在spring security 3.2中发出每个请求https
我正在使用SpringSecurity3.2,使用名称空间配置,我希望所有调用都是https。我知道这会使性能降低约1/10,但我仍然希望实现它。我知道您/可能会从tomcat本身实现这一点,但我想在security.xml中配置它,您可以通过在每个拦截url上添加https来配置https。例如:在spring security 3.2中发出每个请求https,https,spring-security,Https,Spring Security,我正在使用SpringSecurity3.2,使用名称空间配置,我希望所有调用都是https。我知道这会使性能降低约1/10,但我仍然希望实现它。我知道您/可能会从tomcat本身实现这一点,但我想在security.xml中配置它,您可以通过在每个拦截url上添加https来配置https。例如: <http> <intercept-url pattern="/secure/**" access="ROLE_ADMIN" requires-channel="https"/
<http>
<intercept-url pattern="/secure/**" access="ROLE_ADMIN" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="https"/>
</http>
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/secure/**").hasRole("ADMIN")
.anyRequest.hasRole("USER")
.and()
.requiresChannel()
.anyRequest().requiresSecure();
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
<headers>
<hsts/>
</headers>
<http>
<intercept-url pattern="/secure/**" access="ROLE_ADMIN" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="https"/>
</http>
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/secure/**").hasRole("ADMIN")
.anyRequest.hasRole("USER")
.and()
.requiresChannel()
.anyRequest().requiresSecure();
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
<headers>
<hsts/>
</headers>
您将想在中了解更多信息。Rob,我们可以更新Spring安全文档吗,上面写着<代码>.channelSecurity().anyRequest().requirescure()