You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Glen Mazza (JIRA)" <ji...@apache.org> on 2014/06/02 03:37:01 UTC
[jira] [Closed] (ROL-1777) https SchemeEnforcementFilter and spring
security
[ https://issues.apache.org/jira/browse/ROL-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Glen Mazza closed ROL-1777.
---------------------------
Resolution: Cannot Reproduce
Issue from 2009. Our SSL implementation on Roller trunk (which my blog uses) seems to work fine, the issue you describe is not occurring for me.
> https SchemeEnforcementFilter and spring security
> -------------------------------------------------
>
> Key: ROL-1777
> URL: https://issues.apache.org/jira/browse/ROL-1777
> Project: Apache Roller
> Issue Type: Bug
> Components: Installation & Configuration
> Affects Versions: 5.0
> Environment: fedora
> Reporter: Greg Huber
> Assignee: Roller Unassigned
> Priority: Minor
>
> I have noticed that when configured with https (SchemeEnforcementFilter) the login page does not seem to work correctly. It always wants to back to the login page when https is enabled. It seems to set alwas the security to Granted Authorities: ROLE_ANONYMOUS rather than the correct value.
> I found this entry which seems to address this issue:
> http://jira.springframework.org/browse/SEC-767
> ie in the security.xml this line:
> <http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager">
> needs to be:
> <http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager" session-fixation-protection="none">
> Cheers Greg
--
This message was sent by Atlassian JIRA
(v6.2#6252)