Is there any way to force https for some pages in spring-security?
currently I'm using tomcat 6 and spring-security 3.0.3.RELEASE without apache.
I can force https for login page and it works just fine.
Next configuration is used to prevent accessing to some pages by http.
<http use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" requires-channel="https" />
<intercept-url pattern="/spring_security_login" access="permitAll" requires-channel="https" />
<intercept-url pattern="/users/new" access="permitAll" requires-channel="https" />
<intercept-url pattern="/users/authorize/*" access="isAuthenticated()" />
<!--<form-login /> -->
<form-login login-page="/login" />
<logout />
<remember-me />
<!--
Uncomment to enable X509 client authentication support <x509 />
-->
<!-- Uncomment to limit the number of sessions a user can have -->开发者_如何转开发
<session-management>
<concurrency-control max-sessions="10000"
error-if-maximum-exceeded="true" />
</session-management>
</http>
But if I try to access to, for example, /buyers/new by non https link
http://localhost:8085/path/buyers/new I get next error:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
* This problem can sometimes be caused by disabling or refusing to accept
cookies.
Cookies are allowed so I think that this is not problem. Similar error I got in Chrome when I tried to access above link.
In my configuration port 8085 is non ssl port. SSL is configured on port 8443 and it works fine.
I want that all access attempts to some pages are redirected to https.
Any advice will be highly appreciated.
Best regards, Tiho
Add a port-mappings section to your http configuration:
<http use-expressions="true">
...
<port-mappings>
<port-mapping http="8085" https="8443"/>
</port-mappings>
</http>
加载中,请稍侯......
精彩评论