I have Spring MVC 3 Application tat has a login form. The form posts to j_spring_security_check over HTTP. I need the form to post over HTTPS. I have made the following changes to my security.xml
<security:intercept-url pattern="/j_spring_security_check" requires-channel="https"/>
<security:intercept-url pattern="/reuiweb/certifyProvider" access="ROLE_USER,ROLE_ADMIN" requires-channel="any"/>
<security:intercept-url pattern="/**" access="ROLE_ANONYMOUS, ROLE_USER, ROLE_ADMIN" requires-channel="any"/>
<security:port-mappings>
<security:port-mapping http="80" https="443"/>
<security:port-mapping http="8080" https="8443"/>
<security:port-mapping http="9080" https="9443"/>
</security:port-mappings>
And also the following changes to my login form
<form action="${loginUrl}" method="post" onsubmit="forcehttponsubmit(this)">
The java script function does this
<script language="javascript">
function forceHttpsOnSubmit(objForm) {
objForm.action = objForm.action.replace("http:", "https:").replace("8080","8443");
}
</script>
After doing this, getting the error in the server side that this website may not be safe and it is not going past j_spring_security_check.
Any pointers on posting j_spring_security_check to https than http?
Aucun commentaire:
Enregistrer un commentaire