有什么办法可以在spring-security中为某些页面强制使用https吗? [英] Is there any way to force https for some pages in spring-security?

问题描述

目前我使用的是没有 apache 的 tomcat 6 和 spring-security 3.0.3.RELEASE.

currently I'm using tomcat 6 and spring-security 3.0.3.RELEASE without apache.

我可以为登录页面强制使用 https，而且效果很好.

I can force https for login page and it works just fine.

下一个配置用于防止http访问某些页面.

Next configuration is used to prevent accessing to some pages by http.

<http use-expressions="true">
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/login" access="permitAll" requires-channel="https" />
    <intercept-url pattern="/spring_security_login" access="permitAll" requires-channel="https" />
    <intercept-url pattern="/users/new" access="permitAll" requires-channel="https" />
    <intercept-url pattern="/users/authorize/*" access="isAuthenticated()" />


    <!--<form-login /> -->
    <form-login  login-page="/login" />
    <logout />
    <remember-me />

    <!--
        Uncomment to enable X509 client authentication support <x509 />
    -->
    <!-- Uncomment to limit the number of sessions a user can have -->
    <session-management>
        <concurrency-control max-sessions="10000"
            error-if-maximum-exceeded="true" />
    </session-management>

</http>

但是如果我尝试通过非 https 链接访问例如 /buyers/newhttp://localhost:8085/path/buyers/new 我得到下一个错误:

But if I try to access to, for example, /buyers/new by non https link http://localhost:8085/path/buyers/new I get next error:

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

Cookie 是允许的，所以我认为这不是问题.当我尝试访问上述链接时，我在 Chrome 中遇到了类似的错误.

Cookies are allowed so I think that this is not problem. Similar error I got in Chrome when I tried to access above link.

在我的配置中，8085 端口是非 ssl 端口.SSL 在端口 8443 上配置并且工作正常.

In my configuration port 8085 is non ssl port. SSL is configured on port 8443 and it works fine.

我希望对某些页面的所有访问尝试都重定向到 https.

I want that all access attempts to some pages are redirected to https.

任何建议将不胜感激.

最好的问候，蒂霍

推荐答案

添加port-mappings 部分到您的 http 配置:

Add a port-mappings section to your http configuration:

<http use-expressions="true">
 ...
    <port-mappings>
        <port-mapping http="8085" https="8443"/>
    </port-mappings>
</http>

这篇关于有什么办法可以在spring-security中为某些页面强制使用https吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！