幾個服務我有一個使用彈簧(也春季安全),其中一些服務是通過保持在applicationContext.xml指定如以下設置保護的資源之外的應用程序:重定向到HTTPS使用彈簧
<http pattern="/services/rest/nohisb/Msgs" security="none"/>
現在只需通過https訪問這些服務。容器被配置爲擁有https。要求是當用戶在http上訪問上述服務時,他應該被重定向到https(端口號也會更改,因爲它不是默認的443)。
是否有可能通過彈簧來實現這一點?
感謝
Nohsib
是的,有可能使用Spring Channel Processing和PortMapper
春信道處理用於實現定義http/https訪問URL模式。對於實施例 -
HTTPS訪問URL-
https://localhost/myapp/user/myaccount
的Http:訪問URL-
http://localhost/myapp/home
然後,如果用戶訪問在HTTP模式「HTTP安全的URL://本地主機/ MyApp的/用戶/ myaccount「春季頻道安全重定向用戶安全URL」https:// localhost/myapp/user/myaccount「,反之亦然。
端口映射程序的Bean,使用地圖非標準端口號用於HTTP和HTTPS映射
示例配置:
通道處理bean定義和端口Mapper-
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source path-type="ant">
<security:intercept-url pattern="/services/rest/nohisb/Msgs**" access="REQUIRES_SECURE_CHANNEL" />
<security:intercept-url pattern="/**/*.html**" access="REQUIRES_SECURE_CHANNEL" />
<!-- more pattern definition -->
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
<property name="entryPoint" ref="secureEntryPoint"/>
</bean>
<bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
<property name="entryPoint" ref="insecureEntryPoint"/>
</bean>
<bean id="secureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="insecureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
<property name="portMappings">
<map>
<entry key="80" value="443"/>
<entry key="8081" value="8443"/>
<entry key="8443" value="8081"/>
<!-- so on... -->
</map>
</property>
</bean>
Filter Mapping-
<security:http auto-config="false"
entry-point-ref="authenticationProcessingFilterEntryPoint"
access-decision-manager-ref="accessDecisionManager" >
<security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>
<security:intercept-url pattern="/*.html*" access="ROLE_ANONYMOUS,admin,user" />
<security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" />
<!-- more pattern definition -->
</security:http>
您可以編寫Servlet過濾器在需要時,將檢查請求方案和URL和發送重定向。 但實際上這些東西不應該在java代碼中完成,而應該在反向代理或平衡器中完成。通常servlet容器是用來後面代理(nginx的?)或Apache(mod_proxy的)這是配置HTTPS/HTTP重定向的地方等
那豈不是更加簡單,因爲在http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-requires-channel描述定義端口映射使用Spring Security的命名空間配置?
Thankyou jeevatkm。你能解釋一下請上面...... – Nohsib
@Nohsib - 增加通道處理的詳細情況,請看看,讓我知道 – jeevatkm
@ jeevatkm:獲得一個例外 - >沒有名爲「authenticationProcessingFilterEntryPoint」豆定義 – Nohsib