Commit 8c5b2084 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Imposed the use of HTTPS protocol (SSL/TLS)

Added the attribute "requires-channel="https"" to obligate the use of
HTTPS protocol (SSL/TLS) by browsers.
This change requires that the server is configured to use this protocol.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent f1183151
......@@ -24,11 +24,11 @@
<logout logout-url="/resources/j_spring_security_logout"/>
<!-- Login page and Public Resources -->
<intercept-url pattern="^/resources/.*$" access="permitAll" />
<intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" />
<intercept-url pattern="^/resources/.*$" access="permitAll" requires-channel="https"/>
<intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" requires-channel="https"/>
<!-- Homepage -->
<intercept-url pattern="^/$" access="isAuthenticated()"/>
<intercept-url pattern="^/$" access="isAuthenticated()" requires-channel="https"/>
<!-- PROFESSOR - * -->
<intercept-url pattern="^/professors/statement(advisees(concluded)?|committees|courses)$"
......@@ -121,11 +121,11 @@
access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- All the rest is considered as Admins permission only. -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
</http>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment