1. 首頁
  2. 問答
  3. 如何在應用程序中實現所需頁面的HTTPS?

如何在應用程序中實現所需頁面的HTTPS?

2011-11-17 32 views
3

我們正在努力實現HTTPS在我們application.So一些網頁上,我們改變了tomcat的server.xml中進行HTTPS調用如下:如何在應用程序中實現所需頁面的HTTPS?

<Connector 
      port="8080" 
      protocol="HTTP/1.1" 
      connectionTimeout="20000" 
      redirectPort="8443" 
      acceptCount="100" 
      maxKeepAliveRequests="15" 
      SSLEnabled="true" 
      scheme="https" 
      secure="true" 
    clientAuth="false" sslProtocol="TLS" 
    keystoreFile="/webapps/test.bin" 
      keystorePass="test"/>

在應用的web.xml:

<security-constraint> 
<web-resource-collection> 
<web-resource-name>securedapp</web-resource-name> 
<url-pattern>/*</url-pattern> 
</web-resource-collection> 
<user-data-constraint> 
<transport-guarantee>CONFIDENTIAL</transport-guarantee> 
</user-data-constraint> 
</security-constraint>

所以,HTTPS正在申請所有頁面。如何限制所需頁面的HTTPS。

幫助將不勝感激。

來源

2011-11-17 Unknown

+0

做你的 「一些網頁」 具有一些共同的URL模式? – JoseK

+0

N - [joseK no.Url模式不同 – Unknown

+0

這個主題是與http://stackoverflow.com/questions/1454021/how-to-implement-a-https-login-page-in-a-web-application頗爲相似。 –

回答

4

春季安全攔截器有一個參數requires-channel。將此參數設置爲https以對匹配攔截器的url模式執行此參數。

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd 
      http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> 

    <security:http> 
     <security:intercept-url pattern="/login" access="permitAll" 
      requires-channel="https"/> 
    </security:http> 

</bean>

來源

2011-11-17 10:03:33 Ralph

1

簡單的辦法就是使用HttpFilter,將檢查的協議和URL模式,並決定是否將呼叫轉移到應用程序或拋出異常,將導致用戶看到錯誤頁面。

來源

2011-11-17 09:55:03 AlexR

+0

好的。請詳細說明我們可以如何使用httpfilter。 – Unknown

2

創建以下類

public class RestHttpRequestFilter implements Filter { 

    public void destroy() { 

    } 

    public void doFilter(ServletRequest servletRequest, 
       ServletResponse servletResponse, FilterChain filterChain) 
       throws IOException, ServletException { 
    // if the ServletRequest is an instance of HttpServletRequest 
    if (servletRequest instanceof HttpServletRequest) { 
     HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; 
      System.out.println(httpServletRequest.getRequestURL()); 
      if (httpServletRequest.getRequestURL().toString().contains("/user/account") 
         && servletRequest.getProtocol().contains("HTTP")) { 
        throw new ResourceNotFoundException(
          "The url should be HTTPS"); 
      } 
     filterChain.doFilter(httpServletRequest, servletResponse); 
    } else { 
      // otherwise, continue on in the chain with the ServletRequest and 
      // ServletResponse objects 
      filterChain.doFilter(servletRequest, servletResponse); 
    } 
    return; 
    } 

    public void init(FilterConfig filterConfig) throws ServletException {} 

}

web.xml中進入

<filter> 
     <filter-name>simpleFilter</filter-name> 
     <filter-class>RestHttpRequestFilter</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>simpleFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping>

來源

2011-12-01 02:11:45 Radh

相關問題

 相關問題