Spring MVC 3-HTTPS访问

| 如何强制仅通过HTTPS访问页面。需要通过Spring MVC 3配置文件来做到这一点。     
2019-12-09 4 条评论
分享

没有找到相关结果

    已邀请:

    坝胺绣敝

    Spring-security具有这样的配置。看到这里如何做。简而言之-您强制频道使用https: 
    <http>
    <intercept-url pattern=\"/secure/**\" access=\"ROLE_USER\" 
        requires-channel=\"https\"/>
    <intercept-url pattern=\"/**\" access=\"ROLE_USER\" 
        requires-channel=\"any\"/>
</http>
    如果您不想使用spring-security,这是我写的一个拦截器: 
    @Component
public class SslInterceptor extends HandlerInterceptorAdapter {

    // no need to inject it for now..
    private PathMatcher pathMatcher = new AntPathMatcher();

    @Value(\"${base.url.secure}\")
    private String secureRoot;

    @Resource(name=\"secureLocations\")
    private List<String> secureLocations;

    @Value(\"${use.ssl}\")
    private boolean useSsl;


    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {

        if (useSsl && !request.isSecure() && shouldForceSecure(request.getRequestURI())) {

            String redirectUrl = secureRoot + request.getRequestURI();
            if (request.getQueryString() != null) {
                redirectUrl += \"?\" + request.getQueryString();
            }
            // force session creation - thus it will be accessible to both the
            // secure and the insecure contexts
            request.getSession(true);
            response.sendRedirect(redirectUrl);
            return false;
        }

        return true;
    }

    private boolean shouldForceSecure(String path) {
        for (String pattern : secureLocations) {
            if (pathMatcher.match(pattern, path)) {
                return true;
            }
        }
        return false;
    }
}
        
    2019-12-09 0 0
    分享

    响摔衅幸

    对于没有弹簧安全性的基于注释的方法,我编写了一个拦截器和一个新的注释: 
    /**
 * Request mapping annotation to enforce secure or insecure requests.
 * Per default the annotated mapping is enforced to be secure.
 *
 * @see org.springframework.web.bind.annotation.RequestMapping
 */
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Mapping
public @interface RequestProtocol {

  boolean secure() default true;
}
    因此,您可以像这样简单地声明一个(此处为REST)控制器方法: 
    @RequestMapping(value = \"/secret\", method = RequestMethod.GET)
@RequestProtocol(secure = true)
@ResponseBody
public Result doSecure(@Valid Model model) {
  return doSomething(model));
}
    要启用映射,请使用拦截器重定向错误的协议。您也可以通过发送FORBIDDEN响应来进行更简单的处理。 
    /**
 * Interceptor to send a redirect on security enforced mappings with wrong type of request.
 *
 * @see RequestProtocol
 */
class RequestProtocolInterceptor extends HandlerInterceptorAdapter {

  private static final int PORT_DIFF = 443 - 80;

  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
    Boolean secure = checkSecure(handler);
    if (secure != null && request.isSecure() != secure) {
      response.sendRedirect(switchSecure(secure, request.getRequestURL()));
      return false;
    }
    return true;
  }

  private Boolean checkSecure(Object handler) {
    if (handler instanceof HandlerMethod) {
      HandlerMethod method = (HandlerMethod)handler;
      RequestProtocol annotation = method.getMethodAnnotation(RequestProtocol.class);
      if (annotation == null) {
        annotation = AnnotationUtils.findAnnotation(method.getBeanType(), RequestProtocol.class);
      }
      return annotation == null ? null : annotation.secure();
    }
    return null;
  }

  private String switchSecure(boolean secure, StringBuffer url) {
    int endSchema = url.indexOf(\"://\");
    url.replace(0, endSchema, secure ? \"https\" : \"http\");
    int startPort = url.indexOf(\":\", endSchema + 3);
    if (startPort != -1) {
      int endPort = url.indexOf(\"/\", startPort);
      int port = Integer.parseInt(url.substring(startPort + 1, endPort));
      port += secure ? PORT_DIFF : -PORT_DIFF;
      url.replace(startPort + 1, endPort, String.valueOf(port));
    }
    return url.toString();
  }
}
    要在基于纯注释的Spring配置上启用拦截器,请使用WebMvcConfigurerAdapter: 
    @Configuration
@EnableWebMvc
public class MyConfiguration extends WebMvcConfigurerAdapter {

  @Override
  public void addInterceptors(InterceptorRegistry registry) {
    registry.addInterceptor(new RequestProtocolInterceptor());
  }
}
        
    2019-12-09 0 0
    分享

    傻寺俊擒

    您可以在Tomcat配置中执行此操作。 尝试将server.xml中的redirectPort = \“ \”添加到HTTP连接器。 希望能帮助到你。 更新: 本文将向您介绍如何处理SSL,并提供了许多示例。 http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html     
    2019-12-09 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.032519102096558