几个服务我有一个使用弹簧(也春季安全),其中一些服务是通过保持在applicationContext.xml指定如以下设置保护的资源之外的应用程序:重定向到HTTPS使用弹簧
<http pattern="/services/rest/nohisb/Msgs" security="none"/>
现在只需通过https访问这些服务。容器被配置为拥有https。要求是当用户在http上访问上述服务时,他应该被重定向到https(端口号也会更改,因为它不是默认的443)。
是否有可能通过弹簧来实现这一点?
感谢
Nohsib
是的,有可能使用Spring Channel Processing和PortMapper
春信道处理用于实现定义http/https访问URL模式。对于实施例 -
HTTPS访问URL-
https://localhost/myapp/user/myaccount
的Http:访问URL-
http://localhost/myapp/home
然后,如果用户访问在HTTP模式“HTTP安全的URL://本地主机/ MyApp的/用户/ myaccount“春季频道安全重定向用户安全URL”https:// localhost/myapp/user/myaccount“,反之亦然。
端口映射程序的Bean,使用地图非标准端口号用于HTTP和HTTPS映射
示例配置:
通道处理bean定义和端口Mapper-
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source path-type="ant">
<security:intercept-url pattern="/services/rest/nohisb/Msgs**" access="REQUIRES_SECURE_CHANNEL" />
<security:intercept-url pattern="/**/*.html**" access="REQUIRES_SECURE_CHANNEL" />
<!-- more pattern definition -->
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
<property name="entryPoint" ref="secureEntryPoint"/>
</bean>
<bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
<property name="entryPoint" ref="insecureEntryPoint"/>
</bean>
<bean id="secureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="insecureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
<property name="portMappings">
<map>
<entry key="80" value="443"/>
<entry key="8081" value="8443"/>
<entry key="8443" value="8081"/>
<!-- so on... -->
</map>
</property>
</bean>
Filter Mapping-
<security:http auto-config="false"
entry-point-ref="authenticationProcessingFilterEntryPoint"
access-decision-manager-ref="accessDecisionManager" >
<security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>
<security:intercept-url pattern="/*.html*" access="ROLE_ANONYMOUS,admin,user" />
<security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" />
<!-- more pattern definition -->
</security:http>
您可以编写Servlet过滤器在需要时,将检查请求方案和URL和发送重定向。 但实际上这些东西不应该在java代码中完成,而应该在反向代理或平衡器中完成。通常servlet容器是用来后面代理(nginx的?)或Apache(mod_proxy的)这是配置HTTPS/HTTP重定向的地方等
那岂不是更加简单,因为在http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-requires-channel描述定义端口映射使用Spring Security的命名空间配置?
Thankyou jeevatkm。你能解释一下请上面...... – Nohsib
@Nohsib - 增加通道处理的详细情况,请看看,让我知道 – jeevatkm
@ jeevatkm:获得一个例外 - >没有名为“authenticationProcessingFilterEntryPoint”豆定义 – Nohsib