我有以下配置:
<http entry-point-ref="authenticaionEntryPoint"
access-decision-manager-ref="accessDecisionManager"
disable-url-rewriting="true">
<intercept-url pattern="/custom-url" access="ROLE_USER"
requires-channel="https" />
Now since url: /custom-url is on https. I am facing a weird use case when user is logged in (jsessionid is maintained https only, so on http user's session won't be recognized) :
1. Open http://www.dummy-domain.com/custom-url
2. User is redirected to http://www.dummy-domain.com/login
3. User is redirected to https://www.dummy-domain.com/login
4. User is redirected to https://www.dummy-domain.com, since user is already logged in.
In my opinion, it should have been this way :
1. Open http://www.dummy-domain.com/custom-url
2. User is redirected to https://www.dummy-domain.com/custom-url
I am assuming in first scenario channel processing filter is not getting executed first.
有什么想法我错过了吗?有关信息,我仍然在春季安全3.1