https只在谷歌应用程序引擎 [英] https only in google app engine

问题描述

我现在在Google应用引擎项目上。在我的应用程序中，我只需要允许https协议。我必须限制其他协议。它应该只允许https。我在web.xml中添加了下面的代码。

 < security-constraint> 
< web-resource-collection> 
< web-resource-name>受保护区域< / web-resource-name> 
< url-pattern> / *< / url-pattern> 
< / web-resource-collection> 
< user-data-constraint> 
< transport-guarantee> CONFIDENTIAL< / transport-guarantee> 
< / user-data-constraint> 
< / security-constraint> 
  

但是在部署后它可以在协议（http和https）上运行。如何限制http？

解决方案

可以将单个处理程序配置为在所需的WEB-INF文件夹中的app.yaml文件中要求HTTPS此处：使用app.yaml进行Java应用程序配置 - Google App Engine < a>。

您必须将这两个单词添加到 app.yaml 文件中适当的 url 条目：

secure：始终

<例如：

   -  url：。* 
 script：main.app 
 secure：always 
  

然后，如果用户尝试使用HTTP访问URL，则会自动重定向到HTTPS。很酷。

I am on a google app engine project now. In my application I have to allow only https protocol. And I have to restrict other protocols. It should allow https only. I have added the below code in web.xml.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

But after deploying it works on both the protocols(http and https). How to restrict http?

解决方案

It is possible to configure the individual handlers to require HTTPS in the app.yaml file in the WEB-INF folder as described here: Java Application Configuration Using app.yaml - Google App Engine.

You just have to add these two words to your app.yaml file under the appropriate url entry:
secure: always

For example:

- url: .*
  script: main.app
  secure: always

Then if a user tries to access the URL with HTTP she will be automatically redirected to HTTPS. Pretty cool.

这篇关于https只在谷歌应用程序引擎的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！