我按照此链接Use HTTPS only for certain pages in servlet based webapp中说明的程序进行操作。我的网页通常是http,但是当我点击登录页面时,它会转到https。这一切都很好。但是当我成功登录并且页面返回到常规主页时,例如https仍然存在。它不会回到http。请帮忙。
添加了web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Welcome</display-name>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>https</web-resource-name>
<url-pattern>/signin.htm</url-pattern>
<url-pattern>/login.htm</url-pattern>
<url-pattern>/shownewuser.htm</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>http</web-resource-name>
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
答案 0 :(得分:1)
我使用Spring Security解决了这个问题。对于那些想在这里尝试的人来说,就是我所做的。
从web.xml中完全删除security-constraint。 在Spring Security配置中包含以下内容
<http auto-config="true">
<intercept-url pattern="/signin.htm" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/login.htm" requires-channel="https"/>
<intercept-url pattern="/home.htm" requires-channel="http"/>
<session-management session-fixation-protection="none">
</session-management>
<remember-me />
<port-mappings>
<port-mapping http="8080" https="8443"/>
</port-mappings>
</http>
一旦我设置了这个,那么我就可以使用https登录了,一旦登录完成后它会自动返回到http