1. 首頁
  2. 問答
  3. web.xml安全約束不會從https

web.xml安全約束不會從https

2013-04-10 52 views
0

返回http http按照本鏈接Use HTTPS only for certain pages in servlet based webapp中所述的步驟進行操作。我的網頁通常在http上,但是當我點擊登錄頁面時,它會轉到https。這很好。但是,當我成功登錄並且頁面返回到常規主頁時,例如https仍然存在。它不會回到http。請幫忙。web.xml安全約束不會從https

新增的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
     id="WebApp_ID" version="2.5"> 
     <display-name>Welcome</display-name> 
     <servlet> 
       <servlet-name>dispatcher</servlet-name> 
       <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
       <load-on-startup>1</load-on-startup> 
     </servlet> 
     <servlet-mapping> 
       <servlet-name>dispatcher</servlet-name> 
       <url-pattern>*.htm</url-pattern> 
     </servlet-mapping> 

     <servlet-mapping> 
       <servlet-name>jsp</servlet-name> 
       <url-pattern>*.jsp</url-pattern> 
     </servlet-mapping> 

     <security-constraint> 
       <web-resource-collection> 
         <web-resource-name>https</web-resource-name> 
         <url-pattern>/signin.htm</url-pattern> 
         <url-pattern>/login.htm</url-pattern> 
         <url-pattern>/shownewuser.htm</url-pattern> 
       </web-resource-collection> 
       <user-data-constraint> 
         <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
       </user-data-constraint> 
     </security-constraint> 

     <security-constraint> 
       <web-resource-collection> 
         <web-resource-name>http</web-resource-name> 
         <url-pattern>*.htm</url-pattern> 
       </web-resource-collection> 
       <user-data-constraint> 
         <transport-guarantee>NONE</transport-guarantee> 
       </user-data-constraint> 
     </security-constraint> 
    <listener> 
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 
    <context-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value> 
        /WEB-INF/dispatcher-servlet.xml, 
        /WEB-INF/spring-security.xml 
      </param-value> 
    </context-param> 

    <!-- Spring Security --> 
    <filter> 
      <filter-name>springSecurityFilterChain</filter-name> 
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
      <filter-name>springSecurityFilterChain</filter-name> 
      <url-pattern>/*</url-pattern> 
    </filter-mapping> 



    <welcome-file-list> 
      <welcome-file>index.jsp</welcome-file> 
    </welcome-file-list>

來源

2013-04-10 user1241438

+0

你不應該使用重定向首先將'http://.../ login'變成'https://.../ login'。 – Bruno 2013-04-10 21:08:43

+0

@布魯諾,我不使用重定向,我只依賴於web.xml配置 – user1241438 2013-04-10 23:54:01

回答

1

我使用Spring Security的解決了這個。對於那些想在這裏嘗試的人就是我所做的。

完全從web.xml中刪除安全約束。 在春季安全配置包括以下

<http auto-config="true"> 
    <intercept-url pattern="/signin.htm" access="ROLE_USER" requires-channel="https"/> 
    <intercept-url pattern="/login.htm" requires-channel="https"/> 
    <intercept-url pattern="/home.htm" requires-channel="http"/> 

    <session-management session-fixation-protection="none"> 
    </session-management> 
    <remember-me /> 
     <port-mappings> 
       <port-mapping http="8080" https="8443"/> 
      </port-mappings> 
</http>

一旦我安裝這個,然後我能夠使用https只是登錄和登錄一次完成,它會自動返回到http

來源

2013-04-14 03:30:42 user1241438

相關問題

 相關問題