You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/ROOT/pages/migration/web.adoc
+95Lines changed: 95 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -90,3 +90,98 @@ For example, expressions that match the JSP Servlet might use an ant pattern `/*
90
90
There is not yet a general-purpose replacement for these, and so you are encouraged to use `RegexRequestMatcher`, like so: `regexMatcher("\\.jsp$")`.
91
91
92
92
For many applications this will make no difference since most commonly all URIs listed are matched by the default servlet.
93
+
94
+
[[use-redirect-to-https]]
95
+
== Use RedirectToHttps Instead of Channel Security
96
+
97
+
Years ago, HTTPS at large was enough of a performance and configuration concern that applications wanted to be able to decide which segments of an application would require HTTPS.
98
+
99
+
`requires-channel` in XML and `requiresChannel` in Java Config allowed configurating an application with that in mind:
Modern applications should either always require HTTPS.
138
+
However, there are times, like when developing locally, when one would like the application to use HTTP.
139
+
Or, you may have continuing circumstances that require part of your application to be HTTP.
140
+
141
+
In any case, you can migrate to `redirect-to-https-request-matcher-ref` and `redirectToHttps` by first constructing a `RequestMatcher` that contains all circumstances where redirecting to HTTPS is needed.
142
+
Then you can reference that request matcher like so:
0 commit comments