1. It is safer to turn a request that contains sensitive information into an HTTPS request, but how do I turn all requests to HTTPS only if there is a request for security? can be used Requireschannel ()
1 @Override2 protected voidConfigure (Httpsecurity http)throwsException {3 http4 . Authorizerequests ()5. Antmatchers ("/spitter/me"). Hasrole ("Spitter").)6. Antmatchers (Httpmethod.post, "/spittles"). Hasrole ("Spitter")7 . Anyrequest (). Permitall ();8 . and ()9 . Requireschannel ()Ten. Antmatchers ("/spitter/form"). Requiressecure (); One}
Any time a request comes in For/spitter/form, Spring Security would see that it requiresa secure channel (per the call to Requiressecure ()) and automatically redirect therequest to go over HTTPS.
Conversely, some pages don ' t need to being sent over HTTPS. The home page, forexample, doesn ' t carry any sensitive information and should is sent over HTTP. Youcan declare that the home page is always being sent over HTTP by using requires-Insecure () instead of requiressecure:. Antmatchers ("/"). Requiresinecure ();If a request for/comes in over HTTPS, Spring Security would redirect the request toflow over the insecure HTTP.
SPRING in ACTION 4th Note-Chapter Nineth Securing Web Applications-011-to convert sensitive information requests to HTTPS (Requireschannel ())