Home/ Questions/Q 6835945
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T23:17:40+00:00

We are trying to implement HTTPS for some pages in our application.So,we changed tomcat

  • 0

We are trying to implement HTTPS for some pages in our application.So,we changed tomcat server.xml to make HTTPS calls as follows:

<Connector
           port="8080"
           protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           acceptCount="100"
           maxKeepAliveRequests="15"
           SSLEnabled="true"
           scheme="https"
           secure="true"
     clientAuth="false" sslProtocol="TLS"
     keystoreFile="/webapps/test.bin"
           keystorePass="test"/>

In application web.xml :

<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

So,HTTPS is applying for all pages.How to restrict HTTPS for desired pages.

Help would be appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Spring Security Interceptor have a parameter requires-channel. Set this parameter to https to enforce it for the url patterns that match the interceptor.

    <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd
            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

   <security:http>
       <security:intercept-url pattern="/login" access="permitAll"
           requires-channel="https"/>
   </security:http> 

</bean>
    • 0