Reputation: 301
Spring MVC + Spring Security: how to migrate application from http to https
I have built a spring MVC application using Spring Tool Suite. I also used Spring Security to handle access permissions and login/logout. The application is currently using http protocol, but I want to move to https completely.
What should I do? Should I also reconfigure STS' VFabric tc Server to run the appliction? If so, how?
Upvotes: 3
Views: 2029
Answers (1)
Reputation: 12134
You need to configure your application container if you want to use https protocol.
VFabric tc Server docs about SSL:
Still you can use Spring Security features. HTTP/HTTPS Channel Security is achieved with ChannelProcessingFilter. Fortunately it can be easily configured with Spring Security XML Namespace.
Spring Docs:
If your application supports both HTTP and HTTPS, and you require that particular URLs can only be accessed over HTTPS, then this is directly supported using the requires-channel attribute on intercept-url
Example Config:
<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
</http>
Upvotes: 3
Related Questions
- Spring Boot redirect HTTP to HTTPS
- Spring Controller on HTTPS and HTTP
- Spring mvc 3 - HTTPS access
- Redirect HTTP to HTTPS in Spring Security or Tomcat
- How spring use https for request automatically?
- Configure Application using Spring Security to accept HTTP requests and send HTTPS response
- Spring Security 3.1.0 - Cannot switch from HTTPS to HTTP
- tomcat webapp How to switch to https and back to http without spring security
- Spring security switching to http after login. How can I keep it as https?
- Spring MVC https how to enable?