目前我正在使用tomcat 6和spring-security 3.0.3.RELEASE而没有apache。

我可以为登录页面强制使用https，并且效果很好。

下一个配置用于防止通过http访问某些页面。

<http use-expressions="true">
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/login" access="permitAll" requires-channel="https" />
    <intercept-url pattern="/spring_security_login" access="permitAll" requires-channel="https" />
    <intercept-url pattern="/users/new" access="permitAll" requires-channel="https" />
    <intercept-url pattern="/users/authorize/*" access="isAuthenticated()" />


    <!--<form-login /> -->
    <form-login  login-page="/login" />
    <logout />
    <remember-me />

    <!--
        Uncomment to enable X509 client authentication support <x509 />
    -->
    <!-- Uncomment to limit the number of sessions a user can have -->
    <session-management>
        <concurrency-control max-sessions="10000"
            error-if-maximum-exceeded="true" />
    </session-management>

</http>

但是，如果我尝试通过非https链接访问例如 / buyers / new ，
则会http://localhost:8085/path/buyers/new出现下一个错误：

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

允许使用cookie，所以我认为这不是问题。尝试访问上述链接时，Chrome浏览器出现类似错误。

在我的配置端口8085是非SSL端口。SSL已在端口8443上配置，并且工作正常。

我希望所有对某些页面的访问尝试都重定向到https。

任何建议将不胜感激。

最好的问候，Tiho