Announcement Announcement Module
Collapse
No announcement yet.
welcome-file-list pointing to https Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • welcome-file-list pointing to https

    In the Spring Security Reference Documentation 2.0.x, in chapter 7 under Channel Security, in the last paragraph of the Overview there is a statement that I don't understand.

    It says to have the welcome-file-list point to HTTPS instead of HTTP. How is this done? I only know how to point to a file like index.html.

    Thanks,
    Joshua

  • #2
    Originally posted by javajoshw View Post
    In the Spring Security Reference Documentation 2.0.x, in chapter 7 under Channel Security, in the last paragraph of the Overview there is a statement that I don't understand.

    It says to have the welcome-file-list point to HTTPS instead of HTTP. How is this done? I only know how to point to a file like index.html.

    Thanks,
    Joshua
    It says that URL location written in welcome-file-list element should only be accessible with HTTPS connection. If your index.html is accessible with HTTP request, then your jsessionid will be sent within insecure channel even though your other pages are only accessible with HTTPS.

    Comment


    • #3
      I have a login.jsp that is in the welcome-file-list, how do I force it to be https as the instructions state?

      Comment


      • #4
        You need to add intercept-url definition to your http configuration in your beans configuration file like this;
        <http>
        <intercept-url pattern="/login.jsp" access="ROLE_ANONYMOUS" requires-channel="https"/>
        </http>

        For the above case, you also need to enable anonymous authentication.

        Comment

        Working...
        X