Clever Geek Handbook

How can spring use https to request automatically?

I am implementing a web application using spring 3.2.8.RELEASE and tomcat 7.0.55.

I need spring to use https for some requests like '/ login', but not all requests.

The app works on http and https fine, but I want to filter out some request to run on https automatically.

How can I configure spring to do this?

+3


source to share


3 answers


You can customize this https by adding a require-channel-attribute to each intercept url.

For example:

<security:intercept-url pattern="/your_url" access="your_role" requires-channel="https"/>

EDIT:



Mandatory spring security mappings in web.xml:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

I hope this works.

+1


source


If your application supports both HTTP and HTTPS and you need certain URLs to be accessible only over HTTPS, then this is directly supported using the require-channel attribute:



  <http>
    <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
    <intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
    ...
  </http>
+1


source


Spring uses a controller servlet for all of its internal url mapping. To avoid using this controller, change the URL mapping in the Web.xml file.

See a similar answer: Spring MVC URL Sample in web.xml?

OR have a look at the spring documentation on configuring "front controller" here: http://docs.spring.io/spring/docs/current/spring-framework-reference/html/mvc.html . It will also give you a good overview of how it works and fits together.

Good luck and let me know if you need more help!

BTW: I thought I would pick this for good measure. Here you can see that the display matches /example/...

. You can also configure this file type in your spring config file, but it all follows the same principle.

<web-app>
    <servlet>
        <servlet-name>example</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>example</servlet-name>
        <url-pattern>/example/*</url-pattern>
    </servlet-mapping>
</web-app>
0


source






More articles:


All Articles