0

我按照此链接中所述的过程将HTTPS 仅用于基于 servlet 的 webapp 中的某些页面。我的网页通常在 http 上,但是当我单击登录页面时,它转到 https。这一切都很好。但是当我成功登录并且页面返回到常规主页时,例如 https 仍然存在。它不会回到http。请帮忙。

添加了 web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
        id="WebApp_ID" version="2.5">
        <display-name>Welcome</display-name>
        <servlet>
                <servlet-name>dispatcher</servlet-name>
                <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
                <servlet-name>dispatcher</servlet-name>
                <url-pattern>*.htm</url-pattern>
        </servlet-mapping>

        <servlet-mapping>
                <servlet-name>jsp</servlet-name>
                <url-pattern>*.jsp</url-pattern>
        </servlet-mapping>

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>https</web-resource-name>
                        <url-pattern>/signin.htm</url-pattern>
                        <url-pattern>/login.htm</url-pattern>
                        <url-pattern>/shownewuser.htm</url-pattern>
                </web-resource-collection>
                <user-data-constraint>
                        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
        </security-constraint>

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>http</web-resource-name>
                        <url-pattern>*.htm</url-pattern>
                </web-resource-collection>
                <user-data-constraint>
                        <transport-guarantee>NONE</transport-guarantee>
                </user-data-constraint>
        </security-constraint>
    <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                    /WEB-INF/dispatcher-servlet.xml,
                    /WEB-INF/spring-security.xml
            </param-value>
    </context-param>

    <!-- Spring Security -->
    <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>



    <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

4

1 回答 1

1

我通过使用 Spring Security 解决了这个问题。对于那些想在这里尝试的人是我所做的。

从 web.xml 中完全删除安全约束。在 Spring Security 配置中包括以下内容

<http auto-config="true">
    <intercept-url pattern="/signin.htm" access="ROLE_USER" requires-channel="https"/>
    <intercept-url pattern="/login.htm"  requires-channel="https"/>
    <intercept-url pattern="/home.htm"  requires-channel="http"/>

    <session-management session-fixation-protection="none">
    </session-management>
    <remember-me />
        <port-mappings>
              <port-mapping http="8080" https="8443"/>
            </port-mappings>
</http>

一旦我设置了这个,我就可以使用 https 仅用于登录,一旦登录完成,它会自动返回 http

于 2013-04-14T03:30:42.097 回答