Oct 14th, 2009, 11:29 AM
welcome-file-list pointing to https
In the Spring Security Reference Documentation 2.0.x, in chapter 7 under Channel Security, in the last paragraph of the Overview there is a statement that I don't understand.
It says to have the welcome-file-list point to HTTPS instead of HTTP. How is this done? I only know how to point to a file like index.html.
Oct 19th, 2009, 03:11 AM
It says that URL location written in welcome-file-list element should only be accessible with HTTPS connection. If your index.html is accessible with HTTP request, then your jsessionid will be sent within insecure channel even though your other pages are only accessible with HTTPS.
Originally Posted by javajoshw
Oct 19th, 2009, 06:04 AM
I have a login.jsp that is in the welcome-file-list, how do I force it to be https as the instructions state?
Oct 20th, 2009, 01:19 AM
You need to add intercept-url definition to your http configuration in your beans configuration file like this;
<intercept-url pattern="/login.jsp" access="ROLE_ANONYMOUS" requires-channel="https"/>
For the above case, you also need to enable anonymous authentication.
Tags for this Thread