Page 1 of 1


Posted: Mon Jul 15, 2013 2:35 pm
by pauldev
In your security demos, they all use HTTP, not HTTPS...
I am working on getting lds account authenticaion working in https. It seems like an easy thing to do. Just add requires-channel="https"...

I have this tag <sec:intercept-url requires-channel="https" pattern="/spring_security_login" access="permitAll" />

The problem I see is an error returned:
Your login attempt was not successful, try again.
Reason: Authentication method not supported: GET

I can clearly see that the default login html is POST.
Any ideas?


Posted: Wed Sep 18, 2013 8:33 pm
by knowltont
Sorry to have taken so long to reply on this thread.

Just to verify, are you saying that the login form itself is using POST, and that this is the error message response when you click the submit button? Can you verify that the behavior is not the same when the only change is leaving off the requires-channel attribute?

Can you point me to the source control repo where to find your project that is exhibiting this behavior?



Posted: Fri Nov 11, 2016 3:48 am
by jameswarner1
Such a nice debate but HTTPS means more secure web page open in browser compare of simply HTTP.