You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Greg Huber (JIRA)" <ji...@apache.org> on 2009/01/15 15:31:13 UTC
[jira] Created: (ROL-1777) https SchemeEnforcementFilter and spring
security
https SchemeEnforcementFilter and spring security
-------------------------------------------------
Key: ROL-1777
URL: https://issues.apache.org/roller/browse/ROL-1777
Project: Roller
Issue Type: Bug
Components: Configuration & Settings
Affects Versions: 4.1
Environment: fedora
Reporter: Greg Huber
Assignee: Roller Unassigned
Priority: Minor
I have noticed that when configured with https (SchemeEnforcementFilter) the login page does not seem to work correctly. It always wants to back to the login page when https is enabled. It seems to set alwas the security to Granted Authorities: ROLE_ANONYMOUS rather than the correct value.
I found this entry which seems to address this issue:
http://jira.springframework.org/browse/SEC-767
ie in the security.xml this line:
<http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager">
needs to be:
<http auto-config="false" lowercase-comparisons="true" access-decision-manager-ref="accessDecisionManager" session-fixation-protection="none">
Cheers Greg
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.