Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 23:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-347: Describe requirements for login page when using secure channels.

Browse Source
This commit is contained in:
Ben Alex 2006-09-23 06:20:29 +00:00
parent 2fdf96e7cf
commit ef6d6cd03e
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/docbook/acegi.xml
View File

@ -1307,6 +1307,15 @@ if (obj instanceof UserDetails) {
wired up by default to many Acegi Security beans. Please refer to the wired up by default to many Acegi Security beans. Please refer to the
JavaDocs for <literal>PortResolverImpl</literal> for further JavaDocs for <literal>PortResolverImpl</literal> for further
details.</para> details.</para>
<para>You should note that using a secure channel is recommended if
usernames and passwords are to be kept secure during the login
process. If you do decide to use
<literal>ChannelProcessingFilter</literal> with form-based login,
please ensure that your login page is set to
<literal>REQUIRES_SECURE_CHANNEL</literal>, and that the
<literal>AuthenticationProcessingFilterEntryPoint.forceHttps</literal>
property is <literal>true</literal>.</para>
</sect1> </sect1>
<sect1 id="channel-security-conclusion"> <sect1 id="channel-security-conclusion">