i have created helloworld spring mvc application using eclipse (spring tool suite). has 1 controller , 1 jsp. application displays "hello world!" on web page. not post code (unless asked) trivial , unimportant. using pivotal tc server developer edition v3.1 (comes spring tool suite).
so, add spring 4 security, secure root (requireschannel().antmatchers("/").requiressecure();) , deploy.
i type "http://localhost:8081/helloworld/" browser , redirected "http://localhost:8081/helloworld/helloworld/".
i have used defaults in tc-server/tomcat. have changed absolutely nothing.
i'm guessing tomcat doing , have switch off tomcat redirect i'm using spring redirect. ideas?
package com.test.security; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.enablewebsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; @configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter { @override protected void configure(authenticationmanagerbuilder auth) throws exception { system.out.println(system.getproperty("env")); if(system.getproperty("env").equals("dit")) { auth.inmemoryauthentication() .withuser("user").password("user").roles("user").and() .withuser("admin").password("admin").roles("user", "admin"); } else if(system.getproperty("env").equals("sit")) { auth.inmemoryauthentication() .withuser("user").password("user").roles("user").and() .withuser("admin").password("admin").roles("user", "admin"); } else if(system.getproperty("env").equals("uat")) { auth.inmemoryauthentication() .withuser("user").password("user").roles("user").and() .withuser("admin").password("admin").roles("user", "admin"); } else if(system.getproperty("env").equals("prd")) { auth.inmemoryauthentication() .withuser("user").password("user").roles("user").and() .withuser("admin").password("admin").roles("user", "admin"); } } @override protected void configure(httpsecurity http) throws exception { http.authorizerequests() .anyrequest().permitall() .and() .formlogin() .and() .httpbasic() .and() .requireschannel() .antmatchers("/").requiressecure(); }
i have figured out.
the company work has seen fit have process running on 8080 on our computers. meant had use port other 8080. used 8083. expecting requireschannel switch port 8083 port 8443. httpsecurity needs explicitly told mappings insecure port secure. default maps 80 443 , 8080 8443. if want other default have tell httpsecurity. see below example.
@configuration @enablewebsecurity public class portmappersecurityconfig extends websecurityconfigureradapter { @override protected void configure(httpsecurity http) throws exception { http.authorizerequests().antmatchers("/**").hasrole("user").and().formlogin() .permitall().and() .portmapper().http(8083).mapsto(8443).http(80).mapsto(443); } @override protected void configure(authenticationmanagerbuilder auth) throws exception { auth.inmemoryauthentication().withuser("user").password("password").roles("user"); } }
Comments
Post a Comment