1

目前我的 Spring 应用程序只接受 HTTPS 协议的请求。下面是部分内容security-context.xml

<http auto-config="false" use-expressions="true"
        disable-url-rewriting="true">
        <intercept-url pattern="/signup*" access="permitAll"
            requires-channel="https" />
        <intercept-url pattern="/login*" access="permitAll"
            requires-channel="https" />
        <intercept-url pattern="/logout" access="permitAll"
            requires-channel="https" />
        <form-login authentication-success-handler-ref="myAuthenticationSuccessHandler"
            login-page="/login" authentication-failure-url="/loginFailed" />
        <intercept-url pattern="/**" access="isFullyAuthenticated()"
            requires-channel="https" />
        <session-management
            session-authentication-error-url="/loginFailed">
            <concurrency-control error-if-maximum-exceeded="true"
                max-sessions="2" />
        </session-management>
        <logout invalidate-session="true" delete-cookies="JSESSIONID" />
    </http>

现在,我还希望应用程序能够GET在用户访问域时将 HTTP 请求重定向到 HTTPS,例如 from http://mydomain.comto https://mydomain.com。我怎样才能做到这一点?我应该在 security-context.xml、控制器或 Tomcat 本身中应用更改吗?

4

1 回答 1

4

我将 HTTP(端口 80)重定向到 HTTPS(端口 443)配置server.xml

<Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>
于 2013-06-12T10:26:07.627 回答