我发现这一点:如何只在春季
<security:http auto-config="true">
<security:form-login .../>
<security:logout .../>
<security:intercept-url pattern="/reports" access="ROLE_ADMIN" requires-channel="https"/>
<security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
<security:intercept-url pattern="/**" access="ROLE_USER" requires-channel="https"/>
</security:http>
从我的理解,我们必须把这个在web.xml,但我们没有使用web.xml中,我们使用的是Java配置。我怎样才能做到这一点?有什么我可以添加在application.properties?
这应该指向正确的方向:http://stackoverflow.com/questions/26800200/spring-security-javaconfig-configure-required-channels-secure-insecure-any – bphilipnyc