Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add servlet HTTP exploit samples

Browse Source 
Issue gh-8172
This commit is contained in:
Eleftheria Stein 2020-09-18 14:44:33 +02:00
parent f26387a4b7
commit 019c27b0a0
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/manual/src/docs/asciidoc/_includes/servlet/exploits/http.adoc
View File

@ -12,9 +12,10 @@ If a client makes a request using HTTP rather than HTTPS, Spring Security can be
For example, the following Java configuration will redirect any HTTP requests to HTTPS: For example, the following Java configuration will redirect any HTTP requests to HTTPS:
.Redirect to HTTPS with Java Configuration .Redirect to HTTPS
==== ====
[source,java] .Java
[source,java,role="primary"]
---- ----
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -31,6 +32,24 @@ public class WebSecurityConfig extends
} }
} }
---- ----
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class SecurityConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http {
// ...
requiresChannel {
secure(AnyRequestMatcher.INSTANCE, "REQUIRES_SECURE_CHANNEL")
}
}
}
}
----
==== ====
The following XML configuration will redirect all HTTP requests to HTTPS The following XML configuration will redirect all HTTP requests to HTTPS