SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel()

 1 @Override
 2 protected void configure(HttpSecurity http) throws Exception {
 3     http
 4         .authorizeRequests()
 5         .antMatchers("/spitter/me").hasRole("SPITTER")
 6         .antMatchers(HttpMethod.POST, "/spittles").hasRole("SPITTER")
 7         .anyRequest().permitAll();
 8     .and()
 9         .requiresChannel()
10         .antMatchers("/spitter/form").requiresSecure();
11 }

Any time a request comes in for /spitter/form, Spring Security will see that it requires a secure channel (per the call to requiresSecure() ) and automatically redirect the request to go over HTTPS .
Conversely, some pages don’t need to be sent over HTTPS . The home page, for example, doesn’t carry any sensitive information and should be sent over HTTP . You can declare that the home page always be sent over HTTP by using requires-Insecure() instead of requiresSecure :.antMatchers("/").requiresInecure();If a request for / comes in over HTTPS , Spring Security will redirect the request to flow over the insecure HTTP .

时间: 2024-11-06 12:04:35

SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())的相关文章

SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your application’s classpath. Spring Security is often used to secure web applications, and that’s certainly the case with the Spittr application, so you’l

SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mongo or Neo4j. In that case, you’ll need to implement a custom implementationof the UserDetailsService interface. 1 public interface UserDetailsService

SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To configure Spring Security to authenticate against a JDBC -backed user store,you can use the jdbcAuthentication() method. The minimal configuration requ

SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

Spring Security is extremely flexible and is capable of authenticating users against virtually any data store. Several common user store situations—such as in-memory, relational database, and LDAP —are provided out of the box. But you can also create

SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored in the database. The only problem with that is that if the passwords are stored in plain text, they’re subject to the prying eyes of a hacker. But if

SPRING IN ACTION 第4版笔记-第二章WIRING BEANS-007-以set方法注入<property>\p-namespace\util-space

一.注入简单属性 1 package soundsystem.properties; 2 import org.springframework.beans.factory.annotation.Autowired; 3 4 import soundsystem.CompactDisc; 5 import soundsystem.MediaPlayer; 6 7 public class CDPlayer implements MediaPlayer { 8 private CompactDisc

SPRING IN ACTION 第4版笔记-第二章Wiring Beans-005-<constructor-arg>和c-namespace

1. 1 package soundsystem; 2 3 public class SgtPeppers implements CompactDisc { 4 5 private String title = "Sgt. Pepper's Lonely Hearts Club Band"; 6 private String artist = "The Beatles"; 7 8 public void play() { 9 System.out.println(&

SPRING IN ACTION 第4版笔记-第二章[email protected]、@Autowired的用法

一.@ComponentScan 1. @Configuration //说明此类是配置文件 @ComponentScan //开启扫描,会扫描当前类的包及其子包 public class CDPlayerConfig { } 2. @ComponentScan(basePackages={"soundsystem", "video"})//扫描多个包 public class CDPlayerConfig { } 3. @ComponentScan(basePac

SPRING IN ACTION 第4版笔记-第八章Advanced Spring MVC-003-Pizza例子的基本流程

一. 1. 2.pizza-flow.xml 1 <?xml version="1.0" encoding="UTF-8"?> 2 <flow xmlns="http://www.springframework.org/schema/webflow" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="h