您的位置: 首页  >  技术问答  >  如何在应用程序中实现所需页面的HTTPS?

如何在应用程序中实现所需页面的HTTPS?

分类: 技术问答 2022-05-20 18:06:10
问题描述:

我们正在努力实现HTTPS在我们application.So一些网页上,我们改变了tomcat的server.xml中进行HTTPS调用如下:如何在应用程序中实现所需页面的HTTPS?

<Connector 
      port="8080" 
      protocol="HTTP/1.1" 
      connectionTimeout="20000" 
      redirectPort="8443" 
      acceptCount="100" 
      maxKeepAliveRequests="15" 
      SSLEnabled="true" 
      scheme="https" 
      secure="true" 
    clientAuth="false" sslProtocol="TLS" 
    keystoreFile="/webapps/test.bin" 
      keystorePass="test"/>

在应用的web.xml:

<security-constraint> 
<web-resource-collection> 
<web-resource-name>securedapp</web-resource-name> 
<url-pattern>/*</url-pattern> 
</web-resource-collection> 
<user-data-constraint> 
<transport-guarantee>CONFIDENTIAL</transport-guarantee> 
</user-data-constraint> 
</security-constraint>

所以,HTTPS正在申请所有页面。如何限制所需页面的HTTPS。

帮助将不胜感激。

+0

做你的 “一些网页” 具有一些共同的URL模式? – JoseK

+0

N - [joseK no.Url模式不同 – Unknown

+0

这个主题是与http://stackoverflow.com/questions/1454021/how-to-implement-a-https-login-page-in-a-web-application颇为相似。 –

春季安全拦截器有一个参数requires-channel。将此参数设置为https以对匹配拦截器的url模式执行此参数。

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd 
      http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> 

    <security:http> 
     <security:intercept-url pattern="/login" access="permitAll" 
      requires-channel="https"/> 
    </security:http> 

</bean>

简单的办法就是使用HttpFilter,将检查的协议和URL模式,并决定是否将呼叫转移到应用程序或抛出异常,将导致用户看到错误页面。

+0

好的。请详细说明我们可以如何使用httpfilter。 – Unknown

创建以下类

public class RestHttpRequestFilter implements Filter { 

    public void destroy() { 

    } 

    public void doFilter(ServletRequest servletRequest, 
       ServletResponse servletResponse, FilterChain filterChain) 
       throws IOException, ServletException { 
    // if the ServletRequest is an instance of HttpServletRequest 
    if (servletRequest instanceof HttpServletRequest) { 
     HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; 
      System.out.println(httpServletRequest.getRequestURL()); 
      if (httpServletRequest.getRequestURL().toString().contains("/user/account") 
         && servletRequest.getProtocol().contains("HTTP")) { 
        throw new ResourceNotFoundException(
          "The url should be HTTPS"); 
      } 
     filterChain.doFilter(httpServletRequest, servletResponse); 
    } else { 
      // otherwise, continue on in the chain with the ServletRequest and 
      // ServletResponse objects 
      filterChain.doFilter(servletRequest, servletResponse); 
    } 
    return; 
    } 

    public void init(FilterConfig filterConfig) throws ServletException {} 

}

web.xml中进入

<filter> 
     <filter-name>simpleFilter</filter-name> 
     <filter-class>RestHttpRequestFilter</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>simpleFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping>

相关推荐