1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel()

 @Override

 protected void configure(HttpSecurity http) throws Exception {

     http

         .authorizeRequests()

         .antMatchers("/spitter/me").hasRole("SPITTER")

         .antMatchers(HttpMethod.POST, "/spittles").hasRole("SPITTER")

         .anyRequest().permitAll();

     .and()

         .requiresChannel()

         .antMatchers("/spitter/form").requiresSecure();

 }

Any time a request comes in for /spitter/form, Spring Security will see that it requires a secure channel (per the call to requiresSecure() ) and automatically redirect the request to go over HTTPS .
Conversely, some pages don’t need to be sent over HTTPS . The home page, for example, doesn’t carry any sensitive information and should be sent over HTTP . You can declare that the home page always be sent over HTTP by using requires-Insecure() instead of requiresSecure :.antMatchers("/").requiresInecure();If a request for / comes in over HTTPS , Spring Security will redirect the request to flow over the insecure HTTP .

SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. PB中multieditline空间的“~r~n"转"~n"

    private: constant String MULEDIT_NEWLINE = "~r~n" //multilineEdit控件的换行符号 constant String M ...

  2. 硬件相关-EMI & EMS & EMC

    EMI——Electro Magnetic Interference 电磁干扰 定义:是指电磁波与电子元件作用后而产生的干扰现象. 分类:有传导干扰和辐射干扰两种. 传导干扰: 是指通过导电介质把一个 ...

  3. 用MSBuild和Jenkins搭建持续集成环境(1)

     http://www.infoq.com/cn/articles/MSBuild-1 你或其他人刚刚写完了一段代码,提交到项目的版本仓库里面.但等一下,如果新提交的代码把构建搞坏了怎么办?万一出现编 ...

  4. c判断括弧是否匹配

    这里我没有用堆栈.直接用一个数组input[SIZE]接收用户的输入,在遍历数组,对数组进行操作.已经匹配好的括弧直接用#号覆盖,最后遍历数组.如果数组只有#号,没有其他元素,则匹配.否则不匹配. / ...

  5. Reveal 破解

    永久试用Reveal,只需要打开 ~/Library/Preferences/com.ittybittyapps.Reveal.plist 把IBAApplicationPersistenceData ...

  6. 01.Hibernate入门

    前言:本文用一个简单的Hibernate应用程序例子来引领初学者入门,让初学者对Hibernate的使用有一个大致的认识.本文例子使用了MySQL数据库.Maven管理工具.Eclipse开发工具,创 ...

  7. 【BZOJ】【2424】【HAOI2010】订货

    网络流/费用流 比较简单的题……我一开始想成像软件开发那题一样的做法了……就是每天拆点,S->i (INF,0) .i+n->T (u[i],0) 然后处理购入 S->i+n (IN ...

  8. html之cellspacing && cellpadding讲解

    单元格间距(表格间距)(cellspacing) -- 代表表格边框与单元格补白的距离,也是单元格补白之间的距离 单元格边距(表格填充)(cellpadding) -- 代表单元格外面的一个距离,用于 ...

  9. Python中的正则表达式regular expression

    1 match = re.search(pat,str)  If the search is successful, search() returns a match object or None o ...

  10. Python3中的新特性(1)——新的语言特性

    1.源代码编码和标识符         Python3假定源代码使用UTF-8编码.另外,关于标识符中哪些字符是合法的规则也放宽了.特别是,标识符可以包含代码点为U+0080及以上的任意有效Unico ...