welcome-file-list pointing to https

**javajoshw** · Oct 14th, 2009, 11:29 AM

In the Spring Security Reference Documentation 2.0.x, in chapter 7 under Channel Security, in the last paragraph of the Overview there is a statement that I don't understand.

It says to have the welcome-file-list point to HTTPS instead of HTTP. How is this done? I only know how to point to a file like index.html.

Thanks,
Joshua

**ksevindik** · Oct 19th, 2009, 03:11 AM

Originally Posted by javajoshw

In the Spring Security Reference Documentation 2.0.x, in chapter 7 under Channel Security, in the last paragraph of the Overview there is a statement that I don't understand.

It says to have the welcome-file-list point to HTTPS instead of HTTP. How is this done? I only know how to point to a file like index.html.

Thanks,
Joshua

It says that URL location written in welcome-file-list element should only be accessible with HTTPS connection. If your index.html is accessible with HTTP request, then your jsessionid will be sent within insecure channel even though your other pages are only accessible with HTTPS.

**javajoshw** · Oct 19th, 2009, 06:04 AM

I have a login.jsp that is in the welcome-file-list, how do I force it to be https as the instructions state?

**ksevindik** · Oct 20th, 2009, 01:19 AM

You need to add intercept-url definition to your http configuration in your beans configuration file like this;
<http>
<intercept-url pattern="/login.jsp" access="ROLE_ANONYMOUS" requires-channel="https"/>
</http>

For the above case, you also need to enable anonymous authentication.

Thread: welcome-file-list pointing to https

Thread Tools

Display

welcome-file-list pointing to https

Tags for this Thread

Posting Permissions