Spring security 在spring应用程序上登录时使用https

Spring security 在spring应用程序上登录时使用https,spring-security,Spring Security,我正在尝试仅在登录时使用https 问题是,当应用程序尝试从https切换到http时,我最终被重定向到登录表单(就像会话被破坏一样)。 当我在注销后使用session fixture protection=“none”时,当我单击login时,它会在登录页面上重定向它,然后再次单击它会登录 注销后的另一个问题单击后退按钮,它再次登录,这是错误的 以下是我正在使用的配置: <security:http auto-config="false" entry-point-ref="authen

我正在尝试仅在登录时使用https

问题是,当应用程序尝试从https切换到http时,我最终被重定向到登录表单(就像会话被破坏一样)。 当我在注销后使用session fixture protection=“none”时,当我单击login时,它会在登录页面上重定向它,然后再次单击它会登录

注销后的另一个问题单击后退按钮,它再次登录,这是错误的

以下是我正在使用的配置:

<security:http  auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" session-fixation-protection="none">
    <security:intercept-url pattern="/login.do*" access="ROLE_ANONYMOUS,ROLE_ADMIN_RESEARCHER,ROLE_ADMIN_SUPERVISOR,ROLE_ADMIN_ADMINISTRATOR" requires-channel="https"/>
    <security:intercept-url pattern="/j_spring_security*" access="ROLE_ANONYMOUS,ROLE_ADMIN_RESEARCHER,ROLE_ADMIN_SUPERVISOR,ROLE_ADMIN_ADMINISTRATOR" requires-channel="https"/>
    <security:intercept-url pattern="/assets/**" filters="none"/>
    <security:intercept-url pattern="/change_password.do/*" filters="none"/>
    <security:intercept-url pattern="/forgot_password.do*" filters="none"/>
    <security:intercept-url pattern="/upload_tracking.do**" access="ROLE_ADMIN_SUPERVISOR"/>
    <security:intercept-url pattern="/company_alias.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/contacts.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/technology.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/technologyProduct.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/technologyKeyword.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/services.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/services.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/subscriptions.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/reports.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>      
    <security:intercept-url pattern="/goCsvUpload" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/admin_user.do*" access="ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>
    <security:intercept-url pattern="/**" access="ROLE_ADMIN_RESEARCHER,ROLE_ADMIN_SUPERVISOR,ROLE_ADMIN_ADMINISTRATOR" requires-channel="http"/>

    <security:form-login login-page="/login.do" default-target-url="/home.do"
                         login-processing-url="/j_spring_security_check.do"
                         always-use-default-target="false"
                         authentication-failure-url="/login.do?login_error=1"/>
    <security:anonymous/>

    <!-- remember-me default is two weeks, alter attribute token-validity-seconds if needed -->
    <security:remember-me/>
    <security:logout logout-url="/logout.do" logout-success-url="/login.do?logout=ok"/>

</security:http>


<security:authentication-provider user-service-ref="userDetailsService">
    <security:password-encoder ref="passwordEncoder">
        <!-- Very important! id is used as salt also by the registration process -->
        <!-- Cannot use username because it might contain braces, forbidden by the std salt generator -->
        <security:salt-source user-property="id"/>
    </security:password-encoder>
</security:authentication-provider>

<bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/>

<bean id="passwordGenerator" class="com.salebuild.util.PasswordGenerator"/>

<context:component-scan base-package="com.salebuild.security">
    <context:include-filter type="annotation"
                            expression="org.springframework.stereotype.Service"/>
</context:component-scan>

<security:global-method-security secured-annotations="enabled"/>

<bean class="java.lang.Boolean" id="customerAuthentication">
    <constructor-arg value="false"/>
</bean>

<tx:annotation-driven/>


我找到了一个解决方案。。