<security:http auto-config="true" access-denied-page="/jsp/public/accessDenied.jsp" >
<security:port-mappings>
<security:port-mapping http="8090" https="8443"/>
<security:port-mapping http="8080" https="8443"/>
</security:port-mappings>
<security:form-login login-page="/jsp/public/login.jsp" authentication-failure-url="/jsp/public/accessDenied.jsp" authentication-success-handler-ref="postAuthenticationHandler"/>
<security:logout logout-success-url="/jsp/public/login.jsp"/>
<security:intercept-url pattern="/ForgetPasswordController.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/ReverseController.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/test.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/messageTestPoll.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/messageTestSend.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- <security:intercept-url pattern="/*.do" access="ROLE_Developer, ROLE_Administrator, ROLE_Customer" requires-channel="https" /> -->
<security:intercept-url pattern="/*.do" access="ROLE_Developer, ROLE_Administrator, ROLE_Customer" />
<!-- <security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/> -->
</security:http>
spring mvc force https for some pages in spring-security
最新推荐文章于 2024-10-06 20:29:51 发布