Announcement Announcement Module
No announcement yet.
spring security and https Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring security and https


    my web application run on websphere server, in this application, we need to access webservice from outside provider, this webservice require https connection, but i don't want to setup the websphere server, i wonder if spring security can help to this case?


  • #2
    As far as I know, Spring Security can ensure whether or not the call to your application has been done through a secure channel:

    <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
    If you need to access as client to a secure endpoint that belongs to another application, you won't need to configure anything for a standard access (if the certificate has been issued by a well known trusted authority, I mean, Verisign or similar) because WebSphere is a Java EE server that supports JSSE since version 4.0 onward.


    • #3
      Thanks, but it seems i need to config that https channel in the websphere, then the spring security component use it, right? but i wonder if i can config https channel directly by using the spring security configuration file, without touching the websphere.