Commit 8c5b2084 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette
Browse files

Imposed the use of HTTPS protocol (SSL/TLS)



Added the attribute "requires-channel="https"" to obligate the use of
HTTPS protocol (SSL/TLS) by browsers.
This change requires that the server is configured to use this protocol.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent f1183151
...@@ -24,11 +24,11 @@ ...@@ -24,11 +24,11 @@
<logout logout-url="/resources/j_spring_security_logout"/> <logout logout-url="/resources/j_spring_security_logout"/>
<!-- Login page and Public Resources --> <!-- Login page and Public Resources -->
<intercept-url pattern="^/resources/.*$" access="permitAll" /> <intercept-url pattern="^/resources/.*$" access="permitAll" requires-channel="https"/>
<intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" /> <intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" requires-channel="https"/>
<!-- Homepage --> <!-- Homepage -->
<intercept-url pattern="^/$" access="isAuthenticated()"/> <intercept-url pattern="^/$" access="isAuthenticated()" requires-channel="https"/>
<!-- PROFESSOR - * --> <!-- PROFESSOR - * -->
<intercept-url pattern="^/professors/statement(advisees(concluded)?|committees|courses)$" <intercept-url pattern="^/professors/statement(advisees(concluded)?|committees|courses)$"
...@@ -121,11 +121,11 @@ ...@@ -121,11 +121,11 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" /> access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- All the rest is considered as Admins permission only. --> <!-- All the rest is considered as Admins permission only. -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" /> <intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/> <intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/> <intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/> <intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/> <intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
</http> </http>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment