我为付款网站提供了重定向网址。付款完成后,付款网站会创建一个带有提交按钮的表单,以便用户返回我的网站:
<form action="http://my.site.foo/payment/ok">....</form>
当我使用 http 协议时,一切正常,但付款网站会通知用户她的数据将以未加密的方式发送。因此,我决定提供 https 链接:https://my.site.foo:8080/payment/ok。
在我的spring-security.xml中,我把
<security:intercept-url pattern="/payment/ok" requires-channel="https" />
但是当我在付款网站上提交表单时,我获得403状态。
所以我的问题是:如何为这种特殊情况配置spring并提供从支付站点访问https://my.site.foo:8080/payment/ok的权限?
答案 0 :(得分:1)
Running over HTTP or HTTPS isn't a Spring specific configuration, but rather a config at the web server/application server level.
You will need set you Tomcat/Jetty to serve your application over HTTPS and of course that the page you redirect to is actually accessible. You will of course also need to buy a certificate.
Here are the instructions to set up your Tomcat or Jetty servers.
Hope it helps.