在https上,Spring Security会保持重定向到http

时间:2014-01-27 23:03:02

标签: apache tomcat spring-mvc ssl spring-security

登录或退出后,Spring会将我重定向到http页面。向页面添加requires-channel="https"只会导致重定向循环。这在我的本地计算机上工作正常,但是这个项目是在apache和负载均衡器下设置的。

<http pattern="/services/**" create-session="stateless"
        entry-point-ref="basicAuthAwareAuthenticationEntryPoint">
        <http-basic />
        <port-mappings>
            <port-mapping http="8009" https="8443"/>
            <port-mapping http="80" https="443"/>
       </port-mappings>
       <intercept-url pattern="/services/**" access="ROLE_SERVICE" />
    </http>

    <http auto-config="true">
        <port-mappings>
            <port-mapping http="8009" https="8443"/>
            <port-mapping http="80" https="443"/>
        </port-mappings>
        <intercept-url pattern="/index.*" access="ROLE_USER" />
        <intercept-url pattern="/welcome.htm" access="ROLE_USER" />
        <intercept-url pattern="/changePassword.htm" access="ROLE_USER" />
        <intercept-url pattern="/admin/**" access="ROLE_USER" />
        <intercept-url pattern="/notifications/**" access="ROLE_ANONYMOUS,ROLE_USER" />
        <intercept-url pattern="/logging/**" access="ROLE_USER" />
        <form-login login-page="/login.htm" default-target-url="/welcome.htm"
            authentication-failure-url="/loginfailed.htm" />
        <logout logout-success-url="/logout.htm" />
    </http>

0 个答案:

没有答案