Spring security: forcing https with annotations?

Question

Spring security: forcing https with annotations?

Spring security docs state (2.3.2):

If your application supports both HTTP and HTTPS, and you require specific URLs to be accessible only through HTTPS, then this is directly supported using the required channel attribute:

<http> <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/> <intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/> ... </http>

But I use annotations for my controllers, not url-capture elements.

Can HTTPS be enforced through annotations?
Can I force HTTP for insecure pages?

+6

java spring-security

David parks Mar 16 '11 at 6:40

source share

2 answers

There are a number of examples showing how to use annotation using Spring Security.

http://www.jroller.com/habuma/entry/method_level_security_in_spring

spring don't apply method security annotations

I don’t understand what you mean by HTTP forcing for insecure pages. If it is not protected, then it is already HTTP.

+1

gigadot Mar 16 '11 at 9:30

source share

Raghuram · Accepted Answer · 2011-03-16T11:26:16+0000

From the available documents, it can be seen that using only annotations may not be possible to ensure channel security.

Spring security: forcing https with annotations?

More articles: