针对Web应用中数据的敏感程度,可采用http或https进行访问。而在Spring Boot中也可以通过重新定义TomcatServletWebServerFactory的具体实现来达到不同层级数据的安全访问形式。比如,静态资源采用http访问,非静态资源采用https进行访问。
具体到代码使用,以Spring Boot为例,可实现http调整到https的配置代码如下:
@Configuration
public class HttpsConfig {
@Bean
public ConfigurableServletWebServerFactory webServerFactory() {
// 手动实例化TomcatServletWebServerFactory对象并重写其postProcessContext方法
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
// 配置静态资源访问
SecurityConstraint constraint1 = new SecurityConstraint();
constraint1.setUserConstraint("NONE");
SecurityCollection collection1 = new SecurityCollection();
collection1.addPattern("/static/");
constraint1.addCollection(collection1);
context.addConstraint(constraint1);
SecurityConstraint constraint2 = new SecurityConstraint();
constraint2.setUserConstraint("CONFIDENTIAL");
SecurityCollection coll