roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Johnson (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ROL-2100) Schema Enforcement feature removed
Date Sun, 26 May 2019 13:36:00 GMT

     [ https://issues.apache.org/jira/browse/ROL-2100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Johnson updated ROL-2100:
-------------------------------
    Description: 
Roller included a feature to force HTTPS to be used for login pages and HTTP for all other
pages. This feature is removed in Roller 5.2.3. The best practice is to run everything on
HTTPS and if you want something different, implement somewhere else, e.g. load balancer. 


Original text:

The two Roller configuration properties mentioned in the summary no longer work in Roller.
Apparently they were broken when we upgraded to some newer version of Spring Security.  

The relevant code is in RollerContext. initializeSecurityFeatures().

As a work-around, one may be able to configure secure login behavior by modifying the Spring
Security configuration file (security.xml) directly.

  was:
The two Roller configuration properties mentioned in the summary no longer work in Roller.
Apparently they were broken when we upgraded to some newer version of Spring Security.  

The relevant code is in RollerContext. initializeSecurityFeatures().

As a work-around, one may be able to configure secure login behavior by modifying the Spring
Security configuration file (security.xml) directly.


> Schema Enforcement feature removed
> ----------------------------------
>
>                 Key: ROL-2100
>                 URL: https://issues.apache.org/jira/browse/ROL-2100
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Authentication, Roles and Access Controls
>    Affects Versions: 5.1.2
>            Reporter: David Johnson
>            Assignee: David Johnson
>            Priority: Minor
>             Fix For: 5.2.3
>
>
> Roller included a feature to force HTTPS to be used for login pages and HTTP for all
other pages. This feature is removed in Roller 5.2.3. The best practice is to run everything
on HTTPS and if you want something different, implement somewhere else, e.g. load balancer.

> Original text:
> The two Roller configuration properties mentioned in the summary no longer work in Roller.
Apparently they were broken when we upgraded to some newer version of Spring Security.  
> The relevant code is in RollerContext. initializeSecurityFeatures().
> As a work-around, one may be able to configure secure login behavior by modifying the
Spring Security configuration file (security.xml) directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message