Spring MVC - How to support both http and https at the same time in Spring MVC web project

Question

How can I support both HTTP and https at the same time in Spring MVC web project deployed on tomcat7 (and 8). I have configured every thing at Tomcat level.

HTTPS work if I use the following code by extending WebSecurityConfigurerAdapter

.and().requiresChannel().anyRequest().requiresSecure()

but then it does not allow HTTP, I need to support both HTTP AND HTTPS at the same time for same endpoint example:

http://example.com/hello-world
https://example.com/hello-world

Look [here](https://serverfault.com/questions/732757/configure-ssl-in-apache-with-tomcat-7-and-spring-mvc-webapp) — Zico, Jul 19 '17 at 09:26
I agree with @Zico: the correct way it to have HTTPS processing done at a reverse proxy level. That way everything is by default accepted with both HTTP and HTTPS. And if you want to require HTTPS for only some more sensitive URL, you could have a look at this [post](https://stackoverflow.com/a/30129124/3545273) from mine. — Serge Ballesta, Jul 19 '17 at 09:35

Anil Bhaskar · Answer 1 · 2017-07-19T09:40:03.847

1

Changing your https configuration from .anyRequest() to a specific secure url eg. http.requiresChannel().antMatchers("/secure*").requiresSecure(); and making the rest Insecure as follows http.requiresChannel().anyRequest().requiresInsecure(); will solve the issue.

This instructs Spring to use HTTP for all requests that are not explicitly configured to use HTTPS.

edited Jul 19 '17 at 09:40

answered Jul 19 '17 at 09:29

Anil Bhaskar

3,718
4
33
51

Actually, I want to support the same endpoint from both http and https – PHP Avenger Jul 19 '17 at 10:09
I don't think that is logically possible, If you make an endpoint `requireSecure()` it can not be accessed insecurely (ie. via http). – Anil Bhaskar Jul 19 '17 at 10:46

Spring MVC - How to support both http and https at the same time in Spring MVC web project

1 Answers1