问题
I know, the answer is the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and it works pretty good, but only if it is the only one security-constraint in the web.xml.
As soon as I add a second security-constraint, something like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin section</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
redirection stops working for URLs that point to the admin section (in this case the application shows a login form).
Is there a way to enable redirection globally via web.xml or wildfly configuration?
PS: tested with wildfly 8.2
回答1:
Did you try to add "user-data-constraint" to the second "security-constraint"?
来源:https://stackoverflow.com/questions/27302201/redirect-every-http-request-to-https