web.xml安全约束不会从https
问题描述:
返回http http按照本链接Use HTTPS only for certain pages in servlet based webapp中所述的步骤进行操作。我的网页通常在http上,但是当我点击登录页面时,它会转到https。这很好。但是,当我成功登录并且页面返回到常规主页时,例如https仍然存在。它不会回到http。请帮忙。web.xml安全约束不会从https
新增的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Welcome</display-name>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>https</web-resource-name>
<url-pattern>/signin.htm</url-pattern>
<url-pattern>/login.htm</url-pattern>
<url-pattern>/shownewuser.htm</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>http</web-resource-name>
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
答
我使用Spring Security的解决了这个。对于那些想在这里尝试的人就是我所做的。
完全从web.xml中删除安全约束。 在春季安全配置包括以下
<http auto-config="true">
<intercept-url pattern="/signin.htm" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/login.htm" requires-channel="https"/>
<intercept-url pattern="/home.htm" requires-channel="http"/>
<session-management session-fixation-protection="none">
</session-management>
<remember-me />
<port-mappings>
<port-mapping http="8080" https="8443"/>
</port-mappings>
</http>
一旦我安装这个,然后我能够使用https只是登录和登录一次完成,它会自动返回到http
你不应该使用重定向首先将'http://.../ login'变成'https://.../ login'。 – Bruno 2013-04-10 21:08:43
@布鲁诺,我不使用重定向,我只依赖于web.xml配置 – user1241438 2013-04-10 23:54:01