Java Spring安全-启用HTTPS时登录不起作用
新手到Spring security。我已经完成了一些教程并实现了Spring安全性。我有几个网页,我通过登录安全 这是我的spring security.xml文件Java Spring安全-启用HTTPS时登录不起作用,java,spring-mvc,ssl,spring-security,Java,Spring Mvc,Ssl,Spring Security,新手到Spring security。我已经完成了一些教程并实现了Spring安全性。我有几个网页,我通过登录安全 这是我的spring security.xml文件 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" x
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/person*/*"
access="hasRole('ROLE_ADMIN')" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="password"
authorities="ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
控制器
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public ModelAndView logoutPage(HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return new ModelAndView("redirect:/");
}
很好用。除了几件事当我尝试转到/person/add
时,它直接转到页面,而不是询问身份验证。为什么?如何解决?我是否需要在截取URL中提及所有URL(如果我有许多URL怎么办?)
最主要的是,我正在尝试为我的应用程序配置SSL
我安装了
persons
URL时,它显示页面而不要求验证。为什么?
我尝试添加access=hasRole('ROLE\u USER')
,然后当我提供正确的凭据时,tomcat显示访问被拒绝
如何解决?我想为所有URL启用SSL
我正在使用Spring 4.2.2.RELEASE和Spring Security 4.0.2.RELEASE首先,尝试重写您的
安全性:拦截url
,如下所示:
<security:intercept-url pattern="/person*" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/person/**" access="hasRole('ROLE_ADMIN')"
是的,我试过了,现在正在工作。还有SSL。只要在Web.xml中就可以了。或者对于每个截取url,我们需要提到requires频道
<security:intercept-url pattern="/person*" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/person/**" access="hasRole('ROLE_ADMIN')"