roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (ROL-1777) https SchemeEnforcementFilter and spring security
Date Mon, 02 Jun 2014 01:37:01 GMT

     [ https://issues.apache.org/jira/browse/ROL-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Glen Mazza closed ROL-1777.
---------------------------

    Resolution: Cannot Reproduce

Issue from 2009.  Our SSL implementation on Roller trunk (which my blog uses) seems to work
fine, the issue you describe is not occurring for me.

> https SchemeEnforcementFilter and spring security
> -------------------------------------------------
>
>                 Key: ROL-1777
>                 URL: https://issues.apache.org/jira/browse/ROL-1777
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Installation & Configuration
>    Affects Versions: 5.0
>         Environment: fedora
>            Reporter: Greg Huber
>            Assignee: Roller Unassigned
>            Priority: Minor
>
> I have noticed that when configured with https (SchemeEnforcementFilter) the login page
does not seem to work correctly.  It always wants to back to the login page when https is
enabled.  It seems to set alwas the security to Granted Authorities: ROLE_ANONYMOUS rather
than the correct value.
> I found this entry which seems to address this issue:
> http://jira.springframework.org/browse/SEC-767
> ie in the security.xml this line:
> <http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager">
> needs to be:
> <http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager"
session-fixation-protection="none">
> Cheers Greg



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message