目前我的 Spring 应用程序只接受 HTTPS 协议(protocol)的请求。以下是 security-context.xml
<http auto-config="false" use-expressions="true"
disable-url-rewriting="true">
<intercept-url pattern="/signup*" access="permitAll"
requires-channel="https" />
<intercept-url pattern="/login*" access="permitAll"
requires-channel="https" />
<intercept-url pattern="/logout" access="permitAll"
requires-channel="https" />
<form-login authentication-success-handler-ref="myAuthenticationSuccessHandler"
login-page="/login" authentication-failure-url="/loginFailed" />
<intercept-url pattern="/**" access="isFullyAuthenticated()"
requires-channel="https" />
<session-management
session-authentication-error-url="/loginFailed">
<concurrency-control error-if-maximum-exceeded="true"
max-sessions="2" />
</session-management>
<logout invalidate-session="true" delete-cookies="JSESSIONID" />
</http>
现在,我还希望应用程序能够在用户访问域时将 HTTP GET
请求重定向到 HTTPS,例如从 http://mydomain.com
到https://mydomain.com
。我怎样才能做到这一点?我应该在 security-context.xml、 Controller 或 Tomcat 本身中应用更改吗?
最佳答案
我在 server.xml
中配置了从 HTTP(端口 80)到 HTTPS(端口 443)的重定向
<Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>
关于tomcat - 在 Spring Security 或 Tomcat 中将 HTTP 重定向到 HTTPS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17057219/