Redirect to https for multiple services using spring

Question

Redirect to https for multiple services using spring

I have an application that uses spring (also spring security), where several services were stored outside the protected resource set, specifying as shown below in applicationContext.xml:

<http pattern="/services/rest/nohisb/Msgs" security="none"/>

Now these services should be available only through https. The container has https. The requirement is that when the user accesses the above service on http, he must be redirected to https (the port number also changes, since he is not 443 by default).

Is it possible to achieve this through spring?

thanks
nohsib

+1

java spring java-ee spring-mvc spring-security

Nohsib Nov 22 '12 at 20:02

source share

3 answers

, URL- . Java-, . (nginx?) apache (mod_proxy). https/http ..

0

xeye 22 . '12 20:08

Spring, http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-requires-channel, ?

0

FelixM 07 . '12 8:10

jeevatkm · Accepted Answer · 2012-11-23T20:02:12+0000

, Spring PortMapper

Spring , URL- URL- http/https. :

URL- Https-

https://localhost/myapp/user/myaccount

Http: URL -

http://localhost/myapp/home

, URL- http " http://localhost/myapp/user/myaccount" spring, URL- " https://localhost/myapp/user/myaccount" .

PortMapper Bean HTTP HTTPS

:

Bean - -

<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
  <property name="channelDecisionManager" ref="channelDecisionManager"/>
  <property name="securityMetadataSource">
        <security:filter-security-metadata-source path-type="ant">
            <security:intercept-url pattern="/services/rest/nohisb/Msgs**" access="REQUIRES_SECURE_CHANNEL" />
            <security:intercept-url pattern="/**/*.html**" access="REQUIRES_SECURE_CHANNEL" />

            <!-- more pattern definition -->

        </security:filter-security-metadata-source>
  </property>
</bean>

<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
  <property name="channelProcessors">
    <list>
        <ref bean="secureChannelProcessor"/>
        <ref bean="insecureChannelProcessor"/>
    </list>
  </property>
</bean>

<bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
    <property name="entryPoint" ref="secureEntryPoint"/>
</bean>

<bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
    <property name="entryPoint" ref="insecureEntryPoint"/>
</bean>

<bean id="secureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
    <property name="portMapper" ref="portMapper"/>
</bean>

<bean id="insecureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
    <property name="portMapper" ref="portMapper"/>
</bean>

<bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
    <property name="portMappings">
        <map>
            <entry key="80" value="443"/>
            <entry key="8081" value="8443"/>
            <entry key="8443" value="8081"/>
            <!-- so on... -->
        </map>
    </property>
</bean>

-

<security:http auto-config="false" 
            entry-point-ref="authenticationProcessingFilterEntryPoint" 
            access-decision-manager-ref="accessDecisionManager" >

    <security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>

    <security:intercept-url pattern="/*.html*" access="ROLE_ANONYMOUS,admin,user"  />
    <security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" />

    <!-- more pattern definition -->

</security:http>

Redirect to https for multiple services using spring

More articles: