roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Huber (JIRA)" <j...@apache.org>
Subject [jira] Created: (ROL-1777) https SchemeEnforcementFilter and spring security
Date Thu, 15 Jan 2009 14:31:13 GMT
https SchemeEnforcementFilter and spring security
-------------------------------------------------

                 Key: ROL-1777
                 URL: https://issues.apache.org/roller/browse/ROL-1777
             Project: Roller
          Issue Type: Bug
          Components: Configuration & Settings
    Affects Versions: 4.1
         Environment: fedora
            Reporter: Greg Huber
            Assignee: Roller Unassigned
            Priority: Minor


I have noticed that when configured with https (SchemeEnforcementFilter) the login page does
not seem to work correctly.  It always wants to back to the login page when https is enabled.
 It seems to set alwas the security to Granted Authorities: ROLE_ANONYMOUS rather than the
correct value.

I found this entry which seems to address this issue:

http://jira.springframework.org/browse/SEC-767

ie in the security.xml this line:
<http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager">

needs to be:
<http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager"
session-fixation-protection="none">

Cheers Greg

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message