1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel()

 @Override

 protected void configure(HttpSecurity http) throws Exception {

     http

         .authorizeRequests()

         .antMatchers("/spitter/me").hasRole("SPITTER")

         .antMatchers(HttpMethod.POST, "/spittles").hasRole("SPITTER")

         .anyRequest().permitAll();

     .and()

         .requiresChannel()

         .antMatchers("/spitter/form").requiresSecure();

 }

Any time a request comes in for /spitter/form, Spring Security will see that it requires a secure channel (per the call to requiresSecure() ) and automatically redirect the request to go over HTTPS .
Conversely, some pages don’t need to be sent over HTTPS . The home page, for example, doesn’t carry any sensitive information and should be sent over HTTP . You can declare that the home page always be sent over HTTP by using requires-Insecure() instead of requiresSecure :.antMatchers("/").requiresInecure();If a request for / comes in over HTTPS , Spring Security will redirect the request to flow over the insecure HTTP .

SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. git用法

    chapter: 8 add 添加文件内容至索引 用法:git add [选项] [--] ... -n, --dry-run 演习 -v, --verbose 冗长输出 -i, --interact ...

  2. JAVA栈实例—括号匹配

    import java.util.Stack; public class test { public static void main(String[] args){ System.out.print ...

  3. Android -- Drawable与Bitmap测试

    Drawable                                                                                 以下这个是测试加载10 ...

  4. 11.3Daily Scrum

    人员 任务分配完成情况 明天任务分配 王皓南 实现网页上视频上传的功能,研究相关的代码782 数据库测试 申开亮 实现网页上视频浏览的功能.研究相关的代码和功能.783 实现视频浏览的功能 王宇杰 负 ...

  5. Careercup - Microsoft面试题 - 6282862240202752

    2014-05-11 03:56 题目链接 原题: Given an integer array. Perform circular right shift by n. Give the best s ...

  6. SQL SERVER数据库修改是否区分大小写

    昨天去客户,发现程序无法应用,跟踪错误提示,提示的大致意思是“数据库表名和数据库字段名不存在”.查询后发现是SQL Server数据库设置了区分大小写的缘故(一般安装时,Oracle的正确安装下是默认 ...

  7. Netsharp快速入门(之9) 基础档案(工作区3 添加商品菜单,以及在产品中打开商品界面)

    作者:秋时 杨昶   时间:2014-02-15  转载须说明出处 3.5.2  添加导航菜单 1.打开平台工具,插件和资源节点,选择创建导航菜单,打开创建向导 2.选择所属插件 3.选择在哪个分类下 ...

  8. How to join a Ubuntu to Windows Domain

    My testing environment: Windows Server 2012 R2 Essentials: With AD and standalone DC in one single b ...

  9. 802.11 wireless 三

    802.11 wireless 3watts,milliwatts,and Decibels瓦特(功率单位)的定义是1焦耳/秒微波炉1000瓦特,手机100-200毫瓦 decibels(分贝:比较能 ...

  10. C++中定义比较函数的三种方法

    原文地址:http://fusharblog.com/3-ways-to-define-comparison-functions-in-cpp/ C++编程优与Pascal的原因之一是C++中存在ST ...