zoukankan      html  css  js  c++  java
  • SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel()

     1 @Override
     2 protected void configure(HttpSecurity http) throws Exception {
     3     http
     4         .authorizeRequests()
     5         .antMatchers("/spitter/me").hasRole("SPITTER")
     6         .antMatchers(HttpMethod.POST, "/spittles").hasRole("SPITTER")
     7         .anyRequest().permitAll();
     8     .and()
     9         .requiresChannel()
    10         .antMatchers("/spitter/form").requiresSecure();
    11 }

    Any time a request comes in for /spitter/form, Spring Security will see that it requires a secure channel (per the call to requiresSecure() ) and automatically redirect the request to go over HTTPS .
    Conversely, some pages don’t need to be sent over HTTPS . The home page, for example, doesn’t carry any sensitive information and should be sent over HTTP . You can declare that the home page always be sent over HTTP by using requires-Insecure() instead of requiresSecure :.antMatchers("/").requiresInecure();If a request for / comes in over HTTPS , Spring Security will redirect the request to flow over the insecure HTTP .

  • 相关阅读:
    关于js的语句类型运算符等
    关于flex的布局理解
    三天来都在写项目;今天开始学习了js
    12.13的学习内容
    Css多列语法笔记
    Css3关键帧动画
    codevs1085数字游戏(环形DP+划分DP )
    codevs1040统计单词个数(区间+划分型dp)
    POJ1062昂贵的聘礼
    POJ3687Labeling Balls
  • 原文地址:https://www.cnblogs.com/shamgod/p/5341295.html
Copyright © 2011-2022 走看看