Https Spring引导安全登录
我的增强型宠物诊所应用程序需要安全性 我想要以下内容:Https Spring引导安全登录,https,spring-security,spring-boot,Https,Spring Security,Spring Boot,我的增强型宠物诊所应用程序需要安全性 我想要以下内容: 登录表单-工作 HTTPS-工作 HTTP请求重定向到HTTPS-不确定如何执行此操作 HTTP静态资源-不确定这是否真的必要 欢迎提供任何建议 我的申请可以在以下网址找到 以下是我的WebSecurityConfigureAdapter子类中的代码: private static final String[] UNSECURED_RESOURCE_LIST = new String[] {"/", "/resources/**
- 登录表单-工作
- HTTPS-工作
- HTTP请求重定向到HTTPS-不确定如何执行此操作
- HTTP静态资源-不确定这是否真的必要
private static final String[] UNSECURED_RESOURCE_LIST =
new String[] {"/", "/resources/**", "/assets/**", "/css/**", "/webjars/**",
"/images/**", "/dandelion-assets/**", "/unauthorized", "/error*"};
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(UNSECURED_RESOURCE_LIST);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers(UNSECURED_RESOURCE_LIST)
.permitAll()
.antMatchers("/owners/**", "/vets/**", "/vets*").hasRole("USER")
.antMatchers("/manage/**").hasRole("ADMIN")
.anyRequest()
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.requiresChannel()
.antMatchers("/login", "/owners/**", "/vets/**", "/vets*", "/manage/**")
.requiresSecure()
.and()
.exceptionHandling()
.accessDeniedPage("/router?q=unauthorized")
.and()
.sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.expiredUrl("/login?expired")
;
//@formatter:on
}
谢谢 用于“HTTP请求重定向到HTTPS-不确定如何执行此操作”
我们需要将TomcateMbeddedServletContainerFactorybean添加到@Configuration类中
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
有关更多信息,请参阅arnaldo,除此之外无法联系到您--下载您的优秀宠物诊所,如果您感兴趣,您会有一些建议/潜在的bug。当然,听起来不错。arnaldopiccinelli在Gmail。其他人拉了这个项目,我也需要看一看错误。