Databases
StackOverflow2013
Postsdbo
POSpring Security 3.1.0 - Cannot switch from HTTPS to HTTP
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring Security 3.1.0 - Cannot switch from HTTPS to HTTP
    text
    copied!<p>I am new to Spring Security, so I made a small webapp in order to try it and find a configuration that will be useful for the project I am working on. I am forcing my login page to be accessed via HTTPS, and I need to switch back to HTTP after logging in. In other words:</p> <ul> <li>Login page: HTTPS only</li> <li>Other pages: HTTP only</li> </ul> <p>I tried several ways but I cannot make it work as I said above. I read the <a href="http://static.springsource.org/spring-security/site/faq.html#faq-tomcat-https-session" rel="nofollow">Spring Security FAQ</a> and I see that there is no "natural" way of doing what I want, but I have been asked to do so, hence I need a workaround which I cannot find by myself.</p> <p>I am using Spring Security 3.1.0. My web container is Tomcat 6.0.33.</p> <p>This is my Spring Security configuration:</p> <pre class="lang-xml prettyprint-override"><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;beans xmlns:sec="http://www.springframework.org/schema/security" xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"&gt; &lt;sec:http auto-config="true" use-expressions="true"&gt; &lt;sec:intercept-url pattern="/log*.htm" access="anonymous" requires-channel="https" /&gt; &lt;sec:intercept-url pattern="/admin/**" access="hasRole('admin')" requires-channel="http" /&gt; &lt;sec:intercept-url pattern="/**" requires-channel="http" access="hasRole('authenticated')" /&gt; &lt;sec:form-login login-page="/login.htm" default-target-url="/index.htm" authentication-failure-url="/login.htm?error=true" always-use-default-target="true" /&gt; &lt;sec:logout logout-url="/logout.htm" delete-cookies="JSESSIONID" invalidate-session="true" /&gt; &lt;sec:anonymous/&gt; &lt;sec:remember-me use-secure-cookie="true" /&gt; &lt;/sec:http&gt; &lt;sec:authentication-manager&gt; &lt;sec:authentication-provider&gt; &lt;sec:user-service&gt; &lt;sec:user name="johnny" password="johnny" authorities="authenticated, admin" /&gt; &lt;sec:user name="charlie" password="charlie" authorities="authenticated" /&gt; &lt;/sec:user-service&gt; &lt;/sec:authentication-provider&gt; &lt;/sec:authentication-manager&gt; &lt;/beans&gt; </code></pre> <p>Any help will be appreciated. Thanks in advance!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload