP for non-secure pages. If it is non-secure, then it is HTTP already.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.